Back to jobs
New

Senior Penetration Tester

Jakarta, Jakarta, Indonesia

About The Role

We are seeking a skilled Security Engineer - Penetration Tester to join our Security team in Jakarta, Indonesia. In this role, you will be pivotal in maintaining and enhancing our organization's security posture by conducting thorough penetration testing, identifying vulnerabilities, and providing actionable remediation steps. The ideal candidate will possess strong technical skills, relevant certifications (such as OSCP or CREST), and an enthusiasm for continuously improving our cybersecurity resilience.

What You Will Do

  • Leading penetration test projects
  • Conduct regular penetration tests across networks, systems, and web/mobile applications to identify and document vulnerabilities.
  • Analyze findings, clearly document risks, and provide practical remediation guidance to developers and IT operations teams.
  • Collaborate closely with security team members and cross-functional teams to ensure comprehensive security across development lifecycles.
  • Stay current on the latest cybersecurity threats, trends, and penetration testing methodologies.
  • Contribute to improving our internal penetration testing capabilities and processes.
  • Participate actively in security-related incident response activities as required

What Are We Looking For

  • Bachelor's or Master's degree in Computer Science, Information Security, or a related technical discipline.
  • At least 2 years of experience
  • Proven experience in penetration testing, vulnerability assessment, and threat modeling.
  • Certifications such as OSCP or CREST are mandatory.
  • Proficiency with penetration testing tools like Burp Suite, Metasploit, Nmap, and Wireshark.
  • Familiarity with industry security standards and frameworks (OWASP Top 10, NIST, CIS).
  • Excellent analytical, problem-solving, and critical-thinking skills.
  • Experienced doing a penetration testing for mobile apps especially iOS
  • Strong interpersonal skills with the ability to communicate complex security issues clearly to technical and non-technical stakeholders.
  • Optionally, bonus skillsets:
    • Experience with secure coding practices, code review, and static/dynamic application security testing tools.
    • Competence in scripting languages such as Golang, Python, Ruby, or JavaScript.
    • Familiarity with cloud security practices (AWS, GCP, Azure).
    • Experience participating in Capture The Flag (CTF) competitions.
    • Experience triaging bug bounty reports and coordinating vulnerability remediation.

Apply for this job

*

indicates a required field

Resume/CV*

Accepted file types: pdf, doc, docx, txt, rtf

Cover Letter

Accepted file types: pdf, doc, docx, txt, rtf

Select...

When you apply to a job on this site, the personal data contained in your application will be collected by Fazz Financial Group Pte. Ltd. and/or its associated companies (“Controller”). The Controller’s data protection officer can be contacted at dataprotection@xfers.io. Your personal data will be processed for the purposes of managing Controller’s recruitment related activities, which include setting up and conducting interviews and tests for applicants, evaluating and assessing the results thereto, and as is otherwise needed in the recruitment and hiring processes. Such processing is legally permissible under the First Schedule, Part 3, Paragraph 10 of the Personal Data Protection Act (PDPA) as necessary for the purposes of the legitimate interests pursued by the Controller, which are the solicitation, evaluation, and selection of applicants for employment. Your personal data will be shared with Greenhouse Software, Inc., a cloud services provider located in the United States of America and engaged by Controller to help manage its recruitment and hiring process on Controller’s behalf. Accordingly, if you are located outside of the United States, your personal data will be transferred to the United States once you submit it through this site. The transfer will be subject to appropriate additional safeguards in accordance with the PDPA, including but not limited to sections 24 and 25 of the PDPA. Your personal data will be retained by Controller as long as Controller determines it is necessary to evaluate your application for employment. Under the PDPA, you have the right to request access to your personal data, to request that your personal data be rectified or erased, and to request that processing of your personal data be restricted.