Building a Safer Cyberspace:
At Horangi, we’re passionate about building safer cyberspace and creating software and services that solve challenging cybersecurity problems. Horangi focuses on building partnerships with our customers, developing an understanding of their business goals and building a security strategy that helps achieve their objectives. Horangi’s personnel have extensive engineering experience and a strong background in penetration testing, incident response and strategic consulting including both large multinational networks and small organisations with focused missions. We enjoy solving tough security problems and we are eager to find new challenges and build new relationships.
Horangi Cyber Security Consultant works directly with Horangi’s customers to perform cyber security assessments. Members of the Cyber Security Consultant team in Strategic Services are generally familiar with most aspects of cybersecurity but specialize in cybersecurity architecture, cloud security, cyber risk management, network and infrastructure security, application security, and security compliance.
We are looking for someone who:
- Passionate in the cybersecurity domains and strive to explore new technologies, skillset, frameworks and trends
- Being proactive and work independently with minimal supervision and like having autonomy a to make decisions.
- Being a team player, trust and challenge each other, possess good interpersonal communication skills and helping mind in a team-oriented environment
- Being able to communicate well, and willing to receive criticism and feedback
- Ability to adapt fast in a startup environment
- Being responsible and take pride in your work, willing to proactively conduct research as necessary to perform the assessment properly and improve the quality of deliverables
- Able to prioritise shifting workloads in a rapidly changing industry.
- Being user-centric and empathise with the client to solve their problems
- Willing to travel around within South-east Asia and enjoy being out of your comfort zone.
- Has experience with a good knowledge of Unix, Linux, Windows, network devices, firewalls, web and/or mobile application developmentsIs familiar with cloud environments such as AWS, Alibaba, or GCP, including with containerisation such as Docker and Kubernetes.
- Has experience with complex information technology environments, including to review and assessment network and infrastructure design/diagram.
- Has experience in risk management, including with risk scoring or assessment and good reporting skill.
- Is familiar with managing infrastructure and technology in Microservice stack (such as Load Balancing, HAProxy, ORA Weblogic, Kafka or Kong)Has knowledge on how to perform assessment or analysis on the level of application, network and infrastructure for new application development or system integrationHas capability to understand SDLC processes to support IT operation and development for security compliance.
- Has a good understanding of SAST & DAST will be excellent.
- Has general knowledge of information security management frameworks, such as ISO/IEC 27001, NIST, or PCI DSS.
- Understanding of how business strategy, risk, regulation and technical constraints influence organisational responses to cyber security.
- Excellent Bahasa Indonesia and English communication skills – both oral (for interviews/meetings, presentations) and written (for designing and writing engaging reports which communicate assessment report succinctly and clearly convey the message in a way which is appropriate for the audiences)
- Like the sharing and cohesive culture by learning and improving together. We don't have any "subes", "suhu", "panutanque", "master", or similar words here. In our culture, no one is smarter than anyone. It is just a matter of who knows the knowledge in advance.
- Plan, manage and organise the delivery of cybersecurity services to clients
- Lead and manage the project and team on performing delivery of cybersecurity services for clients including:
- Penetration Test and Remediation assistance on client for works: web application penetration test, mobile application penetration test, Network security assessments, API penetration test, Thick client application penetration test, and also assistance in categorisation and remediation of issues.
- Secure architecture reviews and assistance including: reviewing architectures from client's product teams and providing security related feedback, analysis and synthesis on feature changes and integrating security into these applications, communication of security focus in agendas with product management for new and existing application development.
- Cloud Security & Compliance review and assistance including: Assisting and supporting the triage and identification of cloud security and compliance issues, training and education with the engineering & product teams around cloud security and compliance issues, integration with the CSIRT and other teams to effectively handle issue identification and remediation, technical and policy advisory around security and compliance issues.
- Consult and advise with client's organizational personnel at tactical, operational, and strategic levels to achieve project goals on compliance toward a variety of regulatory compliance and industry standard frameworks
- Contribute to the development of the cybersecurity service framework within the firm.
- Draft, report and present to customer including leadership and executive management on on assessment findings, program statuses, and other security items as they impact business goals
- Develop and deliver content on security domains of expertise to establish yourself, our team, and our brand as thought leaders in the community
- Participate in speaking engagements and industry events to establish yourself, our team, and our brand as thought leaders in the community
Experience and certifications:
- Three (3) years or more involvement in various complex and large environments, including client-facing cybersecurity consulting experiences.
- Experience on lead and manage small group of people and cybersecurity projects
- Business proficiency in written and verbal Bahasa Indonesia and English in order to communicate effectively for both internal coordination and client-facing activities
- At least 1 Cybersecurity-related certification, such as ISO 27001 Lead Implementor / Lead Auditor, ISC2 CISSP, ISACA CISA, ISACA CISM, ISACA CGEIT, ISACA CRISC, OSCP, OSWP, OSCE, OSWE, CompTIA Security+
- Preferably has cloud or cloud security related certifications such as AWS Cloud Practitioner and/or Solutions Architect, or AWS Security Specialty, or Google Cloud Architect and/or Data Engineer, or Google Cloud Security Engineer
- Experience in delivering cybersecurity services, preferably for multinational companies
- Experience in working with different units/parties on security-related matters