Security Engineer, Penetration Tester

About The Role

We are looking for a mid-level Security Engineer (Penetration Tester) to join our Security team in Jakarta, Indonesia. You will play a key role in strengthening our security posture by performing hands-on penetration testing, identifying real-world risks, and working closely with engineering teams to drive remediation. This role is ideal for someone who is technically strong, detail-oriented, and eager to continuously sharpen their offensive security skills in a collaborative environment.

What You Will Do

• Plan and execute penetration tests across networks, systems, and web/mobile applications
• Lead or independently handle penetration testing engagements from scoping to reporting
• Analyze vulnerabilities, assess risk impact, and produce clear, actionable remediation recommendations
• Collaborate with developers, infrastructure, and security teams to address findings throughout the SDLC
• Support security incident response activities when required
• Continuously research emerging threats, attack techniques, and testing methodologies
• Contribute to improving internal penetration testing tools, playbooks, and processes

What We Are Looking For

• Bachelor’s degree in Computer Science, Information Security, or a related technical field
• Minimum 2 years of hands-on experience in penetration testing or offensive security roles
• Proven experience conducting penetration tests for web and mobile applications
• Certification: OSCP or CREST (or equivalent recognized offensive security cert)
• Strong proficiency with tools such as Burp Suite, Metasploit, Nmap, and Wireshark
• Solid understanding of security standards and frameworks (OWASP Top 10, NIST, CIS)
• Strong analytical skills with the ability to clearly explain security risks to technical and non-technical stakeholders
• Experience with secure coding practices, code review, or SAST/DAST tools is a plus
• Ability to script or automate using Python, Golang, Ruby, or JavaScript is a plus
• Familiarity with cloud security concepts (AWS, GCP, or Azure) is a plus
• Experience with CTF competitions, bug bounty triage, or vulnerability disclosure programs is a plus