← All jobs

Purple Team Security Engineer (Security Operations & Offensive Research)

StraitsX · Jakarta, Jakarta, Indonesia

onsitefull-timemid level

About this role

About The Role

As a Mid Security Engineer (Purple Team) at StraitsX, you will support both offensive and defensive security efforts to help continuously validate our security controls. This role goes beyond one-off testing and focuses on learning how real-world attacks work and how they can be detected and mitigated. You will work closely with Red Team and Blue Team members to run security tests, analyze results, and improve visibility across our cloud and fintech systems.

What You Will Do

  • Participate in adversarial emulation and penetration testing activities under guidance from senior team members.
  • Execute security testing focused on AWS cloud infrastructure, applications, and APIs.
  • Assist in translating penetration testing results into basic detection rules and alerts using tools such as Datadog and AWS security services.
  • Review logs and security telemetry to help identify gaps in detection and monitoring.
  • Document vulnerabilities clearly, including reproduction steps, impact, and recommended remediation.
  • Support Blue Team activities by helping validate alerts, monitoring rules, and incident response playbooks.
  • Contribute small automation scripts to improve security testing or validation workflows.

What We Are Looking For

  • At least 2 years of experience in offensive security, defensive security, or hands-on security engineering roles.
  • Practical experience with network, web application, and API penetration testing fundamentals.
  • Ability to manually exploit common vulnerabilities with guidance, not solely rely on automated scanners.
  • Basic understanding of AWS security concepts, including IAM, networking, and logging.
  • Familiarity with security logs such as CloudTrail, VPC Flow Logs, application logs, or Syslog.
  • Exposure to SIEM, EDR, or security monitoring tools (e.g. Datadog Security, Splunk, ELK).
  • Basic scripting skills in Python, Bash, or Go, with willingness to learn automation best practices.
  • Interest or early exposure to fintech or blockchain security concepts is a plus.
  • OSCP certification is a plus

About StraitsX

StraitsX is a leading digital payment infrastructure provider that is powering trusted, programmable finance across borders and blockchains globally. As a Major Payment Institution licensed by the Monetary Authority of Singapore and one of the first stablecoin issuers under the Stablecoin Issuance Framework (SCS), StraitsX sets new standards for regulatory clarity and operational integrity. Through its issuance of XSGD and XUSD stablecoins, StraitsX enables institutions, fintechs, and Web3 platforms to move value seamlessly across currencies, networks, and jurisdictions. Its modular infrastructure, including APIs, liquidity rails, and tokenised settlement systems, supports real-world adoption of stablecoins at scale while abstracting technical complexity. Operating in a highly regulated environment, StraitsX partners with global businesses and developers to deliver interoperable, reliable, and future-ready payment solutions—bridging the gap between traditional finance and the digital economy.

Website

Jobb.ai is an independent skill benchmarking platform. Applications are submitted on the employer's official website.