Job Requirements
This job post is managed by
People Team Glints Lever Sync
Job description for Security Engineer (Remote Possible) at Glints
At Glints, we are building the #1 tech-enabled recruitment and career discovery platform in Southeast Asia that helps people and organisations realise their human potential by joining great organisations, learning the right skills and building great teams.
About This Role
We’re looking for a Security Engineer to join our Security team, to help secure our organization through assessing, engineering, and deploying security solutions.
What You Will Be Doing
- Conduct penetration testing to identify security vulnerabilities in staging and production environments
- Perform technical security review for products and new feature requirements
- Liaise with various product teams to arrange security assessments
- Develop security requirements, controls, and procedures for different application development projects
- Conduct code reviews and application security tests manually or automatically
- Providing technical security advice, education, and awareness to development teams
- Collaborate with internal teams, such as development, operations, and product, to achieve security goals and OKRs
- Monitor emerging cyber threats, vulnerabilities, and exploits that may impact our products and infrastructure
Who We Are Looking For
- Degree in Computer Science or IT or equivalent
- At least three (3) years of experience in Security testing of Web and Mobile applications
- Strong understanding and practical experience attacking web application vulnerabilities such as OWASP top 10.
- Expertise in Secure SDL practices including whitebox and blackbox assessments, code reviews, design reviews, threat modeling, etc.
- Experience in container security attack and defense, understand the potential security risks of containers and be able to implement effective repair and mitigation programs
- Software development skills for automation in one or more languages (Rust, Python, C/C++, Java, Node.js, etc.) is a must
- Exposure to DevSecOps, Kubernetes, VCS, IaC etc.
- Experience and working knowledge of SAST, DAST and SCA tools
- Strong interpersonal and communication skills
- Certifications in Application Security and Penetration Testing such as OSCP, OSCE, OSWE and CEH or cybersecurity certifications including CISSP, CISM, CompTIA Security+ and GSEC are encouraged.
Nice-To-Haves
- Data Processing: Collect and analyze data from various streams such as logs/Kibana/Grafana and track the anomalies if a certain kind of attack is occurring/occurred in order to be aware of latest threats
- DevSecOps (Shift-Left): Empower all engineers to take responsibility for security, performing security testing earlier in the development lifecycle
- Compliance: Ensure our security measures are compliant with prevailing standards (SOC 2 / ISO 27001)
- Network & Operating System Security: Glints' services mainly operate on the network. Will require understanding of security and encryption protocols like TLS.
Lever internal reference: 19b31c63-88ee-4a6a-84f0-e5a0624bbae0