Company Name: PT Esha Parama Teknologi
Location: Jakarta Raya
Posted Date: 03/10/2024 14:47
Salary:
Job Description
- Scope of Work
- Ensure security is integrated into each phase of the software development lifecycle, from design to deployment.
- Conduct regular vulnerability assessments and code reviews to identify and mitigate security risks in applications.
- Develop threat models for applications to predict potential vulnerabilities and design effective security controls.
- Perform security testing, including static and dynamic analysis.
- Investigate and respond to security incidents related to applications, including analyzing breaches and preparing lessons learned analyses.
- Educate developers on secure coding practices and the importance of application security
- Work closely with DevOps teams to implement security measures in CI/CD pipelines and automate security testing.
- Ensure that applications comply with relevant security standards and regulations (e.g., OWASP, GDPR).
- Should be familiar with multiple operating systems like Windows, Unix, and Linux, and comfortable working in complex heterogeneous systems environment.
- General Requirements
- Bachelor’s degree in Computer Science, Software Engineering, Information Security, or a related field.
- Minimum of 1 to 3 years of experience in application security or software development with a focus on security
- Strong understanding of secure coding practices, web application security, and common vulnerabilities (e.g., OWASP Top 10).
- Proficiency with security testing tools (e.g., Burp Suite, OWASP ZAP, Fortify, Snyk, etc.).
- Have experience with programming and scripting languages (e.g., Python, PHP, JavaScript, Shell or Bash Scripting, etc.).
- Strong analytical and problem-solving abilities to identify security issues and propose practical solutions.
- High level of attention to detail, particularly in identifying and mitigating security risks in code.
- Great Value to Have
- Knowledge of securing applications in cloud environments such as AWS, Azure, or Google Cloud.
- Hands-on experience in integrating security into DevOps practices (DevSecOps).
- Experience creating complex threat models for large-scale applications.
- A solid understanding of cryptographic principles and their application in securing sensitive data.
- Knowledge of working with compliance frameworks like NIST, and CMM2.
- Knowledge and experience in securing mobile applications on platforms like iOS and Android.
- Related certifications such as CEH are highly desirable.
- Have an understanding of the Indonesia Personal Data Protection Act (UU PDP).
- Proficiency in English.