Security Engineer (Red Team) - Mid/Senior
South Jakarta, South Jakarta City, Indonesia
Amartha
Amartha Mikro Fintek merupakan perusahaan teknologi yang memiliki visi untuk mewujudkan sejahtera merata di Indonesia melalui ekosistem keuangan digital.About the Role
The Associate Software Security Engineer plays an essential role in protecting Amartha from evolving cyber threats. You will be part of our dynamic security team, focusing on identifying and mitigating security risks across our technology stack.
About the Team
Our Information Security team consists of dedicated security professionals who prioritize security and privacy by design. We work closely with development teams to enable secure product development while maintaining operational efficiency.
Primary Responsibilities
- Execute vulnerability assessments and penetration tests across web applications, APIs, and mobile platforms
- Implement and maintain security controls in cloud environments (GCP, AWS)
- Develop automation scripts and tools to enhance security processes
- Perform security code reviews and threat modeling
- Support our bug bounty program through triage and validation
- Monitor systems for security anomalies and investigate potential incidents
- Collaborate with development teams to remediate security findings
Growth & Development
- Mentorship from experienced security engineers
- Certification and training support
- Hands-on experience with modern security tools and challenges
- Clear career advancement path within the security team
Requirements
Required Skills
- 2+ years of hands-on security testing or software development experience
- Strong understanding of web security fundamentals and OWASP Top 10
- Proficiency in at least one scripting/programming language (Python, Bash, or Go)
- Experience with security testing tools (Burp Suite, OWASP ZAP)
- Basic understanding of cloud security concepts
- Ability to clearly communicate technical findings to various stakeholders
- Fast learner with passion for cybersecurity
- Self-motivated to stay updated with security trends and threats
Preferred Qualifications
- Security certifications (eJPT, OSCP, CEH)
- Experience with cloud platforms (AWS, GCP)
- Knowledge of CI/CD pipelines and DevSecOps practices
- Mobile application security testing experience
- Familiarity with infrastructure as code (Terraform, Ansible)
Technical Environment
- Security Tools: Burp Suite, Metasploit, Nmap, MobSF, Frida
- Development Tools: Git, GitHub, Jenkins
- Cloud Platforms: AWS, GCP
- Programming Languages: Python, Bash, Go
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Ansible APIs Application security Automation AWS Bash Burp Suite CEH CI/CD Cloud DevSecOps GCP GitHub Jenkins Metasploit Nmap OSCP OWASP Privacy Python Red team Scripting Terraform
Perks/benefits: Career development
More jobs like this
Explore more career opportunities
Find even more open roles below ordered by popularity of job title or skills/products/technologies used.