Security Engineer (Purple Team)

Jakarta - Indonesia

Monthly Salary: Not Disclosed

Posted on: Yesterday

Vacancies: 1 Vacancy

Job Summary

About the Role

As a Mid Security Engineer (Purple Team) at StraitsX you will support both offensive and defensive security efforts to help continuously validate our security controls. This role goes beyond one-off testing and focuses on learning how real-world attacks work and how they can be detected and mitigated. You will work closely with Red Team and Blue Team members to run security tests analyze results and improve visibility across our cloud and fintech systems.

What You Will Do

Participate in adversarial emulation and penetration testing activities under guidance from senior team members.
Execute security testing focused on AWS cloud infrastructure applications and APIs.
Assist in translating penetration testing results into basic detection rules and alerts using tools such as Datadog and AWS security services.
Review logs and security telemetry to help identify gaps in detection and monitoring.
Document vulnerabilities clearly including reproduction steps impact and recommended remediation.
Support Blue Team activities by helping validate alerts monitoring rules and incident response playbooks.
Contribute small automation scripts to improve security testing or validation workflows.

What We Are Looking For

At least 3 years of experience in offensive security defensive security or hands-on security engineering roles.
Practical experience with network web application and API penetration testing fundamentals.
OSCP certification.
Ability to manually exploit common vulnerabilities with guidance not solely rely on automated scanners.
Basic understanding of AWS security concepts including IAM networking and logging.
Familiarity with security logs such as CloudTrail VPC Flow Logs application logs or Syslog.
Exposure to SIEM EDR or security monitoring tools (e.g. Datadog Security Splunk ELK).
Basic scripting skills in Python Bash or Go with willingness to learn automation best practices.
Interest or early exposure to fintech or blockchain security concepts is a plus.

Required Experience:

About the RoleAs a Mid Security Engineer (Purple Team) at StraitsX you will support both offensive and defensive security efforts to help continuously validate our security controls. This role goes beyond one-off testing and focuses on learning how real-world attacks work and how they can be detecte...

About the Role

What You Will Do

Participate in adversarial emulation and penetration testing activities under guidance from senior team members.
Execute security testing focused on AWS cloud infrastructure applications and APIs.
Assist in translating penetration testing results into basic detection rules and alerts using tools such as Datadog and AWS security services.
Review logs and security telemetry to help identify gaps in detection and monitoring.
Document vulnerabilities clearly including reproduction steps impact and recommended remediation.
Support Blue Team activities by helping validate alerts monitoring rules and incident response playbooks.
Contribute small automation scripts to improve security testing or validation workflows.

What We Are Looking For

At least 3 years of experience in offensive security defensive security or hands-on security engineering roles.
Practical experience with network web application and API penetration testing fundamentals.
OSCP certification.
Ability to manually exploit common vulnerabilities with guidance not solely rely on automated scanners.
Basic understanding of AWS security concepts including IAM networking and logging.
Familiarity with security logs such as CloudTrail VPC Flow Logs application logs or Syslog.
Exposure to SIEM EDR or security monitoring tools (e.g. Datadog Security Splunk ELK).
Basic scripting skills in Python Bash or Go with willingness to learn automation best practices.
Interest or early exposure to fintech or blockchain security concepts is a plus.

Required Experience: