Product Security Engineer

It's fun to work in a company where people truly BELIEVE in what they're doing!

‎

‎

Job Description

Job Scope

• Carry out manual and automated review of source code to identify security vulnerabilities and risks

• Implement automated security testing tools (SAST, DAST, IAST) and their deployment within continuous integration systems

• Implement hardening and secure framework such as RASP, WAF, safe library, and security decorator functions

• Perform vulnerability assessment & penetration testing on web API, front-end service, internal RPC, and mobile application

• Attend design reviews and actively lead the discussions from a security standpoint

• Analyze possible security incident related to application security such as payment abuse or sensitive data exposure via web API

• Ensure that product security requirements are identified early on and are being baked into all projects

• Provide effective recommendations or patches to mitigate security vulnerabilities

• Develop in-house tools to integrate with SDLC and to track and derive security metrics

‎

Requirements

• Bachelors Degree in Computer Science or equivalent

• Relevant professional experience or extensive experience in security activities (e.g. CTF, bug bounty, security research, publications, blog)

• Practical knowledge of modern software development such as microservices, application containerization, REST architecture, object oriented programming, stateless/stateful authentication, and cloud platform

• Working knowledge of one or more of these programming languages: Java, JavaScript, Kotlin, C#, Objective-C, Swift

• Experience in security code review, vulnerability assessment, and penetration testing.

• Knowledge of common vulnerabilities such as OWASP Top 10 and CWE including business logic issue (e.g. IDOR)

• Core skill set in two or more of the following areas:

  • JavaScript framework (e.g. React)

  • Java framework (e.g. Spring)

  • Android / iOS platform

  • DevOps

  • AWS

  • Automation tool development

  • Dynamic debugging

  • Unit testing

  • Algorithm & data structure

‎

If you like wild growth and working with happy, enthusiastic over-achievers, you'll enjoy your career with us!