Scope of Work
- Ensure security is integrated into each phase of the software development lifecycle, from design to deployment.
Conduct regular vulnerability assessments and code reviews to identify and mitigate security risks in applications. - Develop threat models for applications to predict potential vulnerabilities and design effective security controls.
Perform security testing, including static and dynamic analysis. - Investigate and respond to security incidents related to applications, including analyzing breaches and preparing lessons learned analyses.
- Educate developers on secure coding practices and the importance of application security
- Work closely with DevOps teams to implement security measures in CI/CD pipelines and automate security testing.
- Ensure that applications comply with relevant security standards and regulations (e.g., OWASP, GDPR).
- Should be familiar with multiple operating systems like Windows, Unix, and Linux, and comfortable working in complex heterogeneous systems environment.
General Requirements
- Bachelor’s degree in Computer Science, Software Engineering, Information Security, or a related field.
- Minimum of 1 to 3 years of experience in application security or software development with a focus on security
- Strong understanding of secure coding practices, web application security, and common vulnerabilities (e.g., OWASP Top 10).
- Proficiency with security testing tools (e.g., Burp Suite, OWASP ZAP, Fortify, Snyk, etc.).
Have experience with programming and scripting languages (e.g., Python, PHP, JavaScript, Shell or Bash Scripting, etc.). - Strong analytical and problem-solving abilities to identify security issues and propose practical solutions.
High level of attention to detail, particularly in identifying and mitigating security risks in code.
Great Value to Have - Knowledge of securing applications in cloud environments such as AWS, Azure, or Google Cloud.
- Hands-on experience in integrating security into DevOps practices (DevSecOps).
- Experience creating complex threat models for large-scale applications.
- A solid understanding of cryptographic principles and their application in securing sensitive data.
- Knowledge of working with compliance frameworks like NIST, and CMM2.
- Knowledge and experience in securing mobile applications on platforms like iOS and Android.
- Related certifications such as CEH are highly desirable.
- Have an understanding of the Indonesia Personal Data Protection Act (UU PDP).
- Proficiency in English.
