Location:
Indonesia
Department: Security & Risk Management
Location: Indonesia
$ads={1}
Job Description
We are looking for a candidate with strong technical background and experience in offensive security: penetration testing and red teaming. Successful candidate will join Lazada’s regional Security Testing Team, in charge of application security testing (web, mobile, internal), systems and infrastructures assessment, attack simulation (red teaming) and vulnerability management.What we will offer you?
Responsibilities:
- Trainings and a personal career development
- A dynamic working environment constantly evolving using modern technologies (cloud computing, big data, AI) and where you will be able to achieve a lot
- A flexible working environment
Responsibilities:
- Perform manual Penetration Tests against internal / external Lazada assets including network, servers, applications and web services.
- Conduct internal and external red and purple team engagements.
- Assess security vulnerabilities to identify appropriate remediation: patching, configuration change, deprecation or exception.
- Leverage enterprise tools to perform vulnerability scans of Lazada assets (systems & applications)
- Reporting on project and operational metrics. Document security flaws including technical details and providing remediation recommendations.
- Keep up to date on latest tools, techniques, and procedures used by hackers and adapt our defence accordingly. Serve as a subject matter expert in offensive security techniques.
Job Requirements
Requirements/Qualifications(must have):
Requirements/Qualifications(good to have):
Good to have:
- BS/MS, preferably in computer science or information systems, or equivalent work experience
- Demonstrated in-depth experience in the following areas of technical competency:
- Web application and web service testing
- Network infrastructure penetration testing
- Mobile application security testing (Android / iOS)
- Adversarial attack simulations (Red / Purple Teaming)
- Thick client assessment and reverse engineering
- Assessment of cloud platforms such as Alibaba Cloud, AWS, Azure or Google Cloud Platform
- Knowledge of secure design methodologies (such as threat modelling and attack surface enumeration)
- Previous experience in a security consultant, analyst, engineer, architect or a similar role
- Excellent communication and interpersonal skills
- Able to travel on occasion in South-East Asia and China
Requirements/Qualifications(good to have):
Good to have:
- Passionate about cybersecurity, eager to research and learn about information security trends and new offensive techniques and best practices.
- Professional offensive security certifications including OSCP, OSCE, OSWE, CREST CRT, GIAC (GXPN, GWAPT, GPEN, GMOB) others are an asset
- Willingness to work toward obtaining additional credentials and ability to pass on experiential knowledge and wisdom to the team.
- Development / code review experience – Python, Java, C, C#, Shell Scripting, etc.
- High degree of integrity, commitment, adaptability and initiative.
$ads={2}
