Back to search
INDODAX - Indonesia Digital Asset Exchange Linkedin · Posted 27d ago

Offensive Security Manager

Jakarta

Linkedin
Continue to application Add your email once, then Caio opens the original posting.

Indexed description

Responsibilities

  • Product Security (AppSec)

Secure SDLC: Manage the Product Security Engineers who work alongside developers. Ensure security reviews, threat models, and code scanning (SAST/DAST) happen before deployment.

Bug Bounty Management: Oversee the public or private Bug Bounty Program (e.g., HackerOne, Bugcrowd). Triage incoming reports, validate severity, and pay out researchers.

Developer Education: Move beyond "gatekeeping." Create a "Security Champions" program to train developers on how to write secure code (e.g., OWASP Top 10 prevention).

  • Red Teaming & Adversary Simulation

Campaign Management: Design and approve Red Team campaigns (e.g., "Simulate a ransomware attack starting from a phishing email to Finance"). Define the "Rules of Engagement" to ensure production systems aren't crashed.

Purple Teaming: Facilitate "Purple Team" exercises where your Red Team attacks and sits with the Blue Team (Defenders) to see if they can detect the attack in real-time.

Physical & Social Engineering: Authorize physical security tests (badge cloning, tailgating) and advanced spear-phishing campaigns to test human resilience.

  • Vulnerability Management

Prioritization Strategy: Stop the "patch everything" noise. Guide the Vulnerability Management Engineer to prioritize fixes based on exploitability (e.g., "Is there a public exploit available?" "Is this server internet-facing?").

SLA Enforcement: Act as the "bad guy" with IT and Engineering leadership when critical vulnerabilities are not patched within the agreed Service Level Agreement (SLA).

Asset Coverage: Ensure that scanners (Qualys/Tenable) are actually seeing 100% of the environment, including shadow IT and new cloud deployments.

Requirements

  • 7+ years in Information Security, with 3–4+ years as a Penetration Tester, Red Teamer, or AppSec Engineer; hands-on ability to perform attacks like SQL injection or compromise Active Directory.
  • Application Security Fluency: Deep understanding of modern application stacks, including API security, micro services, and CI/CD pipelines.
  • Scripting & Automation: Proficient in Python, Go, or Bash for automating testing and security tools.
  • Leadership & Risk Communication: Ability to explain technical risks (e.g., XSS) in business terms to Product Managers or stakeholders.
  • Legal & Ethics Knowledge: Understanding of legal boundaries for ethical hacking (e.g., CFAA, safe harbor clauses).
  • Preferred Certifications: OSCP / OSCE (technical credibility), GWAPT / GPEN / GXPN (penetration testing), CISSP (management-focused).
Free. 20 seconds. No password. See every match in this search.

Create a free Caio profile to unlock more results and save your role and location preferences.

Unlock free search
Want help applying to roles like this? Search Caio for free. If CV tailoring and application tracking get heavy, Full Caio Agent adds a human specialist.
View Full Agent