IT Security - Security Threat (Technology)
Tokopedia
- Kota Jakarta Selatan, IndonesiaJl. Prof. DR. Satrio, RT.11/RW.4, Kuningan, Karet Kuningan, South Jakarta City, Jakarta, Indonesia, Kota Jakarta Selatan, Daerah Khusus Ibukota Jakarta, IndonesiaKota Jakarta SelatanDaerah Khusus Ibukota JakartaIndonesiaIndonesia
- Toàn thời gianFULL_TIME
Đã hết hạn 4 years ago
2020-04-05T17:00:00+00:00Công việc đã đóng.
Miêu Tả Về Công Việc
- Identifying vulnerabilities in any applications and IT infrastructure components through penetration testing or any formats of security assessment, and determining risk of identified vulnerability to be handled properly by the other team
- Defining risk categories and respective treatment or communication plan to handle the vulnerability properly without harming the organisation due to longer response to remediate the vulnerability
- Developing a plan to conduct technical security assessments which might cover social engineering, vulnerability assessment, and penetration testing through several approaches (black box, grey box, or white box) to ensure the assessment is performed periodically
- Reviewing reported vulnerability identified by external party or any other team to validate it and doing follow up as necessary, in particular if the vulnerability is valid
- Managing overall processes of bug bounty program, from verifying the reported bug until requesting financial team to pay the valid bug to respective bug hunter
- Evaluating bugs identified by external party and thereafter providing recommendations to relevant teams that are responsible to prevent similar bugs occurred in the future, in order to improve our protection of critical information assets
- Reporting and communicating the identified vulnerabilities to management (for escalation purposes) or other teams (internal or external) that are responsible to remediate identified vulnerabilities, to discuss and acquire commitment of that party to remediate it immediately, particularly for high severity vulnerabilities
- Working closely with other teams that are responsible in developing or configuring the system to devise technical security assessment plan
- Helping or assisting other team that is responsible in fixing the vulnerability in order to expedite the remediation process and the identified vulnerability can be handled accordingly
- Improving the technical security assessment mechanism (normally called penetration testing) by learning other people's proof of concept and applying it to internal testing mechanism
- Capturing security public disclosures periodically and analyzing the implications to current security architecture of our organization
- Analyzing published vulnerabilities database to identify possible impacts to current used libraries, applications, or other parts of our architecture such as operating system, database, network appliance, etc
- Investigating and doing root cause analysis promptly towards security incidents, thereafter providing preventive controls to be applied by relevant team that is responsible in executing and monitoring the controls
- Conducting technical risk analysis and converting it into actionable monitoring recommendations to be conducted by a team that is responsible to monitor logs or events
- Being involved in public community or group to understand current security trends and developing improvement actions to improve security controls as part of protecting critical assets, thereafter reporting it to management to be followed up
- Working closely with teams that are managing security architecture of the organisation to understand the deployed components in the organization to be further analyzed, particularly in relation to vulnerabilities which might exist
- Notifying relevant parties to do necessary actions to improve security controls accordingly in order to avoid similar security incidents occurred in other organizations
- Examining security adversary techniques or the attack methodologies used by malwares, in order to develop defensive methodologies or controls
Trình độ tối thiểu
- Strong penetration testing / Red Team experience
- Experience performing discovery activities, attack planning, test execution, and detailed reporting on penetration testing scenarios and findings
- Proficient with Metasploit, Cobalt Strike, Canvas or equivalent framework
- Solid understanding of networking, TCP/IP, and virtualization
- Solid understanding of tactics and techniques for evading Intrusion Detection Systems and Security products
- Experience with Bash scripting and basic Perl, Java, or Python
- Experience with bounty program and preferred at least identified a valid bug on major platforms such as hackerone, bugcrowd, etc
- Able to communicate the identified vulnerabilities to other team members through easy and understandable explanation
- Preferably pose OSCP certification
Tóm tắt công việc
- Trình Độ Công Việc
- Mới Tốt Nghiệp/ Trình Độ Tập Sự
- Ngành Nghề
- IT and Software
- Yêu cầu học vấn
- Tốt nghiệp Cử nhân
- Nhà tuyển dụng trả lời hồ sơ
- Always
- Địa chỉ văn phòng
- Jl. Prof. DR. Satrio, RT.11/RW.4, Kuningan, Karet Kuningan, South Jakarta City, Jakarta, Indonesia
Feel secure when applying: look for the verified icon and always do your research on a company. Avoid and report situations when employers require payment or work without compensation as part of their application process.
Về Tokopedia
Tokopedia is an Indonesian technology company with a mission to democratize commerce through technology. We are the leading marketplace in Indonesia; we encourage millions of merchants and consumers to participate in the future of commerce.
Our vision is to build an ecosystem where everyone can start and discover anything with ease.
We are holding to these three principles that drive us forward. We call them our DNA, the traits that embody who we are as Tokopedia Nakama: Focus on Consumer, Growth Mindset, and Make it Happen, Make it Better