Application Security Engineer

We dream. We grow. We innovate. We move fast!

Requirements

  • Two years in an Information Security role, preferably in red  teaming, penetration testing, reverse engineering or vulnerability  management
  • Experience with interpreted or compiled languages: Python, Go ,Javascript
  • Knowledge in OWASP Top 10 of Mobile, API and Web
  • Knowledge in DevSecOps
  • Experience with cloud service providers and their offerings, preferably AWS and GCP and its various technologies and APIs
  • Experience with various testing tools, such as Kali,Metasploit, Nmap, Nessus, Burp Suite, etc.
  • Experience with SAST and DAST
  • Experience providing training
  • Demonstrable teamwork skills and resourcefulness
  • Ability to make concrete progress in the face of ambiguity and imperfect knowledge
  • Familiar with offensive TTPs (Tactics, Techniques and Procedures) including post-exploitation and lateral movement
  • OSCP Certified will be a plus
  • Experience in CTF competitions, CVE research and/or Bug Bounty recognition will be a plus
  • Prefer an IS person in DISC

Job Description

  • Conduct full cycle engagements with business units independently, or as part of a team.
  • Perform various vulnerability assessment and  manual penetration  testing of application, mobile apps, web sites, and networks to discover  and document vulnerabilities in regular basis
  • Thoroughly document vulnerabilities and other findings.
  • Communication skillset to influence Developers and Product Managers to prioritize and execute remediation plans.
  • Perform static code analysis to discover and document vulnerabilities in regular basis
  • Verify IT teams have coded according to best practices, verified  that comprehensive code review was done properly, and test for  vulnerabilities and provide solid guidance to the teams.
ALL RIGHTS RESERVED BY PT PAYFAZZ TEKNOLOGI NUSANTARA