Join our dynamic Offensive Security team in Jakarta. This role is pivotal in ensuring our systems remain resilient against potential threats by actively testing and enhancing our defenses. As part of Kredivo’s Group Information Security team, you will report to the Offensive Security Team Lead based out of Singapore & work closely with the Kredivo Engineering & Product team.
Responsibilities:
- Perform Vulnerability Assessments and Penetration Testing:
- Conduct comprehensive vulnerability assessments and penetration tests on infrastructure, web applications, and mobile applications.
- Utilize tools such as Metasploit, Burp Suite, Nmap, etc., to identify security weaknesses and potential exploits.
- Security Review and Attack Simulation:
- Evaluate systems from the perspective of external attackers to identify vulnerabilities and assess overall security posture.
- Simulate attacks to understand potential impacts and prioritize remediation efforts.
- Reporting and Recommendation:
- Prepare detailed reports documenting findings, risks, and recommended mitigation strategies.
- Communicate results effectively to technical teams, management, and other stakeholders.
- Collaboration and Remediation:
- Collaborate closely with IT and engineering teams to prioritize and remediate identified vulnerabilities.
- Assist in implementing security controls and best practices to enhance overall security posture.
- Automation and Tool Development:
- Integrate security tools into development and CI/CD pipelines to automate security testing and validation processes.
- Develop scripts and tools (using Python, PowerShell, etc.) to streamline security operations and enhance efficiency.
Qualifications & Technical skill:
- A bachelor's degree (preferably focus on IT/ computing but not mandatory)
- Experience in vulnerability assessment & penetration testing, focusing on web applications, mobile applications, and infrastructure (AWS, GCP)
- Understand standards and frameworks for vulnerability scanning and penetration testing processes such as OSSTMM, OWASP, PTES, etc.
- Relevant penetration test certifications such as OSCP, or equivalent is a plus
Behavioural & soft skills required:
- A decent command in English is required;
- Self-starter with a proactive attitude and proven ability to work independently with minimal supervision.
- Ownership mindset, demonstrating high self-motivation in leading security initiatives and projects.
- Continuous learner with a strong appetite for experimentation and interest in automating security processes.
- Excellent analytical skills for assessing and solving complex security issues.
- Clear and concise communicator adept at conveying security concepts to technical and non-technical stakeholders.
- Proficient in creating comprehensive security reports and documentation for various audiences.
- Collaborative team player with proven effectiveness in cross-functional teamwork, sharing knowledge to enhance team capabilities.
- Good organisational skills, capable of maintaining detailed documentation for security processes and incidents.