Job Description

Department Engineering and Technology
LevelExperienced (Individual Contributor)
LocationSingapore
The Engineering and Technology team is at the core of the Shopee platform development. The team is made up of a group of passionate engineers from all over the world, striving to build the best systems with the most suitable technologies. Our engineers do not merely solve problems at hand; We build foundations for a long-lasting future. We don't limit ourselves on what we can or can't do; we take matters into our own hands even if it means drilling down to the bottom layer of the computing platform. Shopee's hyper-growing business scale has transformed most "innocent" problems into huge technical challenges, and there is no better place to experience it first-hand if you love technologies as much as we do.

:

Lead security risk governance projects, identifying vulnerabilities, prioritizing remediation, and implementing robust security controls. This includes leveraging expertise in establishing security maturity standards. Conduct deep technical assessments of network architecture, cloud/on-premise infrastructure, and internal systems to proactively mitigate security risks, including internal system penetration testing and proactive threat hunting. Integrate security best practices into system design with Engineering, Infrastructure, and DevOps teams, ensuring inherent security across various environments, including network, host, container, application, endpoint, and large language models (LLMs). Drive the closure of security risks by analyzing the latest vulnerabilities, news, and regulatory concerns from a risk and compliance standpoint. Provide expert emergency response and forensic investigation capabilities during cybersecurity defense operations.

Requirements:

At least 5 years of defensive security expertise, securing networks, hosts, containers, applications, and endpoints across on-premise and cloud environments Over 5 years of end-to-end experience in offensive security, including penetration testing, red teaming, and security assessments of internal systems and products. Skilled in leveraging common hacking tools and real-world attack vectors to identify procedural and technical risks from an attacker's perspective, supporting red-blue team exercises, forensic investigations, and emergency response. Minimum 3 years of hands-on experience developing security products, with strong proficiency in security automation and scripting. Bachelor's degree or higher in Computer Science or a related field Solid problem-solving and analytical thinking skills * Strong communication skills and a collaborative team player