Offensive Security Engineer

About the Role

As a member of the Offensive Security Team you'll help secure GoTo from threats and improve its cyber resilience. Utilizing your expertise you'll uncover security vulnerabilities and weaknesses in People, Process and Technology within the GoTo's environment by working on various Offensive Security Assessments. You'll be closely working with Engineering Teams which will help you gain a comprehensive understanding of how things are built, which you can leverage to find out security weaknesses. Moreover you would also be collaborating with other Information Security Teams on initiatives to help improve the security posture of GoTo.

What You Will Do

• Conduct regular Web Application, Mobile Application, and Network penetration tests independently or as part of the team.
• Participate in Red Team and Blue Team exercises to enhance the organization’s detection and response capabilities.
• Validate submissions as part of the Bug Bounty Program.
• Provide support during Security Incidents to uncover root causes and provide recommendations for detection and prevention.
• Perform thorough, clear, and concise documentation of assessment findings and remediation recommendations.
• Communicate and collaborate effectively with Engineering and other Security Teams to share findings and help prioritize remediation.
• Keep current with the latest Attack methodologies, Vulnerabilities, Tools, and Security Threats.

What You Will Need

• 2+ years of experience performing Offensive Security Assessments - covering at least two of the following domains: web application security, mobile application security, web/mobile application development and infrastructure security.
• Proven penetration testing capabilities in an enterprise environment and a strong understanding of OWASP Web and Mobile Security Standards.
• Possess an adversary mindset with a good understanding of the Objective, behavior, and TTPs of threat actors.
• Experience reporting assessment findings and providing pragmatic recommendations for remediation.
• Experience reading and writing code in at least one programming language - Golang, Java, Swift and Objective C
• Ability to write/modify Offensive Security tools, exploit codes, and develop capabilities to support adversarial emulation.
• Experience with evading enterprise-grade defenses such as EDR, Email Security, and Network Controls.
• Experience with cloud platforms such as AWS, GCP, or Azure.
• Good verbal communication skills to interact with the team and stakeholders effectively, and good written skills to write clear and concise reports.
• Having professional certification(s) related to Offensive Security such as GIAC (GPEN, GCPN, GWAPT, GMOB, GXPN) or OffSec (OSCP, OSEP, OSWA, OSWE, OSED, OSMR ) or CREST (CCSAS, CCT-INF) or Zero-Point Security (CRTO, CRTL) is a bonus.

About the Team

The Offensive Security Team performs various assessments to proactively identify vulnerabilities and weaknesses in GoTo’s Applications, Systems, and Networks before adversaries. The Team works on initiatives to enhance the Threat Prevention, Threat Detection, and Incident Response capabilities of GoTo.

About GoTo Group

GoTo Group is the largest digital ecosystem in Indonesia with its mission to “Empower Progress’ by offering technological infrastructure and solutions for everyone to access and thrive in the digital economy. The GoTo ecosystem consists of on-demand transportation services, food and grocery delivery, logistics and fulfillment, as well as financial and payment services through the Gojek and GoTo Financial platforms.It is the first platform in Southeast Asia that hosts these crucial cases in a single ecosystem, capturing the majority of Indonesia’s vast consumer household.

About Gojek

Gojek is Southeast Asia’s leading on-demand platform and pioneer of the multi-service ecosystem with over 2.5 million driver partners across the regions offering a wide range of services such as transportation, food delivery, logistics and more. With its mission to create impact at scale, Gojek is committed to resolving consumer problems and raising standards of living by connecting consumers to the best providers of goods and services in the market.

About GoTo Financial

GoTo Financial accelerates financial inclusion through its leading financial services and merchants solutions. Its consumer services include GoPay and GoPayLater and serve businesses of all sizes through Midtrans, Moka, GoBiz Plus, GoBiz, and Selly. With its trusted and inclusive ecosystem of products, GoTo Financial is open to new growth opportunities and aims to empower everyone to Make It Happen, Make It Together, Make It Last.

GoTo and its business units, including Gojek and GoToFinancial ("GoTo") only post job opportunities on our official channels on our respective company websites and on LinkedIn. GoTo is not liable for any job postings or job offers that did not originate from us. You should conduct your own due diligence to prevent being victims of any fake job scams, if they did not originate from GoTo's official recruitment channels.