At Careem, we are driven by the purpose of simplifying the lives of people and building an awesome organization that inspires. Based in Dubai, we started our journey as a pioneer of the Middle East's ride-hailing economy.
Today, Careem is the region's everyday Super App operational in 13 countries and over 100 cities. The Super App provides a host of daily services that people need to move around, to order things and to transfer money in one unified smartphone app. Our goal is to simplify people's daily lives so that they can spend their precious time and mindshare on things that really matter and on realizing their potential. Our mission is to build engineering as an institution that nurtures talent into world class engineers!
JOB PURPOSE:
Careem is looking for an AppSec Engineer who can demonstrate SME expertise in Application Security Domain knowledge and experience. The individual will work closely with stakeholders across the Org (that include Business, Engineering teams and Product Management). This individual must have good communication skills so that they are able to influence the various stakeholders to: build and sustain a secure and robust system(s), provide guidance, and ensure application security is embedded across Careem Tech to secure our captains, customers and colleagues.
The role expectations are to help validate that our services, applications, and websites are designed and implemented to the highest security standards. You will be responsible for analyzing the security of applications and services, discovering and addressing security issues, building security automation, and quickly reacting to new threat scenarios.
You will have the opportunity to learn from and be mentored by those who are building and securing our cutting-edge services.
KEY ACCOUNTABILITIES:
The AppSec Engineer at Careem is expected to be strong in multiple domains and provide significant contributions to the Careem Security team and to multiple groups throughout Careem. Security engineers are expected to develop elegant solutions to complex business problems and apply appropriate technologies while following security engineering best practices. You are also expected to mentor more junior engineers and be a security thought leader for the organization.
The individual must foster constructive dialogue and seek resolution when confronted with discordant views.
REQUIREMENTS:
As an Application Security Engineer, you will provide expert analysis and robustly engineered solutions to help strengthen our titles against threats. The role requires an insightful, agile, and pragmatic approach to a rapidly changing threat landscape - balancing both long term capability buildout and quick reaction to emerging threats.
This is a hands-on role, requiring strong programming, analysis, and reverse-engineering skills. Working as part of an agile team of security experts, you are expected to be a subject matter expert. You will be working directly on game integrity in addition to our overall mobile security capabilities.
Priorities can often change in a fast-paced environment like ours, so this role includes, but is not limited to, the following responsibilities:

• Strengthen security and integrity of application and product features, ensuring known exploits are mitigated and potential threats are addressed.
• Work closely within the engineering and development team to identify the best course of action to proactively protect features and implement countermeasures.
• Participate in and support application security reviews and threat modeling, including code review and dynamic testing.
• Own and perform application and product security vulnerability management.
• Support the bug bounty program.
• Facilitate and support the preparation of security releases working closely with engineering and development teams.
• Support and consult with engineering, product and development teams in the area of application security.
• Assist in creation and delivery of application security training program and security champions program.
• Assist in development of automated security testing to validate that secure coding best practices are being used.
• Support both engineering and security operations efforts.

QUALIFICATIONS AND EXPERIENCE:

• BS in Computer Science or related field, or equivalent work experience.
• Minimum of 5-8 years of experience with application security engineering,
• Familiarity with common security libraries, security controls, and common security flaws.
• Development, engineering and scripting experience and skills.
• Experience with OWASP, static/dynamic analysis, and common security tools.
• Minimum of 4 years of experience with any combination of the following: application security, threat modeling experience, secure coding, identity management and authentication, software development, cryptography, system administration and network security.

NICE TO HAVE:

• Contributions to the security community such as research, public CVEs, bug-bounty recognitions, open-source projects, and blogs or publications.
• Experience working with teams in multiple geographical locations
• Strong experience in performing penetration tests and/or vulnerability assessments for mobile applications and networks.

• Contributions to the security community such as research, public CVEs, bug-bounty recognitions, open-source projects, and blogs or publications.
• Experience working with teams in multiple geographical locations
• Strong experience in performing penetration tests and/or vulnerability assessments for mobile applications and networks.

MINIMUM REQUIREMENTS:

• In-depth knowledge with reverse engineering and advanced debugging.
• Ability to identify code vulnerabilities and exploits.
• Strong knowledge with malware detection methods.
• Strong knowledge with mobile app stores and mobile applications distribution processes.
• Extensive knowledge of iOS and/or Android operating systems.
• Strong Java and/or Objective C development skills on mobile titles.
• Understanding of assembly code and lower-level iOS and/or Android operating systems.
• Be able to interact with and work directly with game engineering teams.
• An in-depth knowledge of security issues (e.g. OWASP Top 10 as well as latest vulnerabilities) is required.
• Proactively collaborating with development teams to encourage smart development that considers security before it becomes an issue
• Collaborate with other security teams to take their findings and develop solutions with development teams
• Provide information to other teams as they communicate with customers about our security solutions
• Advise on MDM solutions, and advocate adherence to Enterprise security policies
• You will be in charge of researching new threats and collaborating with Pen Testing Team to ensure these new threats are being tested
• Review mobile network for potential security risks
• Knowledge of interaction between mobile and web and the security risks that are associated with this relationship
• Evaluate third party security libraries/ solutions

Extra Points:

• Understanding of source control best practices, particularly hands-on knowledge of Perforce.
• Knowledge of social engineering
• Knowledge of malware analysis
• Knowledge of industry best practices for protecting applications and writing secure code.
• Security-oriented role on previously published games or apps.
• Working as part of a broader live operations or game security effort is a plus.
• Knowledge of networking protocols at low (TCP/IP, UDP) and high level (HTTP).
• Knowledge of packet capture techniques and interception proxies.