Loker Jakarta Loker Jakarta
Kembali ke semua lowongan

Security Engineer - Penetration Tester (Red Team)

Jubelio

Jubelio

Lokasi

Jakarta Selatan

Tipe kerja

Hybrid

Gaji

Rp 10,000,000 - Rp 15,000,000

Deskripsi pekerjaan

We're building our security function from the ground up, and this is the first dedicated security hire. You'll own the penetration testing practice across our product suite and work directly with the Head of Engineering to shape how the security team grows. This role has a clear path to leading the team.


This isn't a role where you run scans and file tickets. You're the person who defines what security looks like at Jubelio. You'll have direct influence on team structure, tooling choices, and long-term strategy — with a real path to becoming Security Lead as the team grows.


You'll be conducting regular security assessments across our core products:

  • Jubelio Omnichannel — multi-tenant e-commerce platform
  • Jubelio Store — storefront product
  • Jubelio Shipment — logistics and courier integration layer
  • Jubelio Chat — AI-powered merchant chatbot (includes LLM components)
  • Jubelio POS — point of sale system

These are production SaaS products with real merchant and transaction. The bar is high.


Job Description:


  • Plan and execute routine penetration tests across all Jubelio products — web, API, and mobile surfaces
  • Identify vulnerabilities, document findings, and work with engineering teams to validate and remediate
  • Develop and maintain a structured pentest schedule and methodology across product lines
  • Perform threat modeling to prioritize attack surfaces that matter most for our business context
  • Produce clear, actionable pentest reports for both technical and non-technical audiences
  • Work with the Head of Engineering to define the security roadmap, team structure, and hiring plan as the team grows
  • Establish security standards, tooling, and processes that will serve as the foundation for the team

Tanggung jawab

We're building our security function from the ground up, and this is the first dedicated security hire. You'll own the penetration testing practice across our product suite and work directly with the Head of Engineering to shape how the security team grows. This role has a clear path to leading the team.


This isn't a role where you run scans and file tickets. You're the person who defines what security looks like at Jubelio. You'll have direct influence on team structure, tooling choices, and long-term strategy — with a real path to becoming Security Lead as the team grows.


You'll be conducting regular security assessments across our core products:

  • Jubelio Omnichannel — multi-tenant e-commerce platform
  • Jubelio Store — storefront product
  • Jubelio Shipment — logistics and courier integration layer
  • Jubelio Chat — AI-powered merchant chatbot (includes LLM components)
  • Jubelio POS — point of sale system

These are production SaaS products with real merchant and transaction. The bar is high.


Job Description:


  • Plan and execute routine penetration tests across all Jubelio products — web, API, and mobile surfaces
  • Identify vulnerabilities, document findings, and work with engineering teams to validate and remediate
  • Develop and maintain a structured pentest schedule and methodology across product lines
  • Perform threat modeling to prioritize attack surfaces that matter most for our business context
  • Produce clear, actionable pentest reports for both technical and non-technical audiences
  • Work with the Head of Engineering to define the security roadmap, team structure, and hiring plan as the team grows
  • Establish security standards, tooling, and processes that will serve as the foundation for the team

Kualifikasi

  • Min 2-4 years experience in Red Team / Penetration tester, security engineer, or other related positions.
  • Solid hands-on penetration testing experience across web applications and APIs (OWASP Top 10 and beyond)
  • Strong understanding of authentication and authorization flaws, particularly in multi-tenant SaaS architectures
  • Experience with common pentest tooling — Burp Suite, Metasploit, Nmap, nuclei, or equivalent
  • Able to read and understand code to identify vulnerabilities (gray-box / white-box testing)
  • Familiar with cloud infrastructure attack surfaces (misconfigured storage, IAM, exposed services)
  • Experience writing structured pentest reports that engineers can actually act on
  • Strong communication skills — you'll be bridging security findings with product and engineering teams regularly


Nice to Have:


  • Experience testing LLM-integrated products or AI chatbot surfaces (prompt injection, data leakage)
  • Familiarity with e-commerce or fintech threat landscapes
  • Relevant certifications: OSCP, CEH, eWPT, or equivalent
  • Prior experience building or leading a security practice


Benefit & Fasilitas

competitiveSalarymedicalLeavebonusSystempaidSickDays

Keahlian

analytical problem solving
Jubelio

Tentang Jubelio

An Omnichannel Platform for retailers and wholesalers. Our mission is to simplify your business by integrating back office, warehouse, marketplace, webstore and point of sales (POS) into one dashboard.

Ukuran: 100 karyawan

Lowongan Terkait

Berdasarkan kategori, tipe kerja, dan keahlian yang serupa.

Product Promotor Cabang / Event Regular -Jakarta

PT Propan Raya ICC

PT Propan Raya ICC
Jakarta Barat, DKI Jakarta
Negotiable

Crew Outlet (RF)

PT DANAMAS INSAN KREASI ANDALAN (PT DIKA)

PT DANAMAS INSAN KREASI ANDALAN (PT DIKA)
Jakarta Selatan, DKI Jakarta
Rp 3,000,000 - Rp 4,000,000

Host Live TikTok Entertaiment Wanita

PT. Nex Media Indonesia

PT. Nex Media Indonesia
Jakarta Utara, DKI Jakarta
On-site
Rp 5,500,000 - Rp 12,000,000