Security Engineer (Remote Possible)

About This Role
We’re looking for a Security Engineer to join our Security team, to help secure our organization through assessing, engineering, and deploying security solutions.

What You Will Be Doing
  • Conduct penetration testing to identify security vulnerabilities in staging and production environments
  • Perform  technical security review for products and new feature requirements
  • Liaise with various product teams to arrange security assessments
  • Develop security requirements, controls, and procedures for different application development projects
  • Conduct code reviews and application security tests manually or automatically
  • Providing technical security advice, education, and awareness to development teams
  • Collaborate with internal teams, such as development, operations, and product, to achieve security goals and OKRs
  • Monitor emerging cyber threats, vulnerabilities, and exploits that may impact our products and infrastructure

Who We Are Looking For
  • Degree in Computer Science or IT or equivalent
  • At least three (3) years of experience in Security testing of Web and Mobile applications
  • Strong understanding and practical experience attacking web application vulnerabilities such as OWASP top 10.
  • Expertise in Secure SDL practices including whitebox and blackbox assessments, code reviews, design reviews, threat modeling, etc.
  • Experience in container security attack and defense, understand the potential security risks of containers and be able to implement effective repair and mitigation programs
  • Software development skills for automation in one or more languages (Rust, Python, C/C++, Java, Node.js, etc.) is a must
  • Exposure to DevSecOps, Kubernetes, VCS, IaC etc.
  • Experience and working knowledge of SAST, DAST and SCA tools
  • Strong interpersonal and communication skills
  • Certifications in Application Security and Penetration Testing such as OSCP, OSCE, OSWE and CEH or cybersecurity certifications including CISSP, CISM, CompTIA Security+ and GSEC are encouraged.

  • Data Processing: Collect and analyze data from various streams such as logs/Kibana/Grafana and track the anomalies if a certain kind of attack is occurring/occurred in order to be aware of latest threats
  • DevSecOps (Shift-Left): Empower all engineers to take responsibility for security, performing security testing earlier in the development lifecycle
  • Compliance: Ensure our security measures are compliant with prevailing standards (SOC 2 / ISO 27001)
  • Network & Operating System Security: Glints' services mainly operate on the network. Will require understanding of security and encryption protocols like TLS.

Interested? Apply this vacancy on:

Work Opportunity at Glints Indonesia in September 2022 - Loker Startup

2023. All rights reserved.