About the Role
The Security Engineer plays a crucial role in Amartha. You will be the warrior who will spearhead various Information Security programs to protect Amartha from internal and external threats.
About the team
The Information Security team in Amartha is a group of dynamic, highly-analytical individuals who are highly mindful in driving security and privacy by design within the various aspects of product lifecycle and engineering processes. We are the team who are highly passionate to be the security enabler of Amartha’s systems
Job Desc/What will you do
- Identify current and emerging technology issues including security trends, vulnerabilities and threats
- Recognize complex technical issues and managing them within a fast-paced business environment
- Perform proactive investigation to analyze security weaknesses and recommend appropriate strategies
- Perform Threat intelligence activities
- Work closely with internal and external teams to implement security solutions
- Acquire and implement new technological solutions to enhance organizational security posture
- Identify, define and document system security requirements and recommend solutions
- Monitor systems for irregular behavior and set up preventive measures
- Manage bug bounty program
- Enhance the effectiveness of security related processes through automation and orchestration
- 5+ years of related job experience
- Excellent analytical and interpersonal skills
- Ability to express technical information clearly at different organizational levels
- Having relevant certification are preferable
- Familiarity with API Security, Mobile/Application Security, Cloud Security
- Experienced in conducting Static Application Security Test (SAST) and Dynamic Application Security Test (DAST)
- Experienced in scripting using Python, Bash scripting
- Familiar with a variety of DevSecOps toolkits, including Ansible, Jenkins, Artifactory, Jira, Terraform, Git/Version Control Software, or comparable technologies
- Familiar with a variety of Pentesting toolkits, including BurpSuite, Hydra, Nessus, NMap, Metasploit, Frida, MobSF, or comparable technologies
- Familiar with Cloud Platform such as GCP, AWS
- Tools familiarity : Python, Bash, TerraFrom, Ansible, GitHub, Jenkins, Artifactory, Jira, Terraform, Git, BurpSuite, Hydra, Nessus, NMap, Metasploit, Frida, MobSF