Job Description:
- Conduct penetration testing, vulnerability assessments, and security analysis of web applications, APIs, and company infrastructure.
- Identify and report security vulnerabilities with Proof of Concept (PoC) and mitigation recommendations.
- Perform code reviews and provide secure coding guidance to the development team.
- Conduct threat modeling, risk analysis, security monitoring, and log analysis to detect anomalies.
- Prepare periodic technical and managerial security reports.
- Deliver security awareness training to employees.
- Ensure compliance with security standards and regulations (OWASP Top 10, ISO 27001, PCI DSS, PSME, and Personal Data Protection Law).
Qualifications:
- Minimum Bachelor's degree in Informatics Engineering, Information Systems, or related fields.
- 1–3 years of experience in Information Security or Penetration Testing.
- Verifiable bug bounty portfolio (HackerOne, Bugcrowd, Synack, etc.) or CTF achievements.
- Proficient in OWASP Top 10, HTTP/HTTPS, and manual exploitation (SQLi, XSS, CSRF, SSRF, XXE, etc.).
- Expert in using Burp Suite, OWASP ZAP, and other security testing tools.
- Proficient in programming languages such as Python, JavaScript, PHP, or Bash.
- Strong understanding of API security (RESTful, GraphQL, OAuth, JWT).
- Excellent ability to clean code and detailed technical reports and PoCs.
- Communicative, detail-oriented, and highly integrity in handling sensitive data.
- Preferred certifications: OSCP, eWPT, PNPT, CEH, or ISO 27001 Lead Implementer.
- Familiar with compliance & governance concepts, including PSME and Personal Data Protection Law (UU PDP).