Offensive Security Engineer

Job Description

Job ID: MJ000154

Job Description

Securing an organization and its information systems requires a holistic approach that includes continuous security verification, extending beyond standard testing and assessment methods. By assuming the role of a threat protector, the Information Security Team delivers valuable findings and insights with practical impact, which must be prioritized. Utilizing the latest Information Security technologies, the team continuously reviews everything within the organization; including applications, infrastructure, and business processes to identify potential loopholes that could be exploited by a real attacker to compromise the organization.

As an Information Security team member at Traveloka, your daily tasks encompass protecting and securing Traveloka's data and systems by developing policies, monitoring networks for threats, responding to incidents, performing penetration testing, managing firewalls & encryption, training staff, and ensuring compliance, requiring skills in risk assessment, incident response, security software, and keeping up with evolving threats to safeguard assets from internal & external risks. Your coverage area is comprehensive, protecting the organization from all sorts of threats.

We are seeking a candidate with robust cybersecurity technical expertise and solid understanding of cyber intrusion in an organization. This role is crucial for ensuring we stay abreast of the latest threats and are capable of identifying unique and complex challenges specific to Traveloka.

Job Requirements

• Proven track record of highly technical cybersecurity expertise such as CTF (Capture the Flag), bug bounty, publication, blog, open source security tool contribution, speaking engagement, or Information Security certification.
• Fluent in programming with any language and shell scripting.
• Experience in Windows security, Unix security, network security, and web application security is a must.
• Experienced in cloud computing like AWS and GCP is a plus.
• Experienced in red or purple team exercise is a plus.
• Able to practically demonstrate various security vulnerabilities, exploits, and attacks in web applications, computer infrastructure, and personal computers.
• Understand cybersecurity threats related to travel and tech industries.
• Excellent written and verbal communication skills
• Dedication to cybersecurity alongside a strong commitment to continuous learning about new technologies