Get to know our Team:The Security and Safety Team is your partner of choice! Internally, the team works with other stakeholders to design, enforce and execute policies and standards to ensure the security of our people, our data and our assets. Externally, we support the organisation in developing and shaping all safety-related aspects of our platform. I guess you can say we have a finger in many pies!Get to know our Team:
The Grab’s InfoSec team is responsible for building secure infrastructure. We coordinate corporate security with Grab’s IT and thus enable the organization to optimize and manage its infrastructure and minimize security risk. A critical factor in ensuring adequate protection for all data is the responsive updating and application of policy and guidance to address the latest changes in technologies while defending against the latest developing threats. Equally important is the necessity to ensure that the policies and guidance provide sufficient flexibility to allow their adaptation to the diverse missions across Grab.
Get to know the Role:
- Design, architect and build security solutions, frameworks, processes, and automation to secure infrastructure Work with development teams to create and influence next generation client solutions to securely and ubiquitously access throughout Grab
- Define and Maintain security solutions roadmap and present on a regular basis strategic vision for proposed future security technologies and improvements aligned to corporate and information security strategy
- Designs and secures systems by evaluating network security technologies; developing requirements for local area networks (LANs), wide area networks (WANs), virtual private networks. (VPNs), routers, firewalls, and related security and network devices.
- Research emerging technologies and maintain awareness of current and emerging security risks in support of security enhancement and development efforts
- Mentor security engineers Excellent analytical skills, organizational skills, ingenuity and the ability to work as part of a team Strong working experience in security tools like firewalls, IPS/IDS, proxies, and SIEMs.
- Partner with members of the InfoSec & IT to work with Grab’s leadership to provide status and reporting on the state of security across the entire Grab infrastructure, and corporate technical stack.
- Work closely with project managers, developers, and vertical teams to avoid redundancy, minimize expenditures and improve overall synergy within the organization.
The day-to-day activities:
- Develop and execute standards for design and operational procedures Security strategy
- Assess, design and implement security strategy and governance program frameworks that describe the process, controls, organization and infrastructure to manage information security related concerns Identify process that is manual and improve the process through automation.
- Ensure security best practice is followed at every level and provide a solution to improve an existing process.
- Be involved in the design and subsequent implementation of software and service infrastructure
The must haves:
- 10+ years of experience in designing and implementing security systems.
- Solid understanding of Network security and architecture.
- Strong foundation and in-depth technical knowledge of security engineering, authentication and security protocols, and applied cryptography.
- Strong skills in at least one or more scripting language; Perl, Python, Go, or Shell Passionate about security, enjoy challenges and maintains up-to-date knowledge of available and emerging security threats and various security technologies.
- Strong interpersonal skills with the ability to communicate and work effectively across the organization.
- Working experience with cloud technologies such as AWS, Google Cloud and Azure.
- Good stakeholder management skills. TOGAF and CISSP certifications.
Nice to Have:
- Experienced in implementing and managing HIDS/NIDS, FIM, SIEM solutions.
- Experienced with directory services and single-sign-on solutions.
- Experienced in vulnerability management, patching automation and understanding of VA/PT techniques Knowledge of information security standards like ISO 27001, PCI-DSS will be an added advantage