FINNOMENA

Security Engineer

FINNOMENA

full-time

Posted on:

Location Type: Hybrid

Location: Pathum WanThailand

Visit company website

Explore more

AI Apply
Apply

Tech Stack

CloudGoJenkinsKubernetesMicroservicesPython

About the role

  • Lead Internal Penetration Testing: Perform deep-dive manual and automated penetration tests on web applications, mobile apps, and microservices.
  • Adversarial Emulation: Design and execute red-team scenarios to test the organization’s detection and response capabilities.
  • Vulnerability Management & Exploitation: Beyond scanning, validate and exploit findings to demonstrate real-world risk and prioritize remediation for engineering teams.
  • Secure Architecture Review: Conduct threat modeling and architectural "stress tests" to identify logic flaws in new features before a single line of code is deployed.
  • Automated Offensive Tooling: Develop custom scripts and integrate offensive security tools (DAST, IAST) into the CI/CD pipeline to catch "low-hanging fruit" automatically.
  • Remediation Advocacy: Partner with developers to provide "exploit-to-fix" guidance, ensuring they understand the how and why behind security patches.
  • Incident Support: Act as a subject matter expert during security incidents to help analyze attack vectors and post-mortem findings.

Requirements

  • 3+ years of specialized experience in Penetration Testing, Offensive Security, or Application Security.
  • Expert-level proficiency with the "Hacker’s Toolkit": Burp Suite Professional, Metasploit, Nmap, SQLmap, and various proxy tools.
  • Good Scripting Skills: Ability to write custom exploits or automation scripts in Python, Go, or Bash.
  • Cloud & Container Expertise: Proven experience attacking/auditing Kubernetes environments, and containerized workloads.
  • Deep Web Knowledge: Thorough understanding of OWASP Top 10, SANS Top 25, and common business logic vulnerabilities.
  • CI/CD Familiarity: Experience with CI/CD pipelines and automation tools (e.g., Jenkins, GitLab CI).
Benefits
  • The opportunity to work on cutting-edge technology and make a real impact on our organization's security posture.
  • A collaborative and supportive work environment with a strong focus on learning and development.
  • Hybrid working environment.
  • Competitive compensation and benefits package.
  • The chance to be part of a team that is passionate about security and innovation.
Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools
Penetration TestingOffensive SecurityApplication SecurityScriptingVulnerability ManagementThreat ModelingAutomated Offensive ToolingIncident ResponseCloud SecurityContainer Security
Soft Skills
CollaborationAnalytical ThinkingProblem SolvingCommunicationAdvocacy