Senior IT Security Specialist
Singapore, Central, Singapore
Xendit provides payment infrastructure across Southeast Asia, with a focus on Indonesia and the Philippines. We process payments, power marketplaces, disburse payroll and loans, provide KYC solutions, prevent fraud, and help businesses grow exponentially. We serve our customers by providing a suite of world-class APIs, eCommerce platform integrations, and easy to use applications for individual entrepreneurs, SMEs, and enterprises alike.
Our main focus is building the most advanced payment rails for Southeast Asia, with a clear goal in mind — to make payments across in SEA simple, secure and easy for everyone. We serve thousands of businesses ranging from SMEs to multinational enterprises, and process millions of transactions monthly. We’ve been growing rapidly since our inception in 2015, onboarding hundreds of new customers every month, and backed by global top-10 VCs. We’re proud to be featured on among the fastest growing companies by Y-Combinator.
Our vision is to build digital infrastructure for Southeast Asia, supporting customers from fast-growing startups, NGOs to multinational enterprises such as Traveloka, Lazada, Garuda Indonesia, Suzuki, and Ciputra.
Your mission as part of the Xendit information security team is to discover the various security vulnerabilities in our environment and provide technical consultation on how to protect our business from these vulnerabilities exploitation
- Perform offensive security operations to protect the company’s assets against cyber attacks.
- Perform penetration tests for web applications, networks, endpoints, and cloud infrastructure.
- Automating Security testing and devsecops implementation.
- Perform risk assessments that address security threats, changes to systems and/or applications, process improvement initiatives, and new product releases.
- Triage vulnerabilities findings to product engineers and help them understand the vulnerabilities
- Be a security subject matter expert and answer security questions from product engineers.
- Lead collaboration efforts within Xendit to define, execute, and track pre-audit preparation and audit tasks to meet year-round IT compliance goals.
- Manage and understand the information security policies and procedures and coordinate the communication within Xendit.
- Conduct ISO 27001 and PCI DSS security implementations.
- Lead Internal Audits related to IT and Information Security.
- Conduct Security Awareness training within Xendit.
- Do whatever it takes to make Xendit succeed
You may be a good fit if
- You have a bachelor's degree in Computer Science. An equivalent combination of education and work experience may be taken into consideration in lieu of a degree
- You have 9+ years of relevant IT experience, with a minimum of 7 years of hands-on as a penetration tester, application security engineer, and IT audit.
- Must be OSCP and ISO 27001 Lead Auditor Certified.
- You have a successful track record in helping a company to obtain or maintain international security standards such as PCI-DSS and ISO 27001.
- You are familiar with the financial industry and the security risks associated with it
- You are familiar with common security controls and security flaws for modern web applications, APIs, and cloud infrastructure.
- You understand the OWASP testing methodology and have knowledge of penetration testing tools.
- You think like an attacker but humble enough to help developers understand about risk and mitigation control of a vulnerability.
- You have exceptional verbal and written communication skills in English.
- Bonus point if you are certified on
- AWS Security Specialist
- PCI DSS ISA or QSA
- Solve for the customer first: You build what customers want. You think about what is right for customers, not what is easiest for you
- Demonstrate mastery of honey badgery: You make ambitious goals. Then execute…no matter what stands in the way. When knocked down, you get up
- Take on challenges willingly and can be trusted to execute: You can be trusted to get things done right the first time quickly. You hit your deadlines
- You’re like us: You smile a lot, think work is fun and don’t take yourself too seriously. You measure yourself against the best and believe feedback is the breakfast of champions. You follow the golden rule.
- You’re remarkable: People naturally talk about how awesome you are. If we can’t find someone who raves about you then it’s unlikely we will too.