Security Engineer (Red Team)

Qiscus is an AI-powered omnichannel customer engagement platform that enables businesses to meet the rising expectations for exceptional Customer Experiences (CX) by facilitating timely and intuitive conversations at scale.

The Security Engineer (Red Team) plays a critical role in guiding the technical security aspects within the Qiscus system.

Hence, we require a person who possesses great technical experiences in information security who has a keen eye for detail to work closely with our high-performing teams.

If you find yourself fitting this role, come join us!

What You Will Do

• Continuously monitor, identify and address security gaps in all Qiscus’ products and services to mitigate potential threats. 
• Plan, perform and review detailed security risk assessments and penetration testing based on realistic threats to Qiscus’ systems. This includes maintaining the documentation and providing actionable recommendations resulting from such processes.
• Automate attack techniques by creating custom tooling for specific operations processes and contribute to security automation for general purposes.
• Lead the identification and exploitation of security vulnerabilities in a wide array of systems in a variety of situations. This includes keeping up to date with recent security trends.
• Collaborate with relevant teams such as Product and Integration team to produce and update secure SDLC based on applicable laws and regulations, including a security code review.
• Work together with non-technical teams on security operations processes and policy revamps, and
• Provide complex technical security concepts to technical and non-technical audiences including C-levels, clients, partners and relevant stakeholders.

What You Will Bring to the Role

• A minimum of a Bachelor’s Degree from Computer Science, Information Technology or relevant disciplines. 
• Minimum 2 years experience as part of Red Teams, preferably with a B2B SaaS background. Candidates with CEH and/or PenTest+ certification will be highly considered.
• Experienced in automating tasks using multiple programming languages such as Python, Ruby, Java and others.
• Experienced in exploiting vulnerabilities in at least two of the following areas: web applications, cloud environments (GCP / AWS), Linux and/or MacOS workstations, and network security. These include experience in manual attack and penetration testing.
• Familiar with Metasploit, Mandiant, BloodHound, SQLMaps and/or similar tools.
• Has excellent and professional communication skills, both written and verbal, with an ability to articulate complex topics in a clear and concise manner.

• Willing to be based in Yogyakarta, Indonesia.