Gojek sedang merekrut seorang

Red Teamer-Team6 Specialist

Loker ini dibuat lebih dari 2 bulan yang lalu
Cek ketersediaan dengan klik lamar. Tidak tersedia? Cek loker lain di Jakarta.
About the Role

If you’re looking to be a part of a dynamic, highly-analytical team and an opportunity to dive deep into projects surrounding information security, look no further. As our Red Team Specialist for GoTo Financial, you’ll take the wheel in ensure product security for Gojek. Along with Perform a thorough documentation on how vulnerabilities were exploited, you will be in charge of assist in identifying, tracing and neutralizing the active threats. Working closely with Blue Team, you will get to manage unique security incidents. The cherry on top: you’ll get to be a part of a team that works to create project with higher degree security assessments.


What Will You Do

  • Actively involved as an individual contributor specialist and subject matter experts from the beginning to the end such as: (1) upon request, during an active incident response of a real attack,  (2) data/system breaches,  (3) catastrophic system failures due to cyberattack, and  (4) involved early in any strategic or sensitive projects that required higher degree of security assessments from the adversaries’ attack point of view
  • Dedicatedly assist in identifying, tracing and neutralizing the active threats
  • Perform a thorough documentation on how vulnerabilities were exploited and what changes should be made to prevent that from being exploited again
  • Assist/participate in presenting the findings to multiple stakeholders involved in the study and/or incidents
  • Proactively identify (and attempt to exploit) multiple vulnerabilities that are affecting the system and data security of our business
  • Obtain a realistic understanding of the risks that our business can face including training used to prepare employees for cyber incidents
  • Ensure that you upkeep required training regimens within Team6 and across the rest of the Red Team members
  • Conducting regular purple teaming exercises together with the Blue Team.

What Will You Need

  • At least 3 years of experience in ethical hacking (active exploitation), manual penetration testing and/or red teamer operations covering at least two of the following domains: infrastructure, operating systems, web app, mobile app, software bug testing
  • A decent level of code/programming experience (e.g.: write/modify exploit codes, trace and debugging traditional/OOP/API style programming).A strong hacker mindset including social engineering, logical and creative thinking (outside of the box) and unconventional thought processes when playing the devil advocates
  • Strong dedication and desire to understand how things work, on a very deep level
  • Experience with the red teaming aspect of technical writing documentation of the findings to multiple levels of stakeholders (from engineering to executive)Prior experience in designing and/or conducting technical training
  • Hands-on experience in at least two of the following domains: Infrastructure Hardening (Cloud & On-Premise), Vulnerability Research, Social Engineering, Reverse Engineering, Active Exploitation, Exploit Development, DevSecOps (incl. CI/CD)
  • Having professional certification(s) related to red-teaming such as GIAC (GPEN, GCPN, GWAPT, GMOB, GXPN) or Offensive Security (OSCP, OSEP, OSWA/E, OSED/OSMR ) is bonus point
About The Team

Our Red Team, a sub-pod of the GoTo Financial Security, based in Singapore. The Red Team Charter to help hedge against surprise, particularly catastrophic surprises - by not only playing the adversary, but also devil's advocate and related roles. The team challenge complacency or unthoughtfulness in security-by-design principles and discover weaknesses before real adversaries do.

Team6 is a subset (special tactical force) of GoTo Financial’s Red Team which not only delivered regular operations as red teamers, but is also a highly trained quick-reaction’s squad to be deployed in challenging and/or unique security incidents, special situations and/or projects in which a higher degree of security assessments from the adversaries’ attack point of view is required.

About Gojek

Gojek is a Super App. It is one app for ordering food, commuting, digital payments, shopping, hyper-local delivery, and a dozen other products. We are Indonesia’s first decacorn. We are  also the only Southeast Asian startup to be part of Fortune's list of 'Companies That Changed The World.'

Our Mission: To create and scale positive socio-economic impact for our customers, driver-partners, business, and MSMEs.

As of 2018, Gojek processed more than $9 billion in annualized gross transaction value across all markets where it operates - in Singapore, Vietnam, and Indonesia. We have the largest food delivery product in Asia (outside of China) and is the largest payments wallet in Southeast Asia.

Gojek contributed IDR 249 T to the Indonesian economy (equivalent to 2% of Indonesia's GDP in 2020). As of Q1 2021, the Gojek App witnessed over 190mn downloads by customers. The platform has over 2mn Driver Partners & ~900000 Merchant Partners across SEA.

About GoTo Financial

GoTo Financial brings secure, reliable, and user-friendly financial solutions to over 55 million monthly active users, more than 14 million merchants, and over 2.5 million driver-partners eager to benefit from the digital economy in the GoTo ecosystem.

GoTo Financial’s consumer services include GoPay, GoPayLater, and other financial services. We also serve businesses of all sizes through leading payment gateway Midtrans, Indonesia’s largest cloud POS network Moka and GoKasir. We also have the all-in-one merchant solution GoBiz, GoBiz Plus, GoStore, and Selly - available in Indonesia and Southeast Asia.

Gojek and GoTo Financial are committed to building a diverse and inclusive workplace and are equal opportunity employers. We do not discriminate on the basis of race, religion, national origin, gender, gender identity, sexual orientation, disability, age, education status, or any other legally protected status.
Silakan referensi bahwa Anda menemukan lowongan kerja ini di Fungsi.id, ini membantu kami mendapatkan lebih banyak lowongan kerja berkualitas di sini, terima kasih!
Jenis kontrak
Full Time
Lokasi
Tanggal posting
5 Agustus, 2022