About the Role The Security Engineer plays a crucial role in Amartha. You will be the warrior who will spearhead various Information Security program..
About the Role
The Security Engineer plays a crucial role in Amartha. You will be the warrior who will spearhead various Information Security programs to protect Amartha from internal and external threats.
About the team
The Information Security team in Amartha is a group of dynamic, highly-analytical individuals who are highly mindful in driving security and privacy by design within the various aspects of product lifecycle and engineering processes. We are the team who are highly passionate to be the security enabler of Amartha’s systems
Job Desc/What will you do
Identify current and emerging technology issues including security trends, vulnerabilities and threats
Recognize complex technical issues and managing them within a fast-paced business environment
Perform proactive investigation to analyze security weaknesses and recommend appropriate strategies
Perform Threat intelligence activities
Work closely with internal and external teams to implement security solutions
Acquire and implement new technological solutions to enhance organizational security posture
Identify, define and document system security requirements and recommend solutions
Monitor systems for irregular behavior and set up preventive measures
Manage bug bounty program
Enhance the effectiveness of security related processes through automation and orchestration
5+ years of related job experience
Excellent analytical and interpersonal skills
Ability to express technical information clearly at different organizational levels
Having relevant certification are preferable
Familiarity with API Security, Mobile/Application Security, Cloud Security
Experienced in conducting Static Application Security Test (SAST) and Dynamic Application Security Test (DAST)
Experienced in scripting using Python, Bash scripting
Familiar with a variety of DevSecOps toolkits, including Ansible, Jenkins, Artifactory, Jira, Terraform, Git/Version Control Software, or comparable technologies
Familiar with a variety of Pentesting toolkits, including BurpSuite, Hydra, Nessus, NMap, Metasploit, Frida, MobSF, or comparable technologies
Develop and oversee key performance indicators (KPIs) for security. Oversee service level agreements (SLAs) for security operations and create risk-b..
Develop and oversee key performance indicators (KPIs) for security.
Oversee service level agreements (SLAs) for security operations and create risk-based dashboards for reporting.
Create and implement a comprehensive vulnerability management program, including managing activities related to vulnerability assessment (VA) and penetration testing (PT).
Develop and implement security programs for network, server, and cloud environments, including onboarding processes and pre- and post-scanning activities.
Conduct periodic configuration reviews based on CIS benchmarks.
Manage the application security program by identifying and mitigating risks in collaboration with business application teams.
Collaborate in managing the endpoint security, network security, and server security programs.
Collaborate in managing the overall security operations management program.
At least 3-5 years of documented work experience in security engineering.
Prior practical knowledge of web, mobile, and cloud security.
Hands-on experience in constructing and maintaining security measures such as firewalls, intrusion detection systems, antivirus software, authentication systems, content filtering, etc.
Thorough understanding of IT infrastructure concepts across all layers, including Servers, Networks, End User Computing, and Cloud.
Experience in designing and implementing risk-based information security programs.
Hands-on experience in implementing standards such as ISO 27001, NIST, CIS, or equivalent.
Hands-on experience in designing, implementing, and managing Data Leak Prevention programs.
Hands-on experience in conducting application security assessments, both manual and tool-based.
Gained solid understanding of OWASP, CIS, and NIST guidelines for application security.
Experience in utilizing anti-malware solutions.
Experience in designing security programs for cloud services, including IAAS, PAAS, and SAAS.
Hands-on experience with native cloud security capabilities.
Experience in implementing cloud security solutions like CASB.
Excellent communication and presentation skills.
Experience in collaborating with mid-level and senior-level management, with the ability to understand business processes and requirements.
Understanding and effectively communicating security risks to core technology teams and business functions.
Preferred certifications: CISSP, CCSP, CISM, ISO 270001 LI/LA.
Financial Responsibilities :
Memastikan produktivitas cabang dalam melakukan referral & cross selling produk/ layanan tertentu untuk penca..
Financial Responsibilities :
Memastikan produktivitas cabang dalam melakukan referral & cross selling produk/ layanan tertentu untuk pencapaian target Individu & Team
Operational Responsibilities :
Bertanggung jawab atas transaksi : Pembukaan dan Penutupan Rekening ; Pembuatan dan Penerbitan Cek/BG, Bilyet Deposito dan Print Certificate, Buku Tabungan dan Kartu ATM ; Safe Deposit Box (SDB); Pengkinian Data CIF sehubungan pelaksanaan KYC/AML ; dan Blokir/Buka Blokir Rekening, Hold Dana Rekening sesuai instruksi nasabah dan persyaratan dokumen berlaku.
Melakukan analisa dan mitigasi risiko atas seluruh proses transaksi dari nasabah agar berlangsung secara lancar dan prudent.
Menindaklanjuti hasil Finding Audit internal/eksternal dan QA Finding sesuai dengan waktu yang ditetapkan.
Memastikan konsistensi penggunaan seluruh sistem dan pelaporan melalui aplikasi CST, TST, DHN, OMPK dan AML/KYC
Melakukan tertib administrasi, menjaga kerahasiaan data nasabah, tertib pengelolaan dokumen nasabah dan surat berharga, menjaga kerahasiaan password dan aktivitas kontrol lainnya & membuat laporan sesuai kebutuhan.
Service Responsibilities :
Bertanggung jawab atas Penanganan pengaduan nasabah
Bertanggung jawab atas Proses KYC dan AML
Memberikan layanan terbaik sesuai standard dan nilai layanan yang ditetapkan perusahaan, serta mencapai target pengukuran kualitas layanan baik eksternal ataupun internal .
Menerima, menangani & menyelesaikan masalah atau pengaduan nasabah dan memastikan penanganan pengaduan nasabah telah dicatat, ditindaklanjuti, dan diselesaikan sesuai dengan standar, prosedur, dan SLA yang berlaku.
