Product Security Engineer - GoMerchant

Jakarta /
Engineering – Security /
About the Role

This role is responsible for the entire lifecycle of security projects or features including security design, development, testing, deployment, implementation and operations.

What You Will Do

    • Responsible for the entire lifecycle of security projects or features including security design, development, testing, deployment, implementation and operations
    • Provide technical solution for IT operation and software development team to design a secure application & infrastructure environment, perform penetration testing on application, and maintain the application and infrastructure to fulfill the security best practices
    • Designs, develops and maintains small to medium complexity security features and/or process changes with some guidance from more experienced team members.
    • Handle and report security incidents and/or findings and communicate to respective stakeholders
    • Contribute to automation of security testing based on part of secure SDLC
    • Concise documentation for security use cases and operational improvements
    • Collaborates in security reviews that follow the standards and practices of information security best practices that are recognized by their team member
    • Maintain an up to date information on newest security vulnerability and document plan on mitigation process

What You Will Need

    • Have an in-depth knowledge of several security domains (Vulnerability Management, Penetration Testing, Identity Access Management, DevSecOps, Incident Response, Mobile App Security, Cloud Security, Zero Trust, etc)
    • A strong acumen and knowledge in tech architecture for cloud native and microservices based web and mobile applications.
    • Detailed working knowledge of low-level network protocols (e.g. HTTP, IPv4, TCP, UDP, ICMP, Ethernet, and 802.11),  Penetration Testing, Linux/Unix system, Orchestration (Docker, Kubernetes), and Cloud Provider (GCP, AWS)
    • Have a strong experience in penetration testing, security project management, documentation, disciplined, and great attention to detail.
    • Detailed working knowledge of programming skills for IT security automation, such as python, rails, bash scripting.
    • Preferable to hold IT Security certifications such as OSCP, eWPTx, CISSP, CCSP
    • Demonstrated good communication, speak and write in English with business-level fluency
About the Team

The Product Security team in GoMerchants is responsible for driving security and privacy by design within the product lifecycle and engineering processes besides continuously researching and responding to evolving threats which could impact GoMerchants product’s viability to service its customers and merchants and remain compliant to the local laws and regulations as amicable.

About Us

Gojek is a Super App. It’s one app for ordering food, commuting, digital payments, shopping, hyper-local delivery, and dozen other products. It is Indonesia’s first and only decacorn. It's also the only Southeast Asian startup to be part of Fortune's list of 'Companies That Changed The World.'

Our Mission: To create and scale positive socio-economic impact for our customers, driver-partners, business and MSMEs.

As of 2018, Gojek processed more than $9 billion annualised gross transaction value across all markets where it operates - in Singapore, Thailand, Vietnam and Indonesia. We have the largest food delivery product in Asia, (outside of China), and the largest payments wallet in Southeast Asia.

Our investors include Google, Facebook, PayPal, Sequoia Capital, Tencent Holdings among others.

Gojek is committed to building a diverse and inclusive workplace and is an equal opportunity employer. We do not discriminate on the basis of race, religion, national origin, gender, gender identity, sexual orientation, disability, age, education status, or any other legally protected status.