Full-time

Security Engineer

Security Engineer

Carousell Group is one of the world’s largest and fastest-growing classifieds marketplace platforms across Southeast Asia, Taiwan, and Hong Kong. Started in August 2012, Carousell Group began in Singapore and now has a leading presence in eight markets under the brands Carousell, Mudah, Chot Tot, and OneKyat, serving tens of millions of monthly active users. Carousell Group is backed by Telenor Group, Rakuten Ventures, Naver, and Sequoia Capital.

Description:

Carousell Group’s security team is seeking a security talent who has a solid technical background in application security. You will become the primary security expert for multiple product lines, and act as the point of contact for engineering and security.

Responsibilities:

  • Perform architecture reviews to steer projects in the right direction early, participate in security code reviews, and perform penetration testing against products prior to shipping.
  • Develop secure coding practices and train engineering teams.
  • Develop, document, and maintain security and compliance capabilities in support of DevOps processes.
  • Expertise finding and fixing common security vulnerabilities (e.g., OWASP Top 10)
  • Performing technical security assessments on our web applications, native clients, internal services

Minimum qualifications:

  • 3+ years of demonstrated experience in CyberSecurity, preferred to be in Software/E-commerce companies
  • Hands-on experience in implementing and operating modern SDLC stack tooling (SAST/SCA/DAST/IAST).
  • Programming skills in at least one: Go, Java, Python, NodeJS, etc.

Preferred qualifications (a plus):

  • Production experience in security testing of web applications and native apps
  • Strong understanding of web application architecture and design principles
  • Background in software engineering in a collaborative and dynamic environment

Thank you for taking your time to read our job description and thank you in advance if you decide to apply for this position. Shortlisted candidates will be contacted within 2 weeks since application, otherwise we might meet when another chance arises.