The Engineering and Technology team is at the core of the Shopee platform development. The team is made up of a group of passionate engineers from all over the world, striving to build the best systems with the most suitable technologies. Our engineers do not merely solve problems at hand; We build foundations for a long-lasting future. We don't limit ourselves on what we can or can't do; we take matters into our own hands even if it means drilling down to the bottom layer of the computing platform. Shopee's hyper-growing business scale has transformed most "innocent" problems into huge technical challenges, and there is no better place to experience it first-hand if you love technologies as much as we do.
Job Description:
- Design and perform APT adversary emulation to determine if infrastructure components, systems and applications meet confidentiality, integrity, authentication, availability, authorisation, and non-repudiation standards
- Translate requirements into test plan, write and execute test scripts or codes in line with standards and procedures to determine vulnerability to attacks
- Responsible for the weaponisation capabilities of the red team
- Research of undiscovered vulnerabilities (0 day) in red team engagements
Requirements:
- Bachelor’s degree or higher in Computer Science, Information Technology, Programming & Systems Analysis, Engineering, or other related fields
- Minimum 5 years of work experience in red team-related or relevant positions
- Strong security development capabilities, with expertise in Python, Go, and in-depth experience in dynamic web crawling and distributed development
- Proficiency in code auditing with the ability to quickly identify vulnerabilities in insecure code that can be exploited by the red team e.g. command injection, insecure deserialization, stack overflow, independently writing exploit codes
- Proficiency in various frameworks such as Puppeteer, Playwright, RabbitMQ, ELK, Yaklang, etc
- Strong communication skills and effective teamwork spirit
- Self-starter and fast learning ability
Preferred Experience
- Experience in pen-testing and red teaming, and familiar with kill chains in ATT&CK Framework (e.g. initial access, Windows AD testing, lateral movement)
- Experience in performing APT offensive and defensive
- Proven track record of bug bounty awards, Github star authors, etc
Read Full Description