Software Development in Test - Security

About This Role

Halodoc is looking for an individual who can adopt the mindset of an attacker to proactively identify security vulnerabilities and collaborate closely with cross-functional teams to promptly address them. This role involves taking charge of the end-to-end secure development requirements, discovering vulnerabilities and security misconfigurations through Penetration Testing, Vulnerability Assessment, Threat Modeling, Red-teaming exercises, etc. You are expected to provide the remediation strategy specific to the Halodoc product tech stack by carefully considering the tradeoffs between security and user experience. We value individuals who are passionate about staying ahead in security, leveraging emerging technologies like LLMs and adopting innovative methodologies to enhance our security posture. The ideal candidate is a team player with strong communication skills, creative problem solving abilities and a strong passion for product security.

To Apply For This Position, You Must Have

• Minimum 6 years of experience building and securing software, with at least 4 years focusing on Web and Mobile application security testing.
• Education background min. Bachelor Degree from Computer Science or other related major
• Able to join as soon as possible
• Proficient in professional English
• Solid experience in at least one programming language (such as Go, JavaScript, Python, etc.), and a deep understanding of web technologies like HTML, CSS, and APIs. as you should speak the language of developers and identify security flaws in code as part of the code review.
• Experience in deploying application security technologies such as SAST, DAST, IAST, SCA, etc
• Ability to analyze security requirements and design secure cloud solutions based on AWS services.
• Enthusiasm for writing code, and helping others do the same.
• Excellent and professional communication skills (written and verbal) with an ability to articulate complex topics in a clear and concise manner.
• Proactiveness and be self-driven to be successful working in a remote environment.
  
  

Job Responsibilities

• Conduct product/feature level Design Reviews, Code Reviews, Threat Modeling, Web/Mobile Penetration Testing and Vulnerability Assessment and work with developers to resolve them.
• Working in a DevSecOps environment, with a focus on automating security testing in the development pipeline and implementing new or improved technologies and tooling, such as SAST, DAST, SCA, etc., to strengthen Halodoc security posture and drive innovation while maximizing ROI.
• Investigate user security issues, utilizing product knowledge and logs to understand potential incidents and proposing improvements to monitoring for quicker detection and containment of the similar issues.
• Support Halodoc Bug Bounty program through triaging submissions, proposing remediations and determining the root cause and severity of the reported vulnerabilities.
• Take an active role in driving internal security and privacy initiatives.
• Interact directly with the security community regarding vulnerabilities and threats.
• Analyze, assess, and respond to the various security threats
  
  

Good To Have Qualifications

• OSCP and or AWS Certified Security certification is a plus.
• Bug bounty experience is a plus.
• Solid experience in writing and reviewing code in at least one of the following programming languages: Java, JavaScript (Node JS), Go, Python.
• Research on AI-specific security threats including prompt injection, backdoor, privacy extraction.