Carousell is a consumer-to-consumer mobile marketplace.
Carousell Group is one of the world’s largest and fastest growing classifieds marketplace platforms across Southeast Asia, Taiwan and Hong Kong. Started in August 2012, Carousell Group began in Singapore and now has a leading presence in eight markets under the brands Carousell, Mudah.my, Cho Tot and OneKyat, serving tens of millions of monthly active users. Carousell Group is backed by leading investors including Telenor Group, Rakuten Ventures, Naver and Sequoia Capital India.
Carousell Group’s security team is seeking a security talent who has a solid technical background in network and application security. You should not be afraid to get your hands “dirty” for digging/exploring deeply into all technical layers and is a supportive and resourceful team player who appreciates the family value in our organization.
You will be
- Our team is responsible for managing all security aspects of the Carousell group, from managing network/security components such as cloud/on-prem firewalls, load balancer, VPN servers, SIEM dashboard, code -quality control tools. Coordinate
- Be the subject matter expert on all things about Google Cloud Platform security - when someone wonders “how do I secure this?", the first person they think to ask is you
- Design and setup secure networks on the hybrid environment (both GCP and on-prem) based on the industry-standard or best practices aligned with the organization’s resources and security requirements
- Evaluate, implement, maintain, and monitor various network security components such as IDS/IPS, firewalls, VPN appliances...
- Periodically reviewing existing security policies, network topologies, and configurations to identify any opportunities to improve the network's overall security posture
- Participating in routine security audits and remediation of any vulnerabilities/exploits while minimally impacting production network traffic
- Respond and investigate security incidents
- Deal with common Top10 OWASP vulnerabilities
- Seeking out opportunities to automate processes when appropriate
- Performing technical security assessments on our web applications, native clients, internal services
- Contributing security-focused feedback to engineers during all phases of the development lifecycle
- Perform security assessments, working closely with development teams on identifying security issues in their code and finding solutions to provide required functionality securely
- 3+ years of demonstrated experience in CyberSecurity, preferred to be in Software/E-commerce companies
- 1+ years of experience with Google Cloud Platform ecosystem and tooling
- Experience in Python scripting to implement network changes
- Hands-on experience in troubleshooting network connectivity issues
- Very good command of English (global/multinational team)
Bonus (A plus)
- Production experience in security testing of web applications and native apps
- Strong understanding of web application architecture and design principles
- Some background in software engineering in a collaborative and dynamic environment
- GCP Professional Cloud Security Engineer or Professional Cloud Network Engineer certifications
Note: Only shortlisted will be notified.
Agencies: Please do not call or email any employee of Carousell Group outside of the Talent Acquisition team. Agencies must have a valid fee agreement in place and they must have been assigned the specific requisition to which they submit resumes, to the Talent Acquisition team. Any resume submitted outside of this process will be deemed the sole property/ownership of Carousell Group and, in the event a candidate is submitted outside of this policy is hired, no fee or payment of any kind will be paid.