Penetration Testing Specialist at Xendit
South Jakarta, ID
Offense is the best defense - External Pentesting @SECaaS
Xendit is an Indonesian fintech company that provides payment infrastructure across Indonesia. Xendit processes payments, runs marketplaces, disburses payroll and loans, detects fraud and helps other businesses grow exponentially. We serve these companies by providing a suite of world-class APIs and a dashboard UI that simplifies processes.
Our main focus is to build the most advanced payment rails for Indonesia, with a clear goal in mind — to make payments in Indonesia simple, secure and easy for everyone. We currently serve local SMEs to some of Indonesia’s largest tech startups and also giant-sized businesses like Samsung. We process millions of transactions monthly, growing 25% month on month for the last 2 years. We are trusted and backed by some of the largest VCs in the world, and are alumni of the prestigious YCombinator (S15).
Act like a hacker to warn Xendit and its contracted clients about risk exposure in its infrastructure, applications and processes, via timely tests and detailed reporting.
- Vulnerability Assessment and Penetration Testing of all new releases - scheduled to be in compliance with industry standards (PCIDSS, OWASP web/API/mobile) and Secure SDLC best practices.
- Red Teaming Xendit’s services, penetration testing of software, infrastructure and corporate systems, and designing and executing internal events to sharpen Blue Team (SOC specialist) processes and capabilities.
- This role will be expected to thoroughly document exploit scenarios, learn constantly, provide thought leadership in this domain, and show judgment in making technical trade-offs between short versus long term security and business goals.
- SECaaS responsibilities: execute SLA driven deliverables for x-SecOps requests and for client compliance requirements (requested via compliance team / internal auditor).
You may be a good fit if
- 3-5 yrs relevant experience or exceptional track record
- Bachelor of Engineering Computer Science or equivalent
- Expert use of hacking tools
- Recently held a position as a pentester
- Have worked in major consultancy firms
- Achieved: OSCP, CEH
- You thrive on autonomy and have proven you can push towards a goal by yourself
- You communicate well across teams
- Bonus points if you can bring in network of security professionals
What we care about
- Solve for the customer first: You build what customers want. You think about what is right for customers, not what is easiest for you
- Demonstrate mastery of honey badgery: You make ambitious goals. Then execute…no matter what stands in the way. When knocked down, you get up
- Take on challenges willingly and can be trusted to execute: You can be trusted to get things done right the first time quickly. You hit your deadlines
- You’re like us: You smile a lot, think work is fun and don’t take yourself too seriously. You measure yourself against the best and believe feedback is the breakfast of champions. You follow the golden rule
- You’re remarkable: People naturally talk about how awesome you are. If we can’t find someone who raves about you then it’s unlikely we will too
- Growing 25% month on month: We are one of the fastest growing companies in Southeast Asia and have done so for the last two years. We process close to 1b USD annually in payments by providing simple APIs for payments on a modern tech stack
- YCombinator Batch S15: YC is the best incubator in the world, producing Airbnb and Dropbox; 120 companies out of 6,000 applications get in
- Funded by investors behind Facebook, Slack, Kaokao, Path, Twitch, Grab, Tokopedia