Security Engineer - Penetration Tester

Job Overview

We are looking for smart, talented, and self-motivated cyber security professionals to join our fast-growing

Security Operations team at Axiata. As an Offensive security engineer, you will be working with companies

across Southeast Asia to solve security challenges at scale and speed. If you are passionate about all things

cyber security and looking for an exciting every day, then this role is for you!

Responsibilities and Duties

• Perform manual penetration tests of websites, services, infrastructure, and networks to discover and
• exploit vulnerabilities
• Clearly document and communicate findings and remediation recommendations to the
• application/service owners
• Liaise with internal stakeholders to ensure timely delivery of security assessments
• Perform regular VA/PT of web, mobile and desktop applications
• Identify the internet exposure of our operating companies and constantly evaluate the security posture
• Document vulnerabilities, impact, and recommendations in a systematic manner
• Take on security challenges, take ownership of them and drive them to completion

Qualifications

• 3+ years of experience performing vulnerability assessments and penetration testing on
• Web/Mobile/Desktop applications
• Excellent understanding of OWASP Top 10 vulnerabilities and its mitigations
• Clear understanding of networking fundamentals: OSI layers, TCP/IP, protocols, etc.
• Experience working on a GNU/Linux based penetration testing operating system and the command line
• (such as Kali Linux, Parrot, BlackArch, etc.)
• Experience with automation scripting and fluent in at least one programming/scripting language
• Experience working on open-source and commercial tools like Burp Suite, OWASP ZAP, Nessus, etc.
• Good spoken and written English skills

Bonus Points

• Security certifications: OSCP, OSCE, CRTP, GIAC certs or equivalent
• Knowledge of Windows penetration testing: Active Directory, Azure AD
• CVE publications, knowledge of exploit development
• Talks/workshops organized at security conferences
• Excellent bug bounty track record
• Open-source contributions made to security tools, scripts & solutions
• Development background and code review capabilities
• Experience with ICS/IoT penetration testing