Back to search:Penetration Tester / Jakarta

GRIT AI
is a
Human Resources (HR) Solution
company specializing in
technology and digital talent management
. The company provides
end-to-end HR services
, including recruitment, workforce management, and professional IT talent outsourcing across multiple industries — such as
automotive, banking, manufacturing, and information technology
.

In this project,
GRIT AI is collaborating with a leading automotive company
to strengthen its
Information Technology (IT) division
. All professionals hired, including this
Pentester
position, will be
employed directly under GRIT AI
with a
permanent employment status
and a
3-month probation period
.

Therefore, GRIT AI acts not only as a recruitment partner but also as the
official employer
, ensuring employee welfare, career development, and compliance with both
professional and cybersecurity standards
in Indonesia.

Pentester (ISO 27001 & BSSN-Oriented)

Objective:
 Conduct penetration testing while preparing 
data, artifacts, and evidence
 in compliance with 
ISO/IEC 27001:2022
 and 
BSSN cybersecurity regulations
 (e.g., Keamanan Siber Sektor Prioritas, Panduan Audit TIK, and Peraturan BSSN related to Security Assessment).

Roles & Responsibilities

  • Penetration Testing (Technical):

  • Perform penetration testing based on 
    OWASP, NIST, and BSSN guidelines
    .

  • Identify security vulnerabilities related to 
    ISO 27001 Annex A controls
     and 
    BSSN cyber hygiene standards
    .

  • Deliver remediation strategies that align with 
    BSSN advisories
     and 
    ISO 27001 controls
    .

  • Evidence Gathering for ISO & BSSN:

  • Collect artifacts (screenshots, logs, configs) as 
    audit evidence
     for both ISO and BSSN compliance.

  • Provide penetration test reports traceable to 
    ISO 27001 Annex A
     and 
    BSSN security domains
     (e.g., Akses, Proteksi Data, Pengelolaan Kerentanan).

  • Support creation of 
    risk register
     and 
    ISMS documentation
     for certification.

  • Regulatory & ISMS Collaboration:

  • Map penetration testing results to 
    ISO 27001 SoA
     and 
    BSSN requirements
    .

  • Assist internal security teams during 
    BSSN compliance audits
    .
  • Ensure continuous improvement in line with 
    PDCA cycle
     of ISO 27001 and BSSN cyber maturity models.

Required Competencies

  • Pentest Tools & Frameworks:
     Kali Linux, Burp Suite, Nmap, Metasploit, Wireshark.
  • Standards Knowledge:
     ISO/IEC 27001:2022, BSSN Regulations, NIST CSF, CIS Controls.
  • Evidence Collection Skills:
     Audit-ready documentation for both ISO & BSSN.
  • Reporting:
     Ability to generate dual-compliance reports (ISO & BSSN).
Apply on the website