We're looking for a hands-on security doer — someone who scopes, executes, and evaluates security tests end-to-end, both manually and through automation. You will operate across Red, Blue, and Defense functions under the CISO.
Ideal profile
Self-driven, thinks like an attacker, communicates like a consultant. Comfortable owning security engagements independently while thriving in a collaborative Red+Blue team dynamic within a regulated financial institution.
Responsibilities:
- Execute penetration tests — network, web/mobile apps, APIs, cloud, AD — manually and via automated tooling
- Run vulnerability assessments and adversary simulations (MITRE ATT&CK / TIBER-ID aligned)
- Validate and tune defensive controls — SIEM, EDR, WAF, IDS/IPS — in collaboration with Blue Team
- Produce clear pentest reports: risk-rated findings with actionable remediation for both tech and exec audiences
- Track, re-test, and confirm fix effectiveness; close the loop on every finding
- Build and maintain automation scripts for recurring assessment workflows
Qualifications:
- 4+ years hands-on in pentesting and/or vulnerability assessment
- Proven executor — independently owns engagements from scoping to sign-off
- Fluent in both manual techniques and automation frameworks (scripting, CI-integrated scanning)
- Strong across: OWASP Top 10, network pentesting, Active Directory, cloud security (AWS/Azure)
- Familiar with OJK/BI security frameworks and banking compliance standards (a plus)
