Senior Offensive Security Engineer

Location: Jakarta,Jakarta,Indonesia

Responsibilities:

Vulnerability Prioritization through Proof-of-Concept (PoC) Development:

1. Develop and execute Proof-of-Concept (PoC) exploits for identified vulnerabilities to demonstrate real-world impact and facilitate effective prioritization for remediation.
2. Clearly document PoCs and present findings to technical and non-technical audiences to drive informed decision-making.

Technical Implementation Security Reviews:

1. Conduct in-depth security reviews of technical implementations, including analyzing RFCs, specifications, design documents, and source code (in languages like PHP, Ruby, Go) to identify potential security vulnerabilities and weaknesses.
2. Provide actionable and practical recommendations for security improvements based on your findings.

Vulnerability Claim Assessment and Response:

1. Evaluate and triage vulnerability claims originating from various sources, including bug bounty programs, security advisories, vendor disclosures, and internal security research.
2. Thoroughly investigate reported vulnerabilities, reproduce findings, and assess their impact on our systems.
3. Develop and execute appropriate responses to vulnerability disclosures, including communication with relevant stakeholders, coordinating remediation efforts, and contributing to security advisories or bug bounty responses.
4. Stay up-to-date with the latest security vulnerabilities, attack techniques, and industry best practices.
D. Collaboration and Knowledge Sharing:
1. Collaborate effectively with developers, engineers, and other security team members to share security knowledge and promote secure coding practices.
2. Contribute to the development and improvement of security tools, processes, and documentation.
3. Present security findings and recommendations in a clear and concise manner to both technical and non-technical audiences.

Qualifications:

• Required: +5 years of experience in offensive security, penetration testing, vulnerability research, or a related field.
• Strong understanding of common web application vulnerabilities (OWASP Top 10), network security principles, and operating system security.
• Proven ability to develop Proof-of-Concept exploits demonstrating real-world attack scenarios.
• Experience in conducting thorough code reviews and analyzing technical specifications for security vulnerabilities.
• Solid understanding of networking protocols (TCP/IP, HTTP, DNS, etc.) and relevant RFCs.
• Familiarity with security testing tools and methodologies (e.g., Burp Suite, Metasploit, Nmap, vulnerability scanners).
• Excellent analytical, problem-solving, and critical thinking skills.
• Strong written and verbal communication skills, with the ability to clearly articulate technical findings to both technical and non-technical audiences.
• Experience with vulnerability management processes and bug bounty programs.
• Proficiency in at least one scripting language (e.g., Python, Bash, Ruby) for automation and tool development.