The fastest courier, transport, food delivery and shopping services provider in Indonesia.
Senior Information Security Engineer
Job Description / Skills Required
A Senior Information Security Engineer is a go-to expert in one or more information security disciplines with an expertise and wide understanding of security architecture, processes, alignment to stakeholder teams, and accountability for effective measurement of security metrics. H/she should have prior experience in leading and executing large and technically complex security projects and initiatives and can readily lead delivery teams of 4-6 security engineers.
What You Will Do
- Participates in development of a small to medium complexity security project, process, or initiative within their technical focus area (cloud security, identity access management, vulnerability management, penetration testing, etc.)
- Designs, develops and maintains small to medium complexity security features and/or process changes with some guidance from more experienced team members.
- Scope of activities are scoped to functional security assignments from senior team members or manager
- Improves security operations by enhancing use cases, processes, and/or code structure.
- Implements medium complexity security tasks for projects and delivers concise and clear deliverables
- Contributes to automation of repeated manual tasks to improve team productivity
- Has an in-depth understanding of at least a few security domains (application, network, identity access mgmt, vulnerability mgmt, incident response, encryption, remote access etc)
- Takes responsibility for deliverables, production, process improvements
- Concise documentation for security use cases and operational improvements
- Collaborates in security reviews that follow the standards and practices of information security best practices that are recognized by their team members
- Collaborates with senior security engineers to flesh out implementation details
What You Will Need
- 5+ years of relevant industry experience.
- A strong acumen and understanding of tech architecture for cloud native and microservices based web and mobile applications
- Driving security automation and DevSecOps within engineering lifecycle besides vulnerability/bug remediation through calibration and filtering false positives
- Experience in using manual and automated scanners like Nessus, Nexpose, Qualysguard, nmap. OpenVAS, Nexpose besides PT kits like Kali Linux, Metasploit etc.
- Mandatory certification CISSP, OSCP, CEH
- Desirable certifications like CSSLP, LPT, SANS-GPEN, SABSA