Security Engineer (Remote Possible)
JAKARTA
About This Role
We’re looking for a Security Engineer to join our Security team, to help secure our organization through assessing, engineering, and deploying security solutions.
What You Will Be Doing
- Conduct penetration testing to identify security vulnerabilities in staging and production environments
- Perform technical security review for products and new feature requirements
- Liaise with various product teams to arrange security assessments
- Develop security requirements, controls, and procedures for different application development projects
- Conduct code reviews and application security tests manually or automatically
- Providing technical security advice, education, and awareness to development teams
- Collaborate with internal teams, such as development, operations, and product, to achieve security goals and OKRs
- Monitor emerging cyber threats, vulnerabilities, and exploits that may impact our products and infrastructure
Who We Are Looking For
- Degree in Computer Science or IT or equivalent
- At least three (3) years of experience in Security testing of Web and Mobile applications
- Strong understanding and practical experience attacking web application vulnerabilities such as OWASP top 10.
- Expertise in Secure SDL practices including whitebox and blackbox assessments, code reviews, design reviews, threat modeling, etc.
- Experience in container security attack and defense, understand the potential security risks of containers and be able to implement effective repair and mitigation programs
- Software development skills for automation in one or more languages (Rust, Python, C/C++, Java, Node.js, etc.) is a must
- Exposure to DevSecOps, Kubernetes, VCS, IaC etc.
- Experience and working knowledge of SAST, DAST and SCA tools
- Strong interpersonal and communication skills
- Certifications in Application Security and Penetration Testing such as OSCP, OSCE, OSWE and CEH or cybersecurity certifications including CISSP, CISM, CompTIA Security+ and GSEC are encouraged.
Nice-To-Haves
- Data Processing: Collect and analyze data from various streams such as logs/Kibana/Grafana and track the anomalies if a certain kind of attack is occurring/occurred in order to be aware of latest threats
- DevSecOps (Shift-Left): Empower all engineers to take responsibility for security, performing security testing earlier in the development lifecycle
- Compliance: Ensure our security measures are compliant with prevailing standards (SOC 2 / ISO 27001)
- Network & Operating System Security: Glints' services mainly operate on the network. Will require understanding of security and encryption protocols like TLS.
![Career Opportunity at Tiket[dot]Com - January 2024](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhh5yXPrgOKdS16RWPoQDv6IR3Ww7_36m-FPOkDgjSYxka9fGdwuGFtDKZDjvWdaG98mb2M7E2Col_99Wq4DtH5YHV0x5nVKmLUg1w1cnJEjX6OVgg2T9XVSXwoNydlSfATvyj5K-ObeXSoqI1G5cL8fcw1IZHolGfmePc_MZQVSDk267DmXx1IIsif0kou/s72-c/tiket.jpg)