Security Engineer - Penetration Tester (Red Team)
Jubelio
- Penuh waktu
- Hybrid • Jakarta Selatan
- Rp10.000.000 – 15.000.000
Tidak Perlu Sign Up!
Deskripsi Pekerjaan
We're building our security function from the ground up, and this is the first dedicated security hire. You'll own the penetration testing practice across our product suite and work directly with the Head of Engineering to shape how the security team grows. This role has a clear path to leading the team.
This isn't a role where you run scans and file tickets. You're the person who defines what security looks like at Jubelio. You'll have direct influence on team structure, tooling choices, and long-term strategy — with a real path to becoming Security Lead as the team grows.
You'll be conducting regular security assessments across our core products:
- Jubelio Omnichannel — multi-tenant e-commerce platform
- Jubelio Store — storefront product
- Jubelio Shipment — logistics and courier integration layer
- Jubelio Chat — AI-powered merchant chatbot (includes LLM components)
- Jubelio POS — point of sale system
These are production SaaS products with real merchant and transaction. The bar is high.
Job Description:
- Plan and execute routine penetration tests across all Jubelio products — web, API, and mobile surfaces
- Identify vulnerabilities, document findings, and work with engineering teams to validate and remediate
- Develop and maintain a structured pentest schedule and methodology across product lines
- Perform threat modeling to prioritize attack surfaces that matter most for our business context
- Produce clear, actionable pentest reports for both technical and non-technical audiences
- Work with the Head of Engineering to define the security roadmap, team structure, and hiring plan as the team grows
- Establish security standards, tooling, and processes that will serve as the foundation for the team
Kualifikasi
- Min 2-4 years experience in Red Team / Penetration tester, security engineer, or other related positions.
- Solid hands-on penetration testing experience across web applications and APIs (OWASP Top 10 and beyond)
- Strong understanding of authentication and authorization flaws, particularly in multi-tenant SaaS architectures
- Experience with common pentest tooling — Burp Suite, Metasploit, Nmap, nuclei, or equivalent
- Able to read and understand code to identify vulnerabilities (gray-box / white-box testing)
- Familiar with cloud infrastructure attack surfaces (misconfigured storage, IAM, exposed services)
- Experience writing structured pentest reports that engineers can actually act on
- Strong communication skills — you'll be bridging security findings with product and engineering teams regularly
Nice to Have:
- Experience testing LLM-integrated products or AI chatbot surfaces (prompt injection, data leakage)
- Familiarity with e-commerce or fintech threat landscapes
- Relevant certifications: OSCP, CEH, eWPT, or equivalent
- Prior experience building or leading a security practice
Tips Menjaga Diri
Perusahaan dan Lowongan di Dealls tidak meminta data pribadi, informasi rekening, atau pungutan ketika melamar. Hindari juga lowongan Google Form / Grup Telegram tanpa keabsahan yang jelas.
An Omnichannel Platform for retailers and wholesalers. Our mission is to simplify your business by integrating back office, warehouse, marketplace, webstore and point of sales (POS) into one dashboard.
