Founded in 2015, Daraz is South Asia??s leading e-commerce platform in Pakistan, Bangladesh, Sri Lanka, Nepal and Myanmar. It empowers more than 100,000 active sellers with world-class marketplace technology to reach the fast-growing consumer class in a region of 500 million people. Through Daraz Express and Daraz Pay, it operates the most efficient and digitalised logistics and payments infrastructure in its markets. Daraz?? vision is to be a champion of South Asia serving 100 million customers and businesses by 2030.
For more information, please visit www.daraz.com
Your role is to:
- Analyse system services, perform line-by-line and automated source code review of networks and applications.
- Perform dynamic application security testing (DAST) and static analysis (SAST), Interactive Application Security Testing (IAST) of the micro-services and Mobile applications/Website codebases.
- Integrate security into the software development lifecycle (SDLC) including threat modeling; establishing development standards, standardising processes, roadmapping security enhancements, and performing source code reviews.
- Provide remediation guidance and oversight to discover vulnerabilities.
- Program and write scripts to automate tasks.
- Perform product security design .
- Designing technical solutions to address security weaknesses.
- Research new threats, attack techniques, and methods
- Design and implement security solutions to automate the detection and remediation of infrastructure security issues.
- Perform vulnerability assessment and penetration testing on mobile apps, website, API, and databases.
- Design and perform Red team simulation drills to measure the readiness of the Blue team.
- Assist Blue team in identifying security gaps.
- Perform threat hunting exercises and detect security flaws in applications and networks proactively.
- Writing an exploit to leverage a vulnerability.
- Develop/Test/Deploy tools to conduct security review operations in an automated fashion.
- Participate in architectural and design discussions
- Perform black/gray/white box testing on applications/websites/API.
A bit about you:
- 4+ years of Application Security experience after graduation.
- Hands-on security experience with a passion for everything security related with a proven record of delivering a security impact.
- Understanding of reverse connection & MITM. Hands-on expertise on Kali Linux, Metasploit, Burp Suite, Nmap, Wireshark etc.
- Experience deploying/integrating with CI/CD and configuring SAST/DAST tooling.
- Deep understanding of web security, TLS/SSL, web authentication and web-related protocols (e.g. TCP/IP, UDP, IPSEC, HTTP, HTTPS, routing protocols).
- Capacity to handle and manage multiple projects.
- Communicate with stakeholders and guide them on secure coding practices.
- Knowledge about cryptography and its functionality.
- Knowledge of OWASP standards and methodologies, understanding of HTTP and web programming, Web Application Firewalls.
- Hands on experience with application vulnerability assessment tools like(Qualys/Nexpose, Burp Suite, Nessus, etc)
- Strong analytical and problem-solving capabilities.
- Certifications like OSCP/CEH are a plus.
- Working knowledge of technologies involving CI/CD, Docker containers, and Databases.
- Good presentation, communication and team player skills to persuasively guide developers and upper management on application security topics.
What we offer:
- International working environment in a start-up setting, and a unique opportunity to learn from the best in e-commerce (Alibaba Group) and business growth.
- A platform to learn from Alibaba??s world-leading ecosystem
- Rigorous training and exposure in team management, leadership, business analytics, and operations.
- An opportunity to train the next generation of business leaders in the ??tech?? industry.
- Competitive salary and incentive package
- Health & life insurance