← All jobs

Security Engineer, Penetration Tester

StraitsX · Jakarta, Jakarta, Indonesia

onsitefull-timemid level

About this role

About The Role

We are looking for a mid-level Security Engineer (Penetration Tester) to join our Security team in Jakarta, Indonesia. You will play a key role in strengthening our security posture by performing hands-on penetration testing, identifying real-world risks, and working closely with engineering teams to drive remediation. This role is ideal for someone who is technically strong, detail-oriented, and eager to continuously sharpen their offensive security skills in a collaborative environment.

What You Will Do

  • Plan and execute penetration tests across networks, systems, and web/mobile applications
  • Lead or independently handle penetration testing engagements from scoping to reporting
  • Analyze vulnerabilities, assess risk impact, and produce clear, actionable remediation recommendations
  • Collaborate with developers, infrastructure, and security teams to address findings throughout the SDLC
  • Support security incident response activities when required
  • Continuously research emerging threats, attack techniques, and testing methodologies
  • Contribute to improving internal penetration testing tools, playbooks, and processes

What We Are Looking For

  • Bachelor’s degree in Computer Science, Information Security, or a related technical field
  • Minimum 2 years of hands-on experience in penetration testing or offensive security roles
  • Proven experience conducting penetration tests for web and mobile applications
  • Certification: OSCP or CREST (or equivalent recognized offensive security cert)
  • Strong proficiency with tools such as Burp Suite, Metasploit, Nmap, and Wireshark
  • Solid understanding of security standards and frameworks (OWASP Top 10, NIST, CIS)
  • Strong analytical skills with the ability to clearly explain security risks to technical and non-technical stakeholders
  • Experience with secure coding practices, code review, or SAST/DAST tools is a plus
  • Ability to script or automate using Python, Golang, Ruby, or JavaScript is a plus
  • Familiarity with cloud security concepts (AWS, GCP, or Azure) is a plus
  • Experience with CTF competitions, bug bounty triage, or vulnerability disclosure programs is a plus

About StraitsX

StraitsX is a leading digital payment infrastructure provider that is powering trusted, programmable finance across borders and blockchains globally. As a Major Payment Institution licensed by the Monetary Authority of Singapore and one of the first stablecoin issuers under the Stablecoin Issuance Framework (SCS), StraitsX sets new standards for regulatory clarity and operational integrity. Through its issuance of XSGD and XUSD stablecoins, StraitsX enables institutions, fintechs, and Web3 platforms to move value seamlessly across currencies, networks, and jurisdictions. Its modular infrastructure, including APIs, liquidity rails, and tokenised settlement systems, supports real-world adoption of stablecoins at scale while abstracting technical complexity. Operating in a highly regulated environment, StraitsX partners with global businesses and developers to deliver interoperable, reliable, and future-ready payment solutions—bridging the gap between traditional finance and the digital economy.

Website

Jobb.ai is an independent skill benchmarking platform. Applications are submitted on the employer's official website.