- Ensure security is integrated into each phase of the software development lifecycle, from design to deployment.
- Conduct regular vulnerability assessments and code reviews to identify and mitigate security risks in applications.
- Develop threat models for applications to predict potential vulnerabilities and design effective security controls.
- Perform security testing, including static and dynamic analysis.
- Investigate and respond to security incidents related to applications, including analyzing breaches and implementing fixes.
- Educate developers on secure coding practices and the importance of application security.
- Work closely with DevOps teams to implement security measures in CI/CD pipelines and automate security testing.
- Ensure that applications comply with relevant security standards and regulations (e.g., OWASP, GDPR).
- Should be familiar with multiple operating systems like Windows, Unix and Linux, and comfortable with working in complex heterogeneous systems environments.
Requirements:
- Bachelor’s degree in Computer Science, Software Engineering, Information Security, or a related field.
- Minimum of 1-3 years of experience in application security or software development with a focus on security (Fresh Graduates are welcome).
- Strong understanding of secure coding practices, web application security, and common vulnerabilities (e.g., OWASP Top 10).
- Proficiency with security testing tools (e.g., Burp Suite, OWASP ZAP, Fortify, Snyk, etc.).
- Have experience with programming and scripting languages (e.g. Python, PHP JavaScript, Shell or Bash Scripting, etc.).
- Strong analytical and problem-solving abilities to identify security issues and propose effective solutions.
- High level of attention to detail, particularly in identifying and mitigating security risks in code.
- Knowledge of securing applications in cloud environments such as AWS, Azure, or Google Cloud is a plus
- Hands-on experience in integrating security into DevOps practices (DevSecOps) is a plus
- Expertise in creating complex threat models for large-scale applications is a plus
- Strong understanding of cryptographic principles and their application in securing data is a plus
- Experience working with compliance frameworks like NIST, and C2M2 is a plus
- Knowledge and experience in securing mobile applications on platforms like iOS and Android is a plus
- Relevant certifications such as CEH are highly desirable is a plus
- Have an understanding in the Indonesia Personal Data Protection Act (UU PDP) is a plus
- Proficiency in English is a plus
