Security Engineer (Remote Possible)
JAKARTA
About This Role
We’re looking for a Security Engineer to join our Security team, to help secure our organization through assessing, engineering, and deploying security solutions.
What You Will Be Doing
- Conduct penetration testing to identify security vulnerabilities in staging and production environments
- Perform technical security review for products and new feature requirements
- Liaise with various product teams to arrange security assessments
- Develop security requirements, controls, and procedures for different application development projects
- Conduct code reviews and application security tests manually or automatically
- Providing technical security advice, education, and awareness to development teams
- Collaborate with internal teams, such as development, operations, and product, to achieve security goals and OKRs
- Monitor emerging cyber threats, vulnerabilities, and exploits that may impact our products and infrastructure
Who We Are Looking For
- Degree in Computer Science or IT or equivalent
- At least three (3) years of experience in Security testing of Web and Mobile applications
- Strong understanding and practical experience attacking web application vulnerabilities such as OWASP top 10.
- Expertise in Secure SDL practices including whitebox and blackbox assessments, code reviews, design reviews, threat modeling, etc.
- Experience in container security attack and defense, understand the potential security risks of containers and be able to implement effective repair and mitigation programs
- Software development skills for automation in one or more languages (Rust, Python, C/C++, Java, Node.js, etc.) is a must
- Exposure to DevSecOps, Kubernetes, VCS, IaC etc.
- Experience and working knowledge of SAST, DAST and SCA tools
- Strong interpersonal and communication skills
- Certifications in Application Security and Penetration Testing such as OSCP, OSCE, OSWE and CEH or cybersecurity certifications including CISSP, CISM, CompTIA Security+ and GSEC are encouraged.
Nice-To-Haves
- Data Processing: Collect and analyze data from various streams such as logs/Kibana/Grafana and track the anomalies if a certain kind of attack is occurring/occurred in order to be aware of latest threats
- DevSecOps (Shift-Left): Empower all engineers to take responsibility for security, performing security testing earlier in the development lifecycle
- Compliance: Ensure our security measures are compliant with prevailing standards (SOC 2 / ISO 27001)
- Network & Operating System Security: Glints' services mainly operate on the network. Will require understanding of security and encryption protocols like TLS.