Security Engineer - Product Security

Security Engineer - Product Security page is loaded

Apply locations Indonesia - Jakarta, Green Office Park 1 time type Full time posted on Posted Yesterday job requisition id R0006939

It's fun to work in a company where people truly BELIEVE in what they're doing!

Product Security Engineer at Traveloka will be required to ensure that our products and services are shipped with high security standards through application security testing, hardening, and secure framework. A Product Security Engineer should be a smart, self-starting individual capable of understanding complex software architectures and performing manual security code reviews. They need to integrate security into the software development process using defense-in-depth strategies such as automated testing in CI/CD pipelines. Preferably, they should have a software development background and practical programming knowledge.

They will work closely with our Software Engineering Team to implement Secure SDLC practices at Traveloka. They should also be capable of managing multiple projects across different frameworks and teams.

• Complete manual and automated reviews of source code to identify security vulnerabilities and risks with limited guidance.
• Define and design vulnerability assessment and penetration testing strategies for web APIs, front-end services, internal RPC, and mobile applications.
• Plan security testing, define scope, timelines, focus areas, and budget for implementing automated security testing tools, hardening, and secure frameworks such as RASP, WAF, secure libraries, security decorators, and their deployment within CI systems.
• Provide recommendations and influence implementation to mitigate security vulnerabilities across projects.
• Lead investigations of security incidents related to application security, such as payment abuse or data exposure via web APIs.
• Develop strategies and plans to create in-house tools that integrate with SDLC and track security metrics.

Skills & Experience

• Practical knowledge of modern software development including microservices, containerization, REST architecture, object-oriented programming, authentication methods, and cloud platforms.
• Strong proficiency in one or more programming languages such as Java, JavaScript, Kotlin, C#, Objective-C, or Swift.
• Experience in security code review, vulnerability assessment, and penetration testing.
• Experience in development and automation processes.
• Ability to handle multiple complex projects across different domains.
• Knowledge of common vulnerabilities like OWASP Top 10 and CWE, including business logic issues such as IDOR.
• Core skills in at least two of the following areas: JavaScript frameworks (e.g., React), Java frameworks (e.g., Spring), Android/iOS platforms, DevOps, AWS, automation tools, debugging, unit testing, algorithms, and data structures.

If you enjoy growth and working with enthusiastic, high-achieving teams, you'll find a great career with us!