IT Security Engineer

Job Description:Conduct penetration testing, vulnerability assessments, and security analysis of web applications, APIs, and company infrastructure Identify and report security vulnerabilities with Proof of Concept (PoC) and mitigation recommendationsPerform code reviews and provide secure coding guidance to the development teamConduct threat modeling, risk analysis, security monitoring, and log analysis to detect anomaliesPrepare periodic technical and managerial security reportsDeliver security awareness training to employeesEnsure compliance with security standards and regulations (OWASP Top 10, ISO 27001, PCI DSS, PSME, and Personal Data Protection Law)Qualifications:Minimum Bachelor’s degree in Informatics Engineering, Information Systems, or related fields 1–3 years of experience in Information Security or Penetration TestingVerifiable bug bounty portfolio (HackerOne, Bugcrowd, Synack, etc.) or CTF achievementsProficient in OWASP Top 10, HTTP/HTTPS, and manual exploitation (SQLi, XSS, CSRF, SSRF, XXE, etc.) Expert in using Burp Suite, OWASP ZAP, and other security testing toolsProficient in programming languages such as Python, JavaScript, PHP, or Bash Strong understanding of API security (RESTful, GraphQL, OAuth, JWT)Excellent ability to clean code and detailed technical reports and PoCsCommunicative, detail-oriented, and highly integrity in handling sensitive data Preferred certifications: OSCP, eWPT, PNPT, CEH, or ISO 27001 Lead Implementer Familiar with compliance & governance concepts, including PSME and Personal Data Protection Law (UU PDP)Ready to work in Surabaya (WFO)