Security Engineer - Penetration Tester

Posted Yesterday
Be an Early Applicant
Jakarta, DKI Jakarta
Senior level
Information Technology • Consulting
The Role
Lead Application Security Engineer responsible for integrating security into the software development lifecycle, collaborating with teams and vendors, evaluating security tools, performing testing and reviews, developing security controls, providing training, and driving security expertise within development teams.
Summary Generated by Built In

DKatalis is a financial technology company with multiple offices in the APAC region. In our quest to build a better financial world, one of our key goals is to create an ecosystem linked financial services business.

DKatalis is built and backed by experienced and successful entrepreneurs, bankers, and investors in Singapore and Indonesia who have more than 30 years of financial domain experience and are from top-tier schools like Stanford, Cambridge London Business School, JNU with more than 30 years of building financial services/banking experience from Bank BTPN, Danamon, Citibank, McKinsey & Co, Northstar, Farallon Capital, and HSBC.

 

Responsibility

To drive integrating security seamlessly into the Software development lifecycle, the Lead Application Security Engineer will serve as a technical subject matter expert working with Technical teams.  This individual will collaborate with teams and vendors to determine security requirements and support all phases of integration, operations, and maintenance to ensure a secure software environment. They will be able to work independently or in a team environment.

 

Development :

  • Provide subject matter expertise on secure coding practices and security design based on current knowledge of security threats and vulnerabilities that could impact the technology stack
  • Support definition of Secure SDLC standard to include security architecture, design, and coding requirements for infrastructure, application, and data to align with application security maturity model and adopt a shift-left approach for security.
  • Evaluate various application security tools, including SAST, DAST, SCA, IAST, and Pen Testing, and operationalize security tools for integration with CI/CD.
  • Explains and interprets the vulnerability report items to development staff.
  • Perform application testing and review security test results from scans and penetration testing to identify possible vulnerabilities that may be exploited and propose remediation solutions or mitigation controls.
  • Develop security controls and processes for products and services developed and deployed for both cloud environments, preferably GCP.
  • Perform threat modeling, conduct security architecture reviews, and provide training to architects and developers to enhance the adoption of secure coding practice within the product development lifecycle.
  • Provide security-related coaching and expertise to drive and elevate security expertise within the development teams.
  • Lead security innovation and best practices in product development through collaboration and learning from industry professionals and consortiums
  • This position is also subject to being "on-call" for emergencies requiring immediate resolution. 

 

Requirements :

  • Minimum 5 years of experience building production web applications and services in at least two on some of  the following languages: Node JS, Java, React-Native, Android / Flutter
  • Experience performing Red Team operations in enterprise environments
  • Experience in software coding/development including, scripting languages
  • Building, deploying and managing Red Team operational infrastructure
  • Knowledge of adversarial TTPs
  • Experience with compromise and lateral movement in Mac, Linux, and Windows environments
  • Open-source intelligence gathering and social engineering
  • Web and mobile application assessments
  • Wireless and network assessments
  • Experience with custom payloads and exploit use in a production environment

Desired skills & credentials :

  • CVE/Bug bounty/responsible disclosures
  • Knowledge of secure architecture and design patterns for Web, Mobile, and Microservices
  • CI/CD and Appsec Tools: Sonar, Fortify, Checkmarx
  • Reverse Engineering and Fuzzing to identify potential vulnerabilities
  • Exploit development
  • Security / Forensics Tools: Burp, Nmap, Nessus, NetStumbler, Cain & Abel, THC Hydra, W3af, GFI LANguard, Wireshark (Tshark), WinDump (TCPDump), Web inspect, tcpreplay, Access Data FTK, Encase, Helix, etc.
  • OS & Testing Distros: RH Linux, CentOS, Fedora, Windows / XP / 7 / 10 / BackTrack, Kali Linux, PentestBox etc.
  • Frameworks/Guidelines: ISO27001, NIST, ITU-T, OWASP, WASC, etc.
  • Information security certifications: GPEN, OSCP, OSCE, OSWE

Top Skills

Android
Flutter
Java
Node Js
React-Native
The Company
370 Employees
On-site Workplace
Year Founded: 2019

What We Do

DKatalis is a technology company aiming to co-create scalable digital solutions with customers and ecosystem partners. Founded in 2019, DKatalis is collaborating from all around the world, with hubs operating in Jakarta, Singapore and India. We have created the Jago App to solve financial literacy, AMAAN App to empower women entrepreneurs, and People Xperience App to empower organizations to adapt with rapid changes

Similar Jobs

Ninja Van Logo Ninja Van

IT Support Executive

eCommerce • Logistics
Jakarta, DKI Jakarta, IDN
4902 Employees

Ninja Van Logo Ninja Van

Admin Vehicle Management

eCommerce • Logistics
Jakarta, DKI Jakarta, IDN
4902 Employees

Cermati.com Logo Cermati.com

Legal Admin

Fintech • Payments • Financial Services
DKI Jakarta, Gambir, DKI Jakarta, IDN
468 Employees

Manulife Logo Manulife

IT Problem Management and PTG Champion

Fintech • Insurance • Financial Services
DKI Jakarta, Gambir, DKI Jakarta, IDN
32427 Employees

Similar Companies Hiring

Silverfort Thumbnail
Security • Sales • Information Technology • Cybersecurity • Automation
GB
357 Employees
Jobba Trade Technologies, Inc. Thumbnail
Software • Professional Services • Productivity • Information Technology • Cloud
Chicago, IL
45 Employees
InCommodities Thumbnail
Renewable Energy • Machine Learning • Information Technology • Energy • Automation • Analytics
Austin, TX
234 Employees

Sign up now Access later

Create Free Account

Please log in or sign up to report this job.

Create Free Account