Security Engineering Lead (Red Team)

About Amartha

At Amartha, we empower micro-businesses across Indonesia, enabling growth and equal prosperity. We've supported over 3.6 million enterpreneurs–mostly women–by disbursing IDR 37 trillion in funding. As we step into 2026, Amartha is evolving into a technology-driven financial ecosystem, expanding our reach in lending, funding, and payments. Through innovation and digital solutions, we aim to enhance accessibility, streamline processes, and create a seamless user experience.

About the Role 

The Security Engineering Lead plays a crucial role in Amartha. You will be the warrior who will spearhead various Information Security programs to protect Amartha from internal and external threats.

About the team

The Information Security team in Amartha is a group of dynamic, highly-analytical  individuals who are highly mindful in driving security and privacy by design within the various aspects of product lifecycle and engineering processes. We are the team who are highly passionate to be the security enabler of Amartha’s systems

Responsibilities

• Lead, mentor, and grow a team of high-performing offensive security engineers, fostering a culture of innovation and continuous learning. 
• Design and execute sophisticated offensive security operations and adversary simulations against critical financial systems and data, leveraging frameworks like MITRE ATT&CK.
• Ensure all offensive activities and subsequent remediation efforts align with Indonesia's specific financial sector guidelines and regulations and the Personal Data Protection Law (UU PDP).
• Oversee and conduct in-depth vulnerability research and penetration testing across web, mobile, API, cloud (GCP), and corporate infrastructure.
• Drive the development of custom scripts and automation to enhance the efficiency and scalability of offensive security operations.
• Identify current and emerging technology issues including security trends, vulnerabilities and threats through various security assessment activities (including but not limited to: . penetration testing, vulnerability assessment, etc)
• Recognize complex technical issues and managing them within a fast-paced business environment
• Perform proactive investigation to analyze security weaknesses and recommend appropriate strategies
• Perform Threat intelligence activities
• Work closely with internal and external teams to implement security solutions
• Acquire and implement new technological solutions to enhance organizational security posture
• Identify, define and document system security requirements and recommend solutions
• Monitor systems for irregular behavior and set up preventive measures
• Manage bug bounty program
• Enhance the effectiveness of security related processes through automation and orchestration

• 8+ years in security engineering, with 3+ years in a leadership role
• Ability to express technical information clearly at different organizational levels
• Having relevant certification are preferable (e.g.  CEH,OSCP, eCPPT, Ejpt etc)
• Advance knowledge in  API Security, Mobile/Application Security, Cloud Security
• Advance knowledge in security adversarial techniques, tactics, and procedures
• Experienced in conducting Static Application Security Test (SAST) and Dynamic Application Security Test (DAST)
• Proficient in scripting using Python, Bash, Go
• Highly skilled with strong hands-on experience with various security assessment tools such as Metasploit, BurpSuite, ZAP, OWASP tools, Hydra, Netsparker, Wireshark, Apktool, nikto, Cloudbrute , Kali Linux tools, Frida, MobSF, or comparable technologies
• Familiar with Cloud Platform such as GCP, AWS 
• Tools familiarity : Python, Bash, TerraFrom, Ansible, GitHub, Jenkins, Artifactory, Jira, Terraform, Git, BurpSuite, Hydra, Nessus, NMap, Metasploit, Frida, MobSF

At Amartha, we are dedicated to creating a workplace that celebrates diversity, ensures equity, and fosters inclusion. We believe that diverse perspectives—shaped by factors such as gender, age, race, ethnicity, education, culture, and life experiences—drive innovation and growth.

We actively welcome individuals from all backgrounds to join us in building an environment where everyone feels respected, valued, and empowered. Our commitment is to provide equal opportunities and foster a sense of belonging that enables our employees to thrive and make meaningful contributions.