Security Engineer (Red Team)

About the Role

The Software Security Engineer plays an essential role in protecting Amartha from evolving cyber threats. You will be part of our dynamic security team, focusing on identifying and mitigating security risks across our technology stack.

About the Team

Our Information Security team consists of dedicated security professionals who prioritize security and privacy by design. We work closely with development teams to enable secure product development while maintaining operational efficiency.

Primary Responsibilities

• Execute vulnerability assessments and penetration tests across web applications, APIs, and mobile platforms
• Implement and maintain security controls in cloud environments (GCP, AWS)
• Develop automation scripts and tools to enhance security processes
• Perform security code reviews and threat modeling
• Support our bug bounty program through triage and validation
• Monitor systems for security anomalies and investigate potential incidents
• Collaborate with development teams to remediate security findings

Growth & Development

• Mentorship from experienced security engineers
• Certification and training support
• Hands-on experience with modern security tools and challenges
• Clear career advancement path within the security team

Required Skills

• 3+ years of hands-on security testing or software development experience
• Strong understanding of web security fundamentals and OWASP Top 10
• Proficiency in at least one scripting/programming language (Python, Bash, or Go)
• Experience with security testing tools (Burp Suite, OWASP ZAP)
• Basic understanding of cloud security concepts
• Ability to clearly communicate technical findings to various stakeholders
• Fast learner with passion for cybersecurity
• Self-motivated to stay updated with security trends and threats

Preferred Qualifications

• Security certifications (eJPT, OSCP, CEH)
• Experience with cloud platforms (AWS, GCP)
• Knowledge of CI/CD pipelines and DevSecOps practices
• Mobile application security testing experience
• Familiarity with infrastructure as code (Terraform, Ansible)

Technical Environment

• Security Tools: Burp Suite, Metasploit, Nmap, MobSF, Frida
• Development Tools: Git, GitHub, Jenkins
• Cloud Platforms: AWS, GCP
• Programming Languages: Python, Bash, Go

At Amartha, we are dedicated to creating a workplace that celebrates diversity, ensures equity, and fosters inclusion. We believe that diverse perspectives—shaped by factors such as gender, age, race, ethnicity, education, culture, and life experiences—drive innovation and growth.

We actively welcome individuals from all backgrounds to join us in building an environment where everyone feels respected, valued, and empowered. Our commitment is to provide equal opportunities and foster a sense of belonging that enables our employees to thrive and make meaningful contributions.