About the Role
The Security Engineer plays a crucial role in Amartha. You will be the warrior who will spearhead various Information Security programs to protect Amartha from internal and external threats.
About the team
The Information Security team in Amartha is a group of dynamic, highly-analytical individuals who are highly mindful in driving security and privacy by design within the various aspects of product lifecycle and engineering processes. We are the team who are highly passionate to be the security enabler of Amartha’s systems
Job Desc/What will you do
- Identify current and emerging technology issues including security trends, vulnerabilities and threats through various security assessment activities (including but not limited to: . penetration testing, vulnerability assessment, etc)
- Recognize complex technical issues and managing them within a fast-paced business environment
- Perform proactive investigation to analyze security weaknesses and recommend appropriate strategies
- Perform Threat intelligence activities
- Work closely with internal and external teams to implement security solutions
- Acquire and implement new technological solutions to enhance organizational security posture
- Identify, define and document system security requirements and recommend solutions
- Monitor systems for irregular behavior and set up preventive measures
- Manage bug bounty program
- Enhance the effectiveness of security related processes through automation and orchestration
Requirements
- 5+ years of related job experience
- Excellent analytical and interpersonal skills
- Ability to express technical information clearly at different organizational levels
- Having relevant certification are preferable (e.g. CEH,OSCP, eCPPT, Ejpt etc)
- Advance knowledge in API Security, Mobile/Application Security, Cloud Security
- Advance knowledge in security adversarial techniques, tactics, and procedures
- Experienced in conducting Static Application Security Test (SAST) and Dynamic Application Security Test (DAST)
- Experienced in scripting using Python, Bash, Go
- Highly skilled with strong hands-on experience with various security assessment tools such as Metasploit, BurpSuite, ZAP, OWASP tools, Hydra, Netsparker, Wireshark, Apktool, nikto, Cloudbrute , Kali Linux tools, Frida, MobSF, or comparable technologies
- Familiar with Cloud Platform such as GCP, AWS
- Tools familiarity : Python, Bash, TerraFrom, Ansible, GitHub, Jenkins, Artifactory, Jira, Terraform, Git, BurpSuite, Hydra, Nessus, NMap, Metasploit, Frida, MobSF