Senior Penetration Tester
Jakarta, Jakarta, Indonesia
StraitsX
StraitsX is the payments infrastructure for digital assets in Southeast Asia and issues XSGD, XUSD, and XIDR, the Singapore Dollar, U.S Dollar & Indonesian Rupiah stablecoins.About The Role
We are seeking a skilled Security Engineer - Penetration Tester to join our Security team in Jakarta, Indonesia. In this role, you will be pivotal in maintaining and enhancing our organization's security posture by conducting thorough penetration testing, identifying vulnerabilities, and providing actionable remediation steps. The ideal candidate will possess strong technical skills, relevant certifications (such as OSCP or CREST), and an enthusiasm for continuously improving our cybersecurity resilience.
What You Will Do
- Leading penetration test projects
- Conduct regular penetration tests across networks, systems, and web/mobile applications to identify and document vulnerabilities.
- Analyze findings, clearly document risks, and provide practical remediation guidance to developers and IT operations teams.
- Collaborate closely with security team members and cross-functional teams to ensure comprehensive security across development lifecycles.
- Stay current on the latest cybersecurity threats, trends, and penetration testing methodologies.
- Contribute to improving our internal penetration testing capabilities and processes.
- Participate actively in security-related incident response activities as required
What Are We Looking For
- Bachelor's or Master's degree in Computer Science, Information Security, or a related technical discipline.
- At least 2 years of experience
- Proven experience in penetration testing, vulnerability assessment, and threat modeling.
- Certifications such as OSCP or CREST are mandatory.
- Proficiency with penetration testing tools like Burp Suite, Metasploit, Nmap, and Wireshark.
- Familiarity with industry security standards and frameworks (OWASP Top 10, NIST, CIS).
- Excellent analytical, problem-solving, and critical-thinking skills.
- Experienced doing a penetration testing for mobile apps especially iOS
- Strong interpersonal skills with the ability to communicate complex security issues clearly to technical and non-technical stakeholders.
- Optionally, bonus skillsets:
- Experience with secure coding practices, code review, and static/dynamic application security testing tools.
- Competence in scripting languages such as Golang, Python, Ruby, or JavaScript.
- Familiarity with cloud security practices (AWS, GCP, Azure).
- Experience participating in Capture The Flag (CTF) competitions.
- Experience triaging bug bounty reports and coordinating vulnerability remediation.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Application security AWS Azure Burp Suite Cloud Computer Science CREST CTF DAST GCP Golang Incident response iOS JavaScript Metasploit NIST Nmap OSCP OWASP Pentesting Python Ruby Scripting Vulnerabilities
More jobs like this
Explore more career opportunities
Find even more open roles below ordered by popularity of job title or skills/products/technologies used.