Senior Information Security Engineer

PT ALTO Network (Djarum Group), founded in 1993, is a financial technology company on providing total banking and payment solutions for Indonesia transaction ecosystems. ALTO is one of the 4 Licensed Lembaga Switchings in Indonesia and part of the Gerbang Pembayaran National (GPN). Today, ALTO aims to be the national leader in payment solutions using the most innovative technology to give impact on connecting merchants and financial institutions to their customers.

Our main product is the transaction behind every banking transaction for both physical transactions and digital transactions. Kindly check our product here:

This role will be reporting to the Cyber Security Manager.

Main Functions

The blue team is known as an internal team whose job is to prevent and protect against possible cyber attacks. It can be said that the blue team is a defensive team. This team is aware of various techniques that may be performed by attackers, therefore they are tasked with strengthening the system to minimize existing loopholes. However, it could be that the blue team is not aware that the system they are building has loopholes, therefore the red team is needed as the other side of the blue team.

Responsibilities

• Perform analysis or assessments to validate defined security requirements and to recommend additional security requirements and protections.
• Follow the customer-directed/contractual Vulnerability Assessment Process and Framework to include creation and review of documentation related to document risk/issue assessments. Design, test and implement secure operating systems, networking, security monitoring, tuning and management of IT security systems and applications, incident response, digital forensics, loss prevention.
• Conduct Blue Team Risk Assessment and Vulnerability at the network, system, and application levels.
• Ensure Vulnerability Assessment Blue Team discipline is applied.
• Scope (Firewall, HSM, DNS Ext, WAF F5, SSL MGT, Ms. Defender Office 365, PAM Cyberark, Antivirus, Cloud SIEM Azure, Web Proxy DLP Email Security Gateway Forcepoint, Active Directory)
• Leverage COTS/GOTS and specific tools and processes/procedures to scan, identify, contain, mitigate and mitigate vulnerabilities and disruptions.
• Have a thorough understanding of various security tools, techniques and procedures, including architecture Vulnerability Assessment, implementing firewall rules and security profiles on firewalls, observing electronic data traffic, and managing network access.
• Periodically conduct a review of each system audit and monitor corrective actions until all actions are closed. It is preferable that the analyst has previous work experience briefing junior staff and senior staff.
• May act as advisor to management and customers in advanced technical research studies and applications.
• Describe the main responsibilities and duties of this position
• Participate with senior managers to set strategic plans and objectives: Analysts may serve as program spokesperson on follow-up projects and/or programmes.
• Conduct product and company research, evaluate and recommend new security tools, techniques and technologies. collaborate with team members and introduce tool changes and enhancements to the company aligned with the IT security strategy.
• Conduct cyber threat modeling exercises with commercial tools.

Requirements

• Preferably have certification (CISSP, CEH, CIHE, GSEC)
• Familiar with common security controls and security vulnerabilities for modern mobile applications, web applications, APIs, and cloud infrastructure
• Mastering security tools (Antivirus, Firewall, WAF, DLP,)
• Knowledge of security systems including anti-virus applications, content filtering, SIEM, SOAR, firewalls, WAF F5, authentication systems, and DLP
• Knowledge of low-level network protocols (e.g. HTTP, IPv4, TCP, UDP, ICMP, Ethernet, and 802.11)
• Windows & Linux/Unix
• 3 years or more work experience as Security Engineer, Security Analyst, Blue Team or related position
• Understand the security testing requirements of common security regulations such as PCI DSS and ISO27001

Powered by JazzHR

2zMMkO68Uv