Security Engineer (Red Team) - Mid/Senior
Security Engineer (Red Team) - Mid/Senior
The Associate Software Security Engineer plays an essential role in protecting Amartha from evolving cyber threats. You will be part of our dynamic security team, focusing on identifying and mitigating security risks across our technology stack.
About the Team
Our Information Security team consists of dedicated security professionals who prioritize security and privacy by design. We work closely with development teams to enable secure product development while maintaining operational efficiency.
Primary Responsibilities
- Execute vulnerability assessments and penetration tests across web applications, APIs, and mobile platforms
- Implement and maintain security controls in cloud environments (GCP, AWS)
- Develop automation scripts and tools to enhance security processes
- Perform security code reviews and threat modeling
- Support our bug bounty program through triage and validation
- Monitor systems for security anomalies and investigate potential incidents
- Collaborate with development teams to remediate security findings
Growth & Development
- Mentorship from experienced security engineers
- Certification and training support
- Hands-on experience with modern security tools and challenges
- Clear career advancement path within the security team
Requirements
Required Skills
- 2+ years of hands-on security testing or software development experience
- Strong understanding of web security fundamentals and OWASP Top 10
- Proficiency in at least one scripting/programming language (Python, Bash, or Go)
- Experience with security testing tools (Burp Suite, OWASP ZAP)
- Basic understanding of cloud security concepts
- Ability to clearly communicate technical findings to various stakeholders
- Fast learner with passion for cybersecurity
- Self-motivated to stay updated with security trends and threats
Preferred Qualifications
- Security certifications (eJPT, OSCP, CEH)
- Experience with cloud platforms (AWS, GCP)
- Knowledge of CI/CD pipelines and DevSecOps practices
- Mobile application security testing experience
- Familiarity with infrastructure as code (Terraform, Ansible)
Technical Environment
Security Tools: Burp Suite, Metasploit, Nmap, MobSF, Frida
Development Tools: Git, GitHub, Jenkins
Programming Languages: Python, Bash, Go
'/%3e%3cpath%20d='M101.744%2012.4726L102.894%2016.1947L99.0021%2013.2201L101.744%2012.4726ZM105.3%208.40937H100.488L99.0026%203.59473L97.5116%208.41047L92.7%208.40385L96.5965%2011.3834L95.1055%2016.1942L99.0021%2013.2196L101.408%2011.3834L105.3%208.40992V8.40937Z'%20fill='white'/%3e%3cdefs%3e%3clinearGradient%20id='paint0_linear_5593_1381'%20x1='90'%20y1='9.44471'%20x2='99'%20y2='9.44471'%20gradientUnits='userSpaceOnUse'%3e%3cstop%20stop-color='%2300AD70'/%3e%3cstop%20offset='0.998594'%20stop-color='%2300B67A'/%3e%3cstop%20offset='1'%20stop-color='%23DCDCE6'/%3e%3c/linearGradient%3e%3c/defs%3e%3c/svg%3e){kind=small}
job faster
