Product Security Engineer

4 hours ago

bangalore, India Traveloka Full time

Job Description


Product Security Engineer at Traveloka will be required to ensure that our products and services are shipped with high security standards through application security testing, hardening, and secure framework. A Product Security Engineer will be smart and self starter. The person needs to find unique ways to understand complex software architecture and should be able to perform manual security code review. They need to be able to integrate security in the software development process with defense-in-depth strategies such as automated testing in CI/CD pipeline. A Product Security Engineer preferably needs to have a software development background and should have practical programming knowledge.

They will work very closely with our Software Engineering Team to implement Secure SDLC in Traveloka. They will also need to have proficiency in handling multiple projects based on different frameworks and groups.

Responsibilities

  • Carry out manual and automated review of source code to identify security vulnerabilities and risks
  • Implement automated security testing tools (SAST, DAST, IAST) and their deployment within continuous integration systems
  • Implement hardening and secure framework such as RASP, WAF, safe library, and security decorator functions
  • Perform vulnerability assessment & penetration testing on web API, front-end service, internal RPC, and mobile application
  • Attend design reviews and actively lead the discussions from a security standpoint
  • Analyze possible security incident related to application security such as payment abuse or sensitive data exposure via web API
  • Ensure that product security requirements are identified early on and are being baked into all projects
  • Provide effective recommendations or patches to mitigate security vulnerabilities
  • Develop in-house tools to integrate with SDLC and to track and derive security metrics



Skills & Experience

  • Academic background in Computer Science or equivalent
  • Relevant professional experience or extensive experience in security activities (e.g. CTF, bug bounty, security research, publications, blog)
  • Practical knowledge of modern software development such as microservices, application containerization, REST architecture, object oriented programming, stateless/stateful authentication, and cloud platform
  • Working knowledge of one or more of these programming languages: Java, JavaScript, Kotlin, C#, Objective-C, Swift
  • Experience in security code review, vulnerability assessment, and penetration testing.
  • Knowledge of common vulnerabilities such as OWASP Top 10 and CWE including business logic issue (e.g. IDOR)
  • Core skill set in two or more of the following areas:
  • JavaScript framework (e.g. React)
  • Java framework (e.g. Spring)
  • Android / iOS platform
  • DevOps
  • AWS
  • Automation tool development
  • Dynamic debugging
  • Unit testing
  • Algorithm & data structure

If you like wild growth and working with happy, enthusiastic over-achievers, you'll enjoy your career with us

  • Senior Product Security Engineer

    23 hours ago

    Bangalore, India Pocket FM Full time

    About Pocket FM Pocket FM is the world’s largest audio entertainment platform, revolutionizing the way stories are told and consumed. We bring together storytelling, technology, and creativity to deliver an immersive and engaging experience through audio series, audiobooks, and podcasts. With over 150 million+ users , and billions of minutes streamed...

  • Senior Product Security Engineer

    10 minutes ago

    bangalore, India Pocket FM Full time

    About Pocket FMPocket FM is the world’s largest audio entertainment platform, revolutionizing the way stories are told and consumed. We bring together storytelling, technology, and creativity to deliver an immersive and engaging experience through audio series, audiobooks, and podcasts. With over 150 million+ users, and billions of minutes streamed...

  • Senior Product Security Engineer

    3 hours ago

    bangalore, India slice Full time

    About Usslice the way you bankslice’s purpose is to make the world better at using money and time, with a major focus on building the best consumer experience for your money. We’ve all felt how slow, confusing, and complicated banking can be. So, we’re reimagining it. We’re building every product from scratch to be fast, transparent, and feel good,...

  • Product Security Engineer II

    23 hours ago

    Bangalore, India FICO Full time

    FICO (NYSE: FICO) is a leading global analytics software company, helping businesses in 100+ countries make better decisions. Join our world-class team today and fulfill your career potential! The Opportunity "As a Product Security Engineer II in Cyber Security, you will be supporting security governance for a wide set of customer-facing products and...

  • Product Security Engineer II

    4 hours ago

    bangalore, India FICO Full time

    FICO (NYSE: FICO) is a leading global analytics software company, helping businesses in 100+ countries make better decisions. Join our world-class team today and fulfill your career potential!The Opportunity"As a Product Security Engineer II in Cyber Security, you will be supporting security governance for a wide set of customer-facing products and services...

  • Senior Product Security Engineer

    23 hours ago

    Bangalore, India Pocket FM Full time

    About Pocket FM Pocket FM is the world’s largest audio entertainment platform, revolutionizing the way stories are told and consumed. We bring together storytelling, technology, and creativity to deliver an immersive and engaging experience through audio series, audiobooks, and podcasts. With over 150 million+ users , and billions of minutes streamed...

  • Senior Compliance Engineer

    23 hours ago

    Bangalore, India Skyhigh Security Full time

    About Skyhigh Security: Skyhigh Security is a dynamic, fast-paced, cloud company that is a leader in the security industry. Our mission is to protect the world’s data, and because of this, we live and breathe security. Since 2011, organizations have trusted us to provide them with a complete, market-leading security platform built on a modern cloud stack....

  • Senior Compliance Engineer

    23 hours ago

    Bangalore, India Skyhigh Security Full time

    About Skyhigh Security: Skyhigh Security is a dynamic, fast-paced, cloud company that is a leader in the security industry. Our mission is to protect the world’s data, and because of this, we live and breathe security. We value learning at our core, underpinned by openness and transparency. Since 2011, organizations have trusted us to provide them...

  • Cyber Security Engineer

    1 hour ago

    bangalore, India YASH Technologies Full time

    CYBER SECURITY ENGINEER ROLEJob Title:AppSec EngineerThe AppSec Engineer is a specialized cybersecurity role focused on DevOps engineering principles. While the expectation of their sibling role – SAE – is to have practical working security knowledge, this role specializes in it. In a multi-product environment as we have here, there are common security...

  • Senior Compliance Engineer

    2 hours ago

    bangalore, India Skyhigh Security Full time

    About Skyhigh Security:Skyhigh Security is a dynamic, fast-paced, cloud company that is a leader in the security industry. Our mission is to protect the world’s data, and because of this, we live and breathe security. We value learning at our core, underpinned by openness and transparency. Since 2011, organizations have trusted us to provide them with a...