Senior Security Engineer (Red Team Specialist)

We are seeking a highly skilled and experienced Senior Security Engineer Penetration Tester / Red Team Specialist to join our dynamic cybersecurity team. As a Senior Penetration Tester, you will be responsible for simulating real-world cyberattacks on our organization's infrastructure, applications, and systems. 

Your expertise in identifying vulnerabilities, exploiting weaknesses, and devising robust security solutions will play a pivotal role in enhancing our overall cybersecurity posture. This role requires a proactive, creative, and analytical individual with a passion for staying ahead of emerging threats and vulnerabilities.

Rafi, Luqman, and Anjar, who were college friends in Universitas Indonesia, started Flip as a project in 2015 to transfer payments to each other at a fraction of what banks would charge them. They are pioneers in the Indonesian market, with their technology now helping millions of Indonesians, both individuals and businesses, carry out bank-to-bank money transfers through a reliable and seamless app.

After nine years of operations, Flip has helped Indonesians transfer money worth several trillions of rupiah and has received double-digit funding from respectable investors such as Sequoia India, Insight Partner, and Insignia. Flip’s ultimate mission is to give Indonesians access to one of the most progressive and fairest financial services in the world.

At Flip, we always strive to provide the fairest place for you to work, learn, and grow with talented and fun people in various opportunities to advance your career and get fair rewards. We believe that we have to treat employees, customers, and all stakeholders fairly and respectfully. Fair treatment for employees means we establish clear goals, facilitate our employees to achieve them, and value their contribution to the company with equitable benefits.

• Penetration Testing and Red Teaming: Lead and conduct penetration testing and red teaming activities against our organization's networks, applications, and physical security. Perform comprehensive security assessments to identify vulnerabilities and potential weaknesses.

• Attack Simulation and Scenario Development: Develop realistic attack scenarios based on current threat intelligence and industry best practices. Simulate sophisticated attack techniques to identify gaps in our security controls and defenses.

• Vulnerability Assessment: Conduct in-depth vulnerability assessments and risk analyses, utilizing various security testing tools and manual techniques. Provide detailed reports outlining identified vulnerabilities and recommended remediation actions.

• Security Research and Analysis: Stay up-to-date with the latest cybersecurity threats, vulnerabilities, and attack techniques. Continuously monitor emerging trends and industry developments to inform our security strategies.

• Security Architecture Review: Collaborate with the security team and other stakeholders to review and improve our organization's security architecture, ensuring it aligns with industry standards and best practices.

• Incident Response Support: Assist the incident response team in handling cybersecurity incidents, performing forensic investigations, and providing expertise on the adversary's techniques and tactics.

• Security Awareness and Training: Contribute to the development and delivery of cybersecurity awareness and training programs for employees to promote a security-conscious culture.

• Security Tooling and Automation: Evaluate and recommend new cybersecurity tools, methodologies, and automation techniques to streamline security assessment processes and enhance efficiency.

• Education: Bachelor's or Master's degree in Computer Science, Cybersecurity, Information Technology, or a related field. Relevant certifications such as OSCP, OSCE, GPEN, or GXPN are highly desirable.

• Experience: Minimum of 5 years of hands-on experience in penetration testing, red teaming, or ethical hacking, with a proven track record of identifying and exploiting vulnerabilities.

• Demonstrate a strong grasp of end-to-end SDLC, DevSecOps, and application development for web and mobile applications.

• Technical Proficiency: Expertise in using various security testing tools and frameworks (e.g., Metasploit, Burp Suite, Nmap, etc.) and manual techniques to conduct thorough security assessments.

• Programming and Scripting: Proficiency in programming and scripting languages (e.g., Python, Go, Shell Script) to develop custom tools and automation scripts.

• Networking and Systems: Strong understanding of network protocols, operating systems, and common security technologies (SIEM, XDR/EDR, firewalls, IDS/IPS, WAFs, etc.).

• Cybersecurity Knowledge: In-depth knowledge of cybersecurity principles, attack vectors, and defense strategies. Familiarity with threat intelligence and risk assessment methodologies, OWASP, Cloud Security best practices.

• Problem-Solving Skills: Excellent analytical and problem-solving abilities, with a proactive approach to identifying and mitigating security risks.

• Communication Skills: Effective verbal and written communication skills, with the ability to convey complex technical concepts to both technical and non-technical stakeholders.

• Team Player: Demonstrated ability to work collaboratively in a team environment, sharing knowledge, and supporting collective goals.

Join our team as a Senior Penetration Tester / Red Team Specialist and contribute to safeguarding our organization against the ever-evolving cybersecurity landscape. Apply your expertise to help us maintain a robust and resilient security posture.