Back to search
Jubelio Linkedin · Posted 21d ago

Security Engineer - Penetration Tester (Red Team)

Jakarta

Linkedin
Continue to application Add your email once, then Caio opens the original posting.

Indexed description

Responsibilities

We're building our security function from the ground up, and this is the first dedicated security hire. You'll own the penetration testing practice across our product suite and work directly with the Head of Engineering to shape how the security team grows. This role has a clear path to leading the team.

This isn't a role where you run scans and file tickets. You're the person who defines what security looks like at Jubelio. You'll have direct influence on team structure, tooling choices, and long-term strategy — with a real path to becoming Security Lead as the team grows.

You'll be conducting regular security assessments across our core products:

  • Jubelio Omnichannel — multi-tenant e-commerce platform
  • Jubelio Store — storefront product
  • Jubelio Shipment — logistics and courier integration layer
  • Jubelio Chat — AI-powered merchant chatbot (includes LLM components)
  • Jubelio POS — point of sale system

These are production SaaS products with real merchant and transaction. The bar is high.

Job Description

  • Plan and execute routine penetration tests across all Jubelio products — web, API, and mobile surfaces
  • Identify vulnerabilities, document findings, and work with engineering teams to validate and remediate
  • Develop and maintain a structured pentest schedule and methodology across product lines
  • Perform threat modeling to prioritize attack surfaces that matter most for our business context
  • Produce clear, actionable pentest reports for both technical and non-technical audiences
  • Work with the Head of Engineering to define the security roadmap, team structure, and hiring plan as the team grows
  • Establish security standards, tooling, and processes that will serve as the foundation for the team

Requirements

  • Min 2-4 years experience in Red Team / Penetration tester, security engineer, or other related positions.
  • Solid hands-on penetration testing experience across web applications and APIs (OWASP Top 10 and beyond)
  • Strong understanding of authentication and authorization flaws, particularly in multi-tenant SaaS architectures
  • Experience with common pentest tooling — Burp Suite, Metasploit, Nmap, nuclei, or equivalent
  • Able to read and understand code to identify vulnerabilities (gray-box / white-box testing)
  • Familiar with cloud infrastructure attack surfaces (misconfigured storage, IAM, exposed services)
  • Experience writing structured pentest reports that engineers can actually act on
  • Strong communication skills — you'll be bridging security findings with product and engineering teams regularly

Nice To Have

  • Experience testing LLM-integrated products or AI chatbot surfaces (prompt injection, data leakage)
  • Familiarity with e-commerce or fintech threat landscapes
  • Relevant certifications: OSCP, CEH, eWPT, or equivalent
  • Prior experience building or leading a security practice
Free. 20 seconds. No password. See every match in this search.

Create a free Caio profile to unlock more results and save your role and location preferences.

Unlock free search
Want help applying to roles like this? Search Caio for free. If CV tailoring and application tracking get heavy, Full Caio Agent adds a human specialist.
View Full Agent