Senior Security Engineer

About the Role

The Security Engineer plays a crucial role in Amartha. You will be the warrior who will spearhead various Information Security programs to protect Amartha from internal and external threats.

About the Team

The Information Security team in Amartha is a group of dynamic, highly analytical individuals who are mindful in driving security and privacy by design within the various aspects of product lifecycle and engineering processes. We are passionate about being the security enabler of Amartha’s systems.

Job Description / What Will You Do

• Identify current and emerging technology issues including security trends, vulnerabilities, and threats through various security assessment activities (including but not limited to penetration testing, vulnerability assessment, etc.)
• Recognize complex technical issues and manage them within a fast-paced business environment.
• Perform proactive investigations to analyze security weaknesses and recommend appropriate strategies.
• Conduct threat intelligence activities.
• Work closely with internal and external teams to implement security solutions.
• Acquire and implement new technological solutions to enhance organizational security posture.
• Identify, define, and document system security requirements and recommend solutions.
• Monitor systems for irregular behavior and set up preventive measures.
• Manage the bug bounty program.
• Enhance the effectiveness of security-related processes through automation and orchestration.

Requirements

• 5+ years of related job experience.
• Excellent analytical and interpersonal skills.
• Ability to express technical information clearly at different organizational levels.
• Relevant certifications are preferable (e.g., CEH, OSCP, eCPPT, Ejpt, etc.).
• Advanced knowledge in API Security, Mobile/Application Security, and Cloud Security.
• Advanced knowledge in security adversarial techniques, tactics, and procedures.
• Experience in conducting Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST).
• Experience in scripting using Python, Bash, and Go.
• Highly skilled with strong hands-on experience with various security assessment tools such as Metasploit, BurpSuite, ZAP, OWASP tools, Hydra, Netsparker, Wireshark, Apktool, nikto, Cloudbrute, Kali Linux tools, Frida, MobSF, or comparable technologies.
• Familiarity with Cloud Platforms such as GCP and AWS.
• Tools familiarity: Python, Bash, Terraform, Ansible, GitHub, Jenkins, Artifactory, Jira, Terraform, Git, BurpSuite, Hydra, Nessus, NMap, Metasploit, Frida, MobSF.