Digibank Malaysia Project - Specialist, Security Verification & Testing

Job Description:

Get to know our Digital Bank Team

Grab is leading a consortium for Digital Bank license and to build a bank with the right foundation - using data, technology and trust to solve problems and serve customers. We have big dreams to unlock and financial inclusion for people in our region is just one. If you have what it takes, help build our new Digibank with us.

Get to know the Role

As a cyber security engineer, you will find issues before an attacher does and recommend how to fix them to avoid future vulnerabilities. You may also perform social-engineering and client-side attacks involving simulating real attacks to assess the risk associated with the potential security breaches.

Roles & Responsibilities:

• Perform secure design review, threat modelling, secure code review, penetration testing and assist developers in triaging scan results.

• Develop comprehensive and accurate reports and presentations for both technical and executive audiences and make recommendations for security improvements.

• Effectively communicate findings and strategy to stakeholders including technical staff and executive leadership.

• Develop and socialise security standards, training courses on secure design best practices, related to cryptography, authentication, access control, etc.

• Lead engagements with Engineering teams from scoping through remediation, and mentoring less experienced staff.

The day-to-day activities:

A typical day would be reviewing the design documents of mobile applications and APIs, to identify potential flaws that might be exploited. If, just by reading the documentation, you can find security flaws and propose improvements while considering the performance and the user experience, think well outside the box, or are astute enough to quickly learn these skills, then you’re the type of Analyst we’re looking for.

The must haves:

• Background in coding, fluent in several modern programming languages

• Excellent understanding of secure design and coding best practices.

• Experience using scanning tools for mobile, API and web application security testing.

• At least 1 year experience with a minimum of 3 of the following:

• Strong experience with AWS, Azure or GCP

• Design of highly-available and highly-secure solutions in financial sector

• Design of container-based infrastructures in the cloud

• Development of mobile applications, RESTful APIs, web applications

• Secure code review of mobile applications, RESTful APIs, web applications

• Penetration testing of mobile applications, RESTful APIs, web applications