Carousell Group

Carousell Group is one of the world’s largest and fastest growing classifieds marketplace platforms across Southeast Asia, Taiwan and Hong Kong. Started in August 2012, Carousell Group began in Singapore and now has a leading presence in eight markets under the brands Carousell, Mudah.my, Cho Tot and OneKyat, serving tens of millions of monthly active users. Carousell Group is backed by leading investors including Telenor Group, Rakuten Ventures, Naver and Sequoia Capital India.

Carousell Group’s security team is seeking a security talent who has a solid technical background in network and application security. You should not be afraid to get your hands “dirty” for digging/exploring deeply into all technical layers and is a supportive and resourceful team player who appreciates the family value in our organization.

We are looking for Security Engineers to join our Engineering Team in our Chot Tot Brand.

You will

Be managing all security aspects of the Carousell group, from managing network/security components such as cloud/on-prem firewalls, load balancer, VPN servers, SIEM dashboard, code -quality control tools. Coordinate
Be the subject matter expert on all things about Google Cloud Platform security – when someone wonders “how do I secure this?”, the first person they think to ask is you
Design and setup secure networks on the hybrid environment (both GCP and on-prem) based on the industry-standard or best practices aligned with the organization’s resources and security requirements
Evaluate, implement, maintain, and monitor various network security components such as IDS/IPS, firewalls, VPN appliances…
Periodically reviewing existing security policies, network topologies, and configurations to identify any opportunities to improve the network’s overall security posture
Participating in routine security audits and remediation of any vulnerabilities/exploits while minimally impacting production network traffic
Respond and investigate security incidents
Deal with common Top10 OWASP vulnerabilities
Seeking out opportunities to automate processes when appropriate
Performing technical security assessments on our web applications, native clients, internal services
Contributing security-focused feedback to engineers during all phases of the development lifecycle
Perform security assessments, working closely with development teams on identifying security issues in their code and finding solutions to provide required functionality securely

You have:

3+ years of demonstrated experience in CyberSecurity, preferred to be in Software/E-commerce companies
1+ years of experience with Google Cloud Platform ecosystem and tooling
Experience in Python scripting to implement network changes
Hands-on experience in troubleshooting network connectivity issues
Very good command of English (global/multinational team)
Preferred qualifications (a plus):
Production experience in security testing of web applications and native apps
Strong understanding of web application architecture and design principles
Some background in software engineering in a collaborative and dynamic environment
GCP Professional Cloud Security Engineer or Professional Cloud Network Engineer certifications

Note: Only shortlisted will be notified.

Agencies: Please do not call or email any employee of Carousell Group outside of the Talent Acquisition team. Agencies must have a valid fee agreement in place and they must have been assigned the specific requisition to which they submit resumes, to the Talent Acquisition team. Any resume submitted outside of this process will be deemed the sole property/ownership of Carousell Group and, in the event a candidate is submitted outside of this policy is hired, no fee or payment of any kind will be paid.

By clicking on Submit, you are accepting to our PDPA policies. In case you are interested to know more, read about our Candidates Personal Data Privacy Statement [https://support.carousell.com/hc/en-us/articles/4410378144537-Candidates-Personal-Data-Privacy-Statement].