Back to job search

Audit Cybersecurity Assurance Specialist (Penetration Tester)

PT Bank Jago Tbk
PT Bank Jago Tbk (Jakarta, Jakarta, Indonesia)
DKI Jakarta, Indonesia 🇮🇩
PT Bank Jago Tbk
Since 1992, we only think about two things: to build the future and to grow with everyone. This has been our only aim from the very start. As a tech-based bank, we see finance from a life perspective, creating products that actually help customers with their daily pains. Enabled by cutting-edge technology, we aim for breakthroughs in the financial world; ones that are able to enhance the growth of millions.

About this position

Jago is a fully digital bank that leverages modern technology to provide innovative and reliable financial services. As a Cybersecurity Assurance Specialist, you will play a critical role in ensuring the cybersecurity health of the organization while collaborating with a diverse team to address relevant challenges.

Responsibilities

• Participates in a broad range of review and assurance activities to assess the cybersecurity posture of the Bank and identify control weaknesses.
• Perform ethical hacking activities (e.g., mobile/web application pentest, infrastructure testing, including custom assessments etc.) as part of the cyber security audit, and design attack scenarios for state-of-the-art technologies.
• Work closely with security experts from multiple industries to improve their solutions by tackling the root cause of the issues and find innovative solutions to modern challenges.
• Highlight important observations, translate technical findings into management information so that they can take effective actions.
• Validate appropriate implementation of cybersecurity controls.
• Conduct research on latest developments in IT security technologies and threats.
• Acts as a trusted advisor to the IT / Cybersecurity organization and management.

Requirements

• 5 years of working experience as Information Security Specialist, Pentester or IT Auditors.
• Experience with one or more of the following aspects: application and software security, blue / red teaming, industrial security controls, network security, IT operations, penetration testing, risk and vulnerability assessment, investigative techniques, authentication and access management systems, etc.
• Demonstrated experience in capture the flag (CTFs) events, bug hunting or vulnerability research (CVEs) is a plus.
• Professional security certification(s) such as CISA, CISSP, OSCP, GIAC will be an advantage.
• Experience with security penetration testing tools e.g. Nessus, Metasploit, Burp Suite etc.
• Experience with various operating systems i.e.: Linux, Unix, Windows, as well with languages like Bash, Python, Ruby, Powershell, Java, and C++ / C# etc.
• Knowledge on standard and advanced defense & remediation techniques and processes (i.e. OWASP, NIST, ATT&CK).
• Practical experience on DevSecOps tools like Puppet, Jenkins, Git, Docker, or Kubernetes, SAST, DAST, etc.