Application Security Engineer

About Staffinc 

Staffinc, Indonesia’s leading digital staffing platform, meets the workforce needs of businesses with comprehensive solutions: 

Staffing: Curated talent management from recruitment to payroll.

HR System: Streamlined software for hiring, managing, payroll, and benefits. 

Procurement & Rental: Tools and equipment for your workforce, from laptops to vehicles.

Founded in 2018, Staffinc empowers over 1.7 million workers across 350+ cities, combining people and technology to drive meaningful impact. 

Job Description:

As an Application Security Engineer, you will work across all development teams and departments, providing security guidance and support throughout the software development lifecycle.

Your responsibilities includes:

1. Conducting security code reviews and penetration testing, identifying and remediating vulnerabilities, implementing secure coding practices and policies, designing security architectures and threat models, configuring and managing security tools and scanners, responding to security incidents, and collaborating with developers and operations teams to integrate security into development workflows.
2. Monitor security metrics and KPIs, stay current with emerging threats and vulnerabilities, and support decision-making through security risk analysis across product development, infrastructure, cloud services, and other technical areas.
3. Design, implement, and maintain security solutions to protect our applications and systems from threats and vulnerabilities.
4. Identifying security risks, conducting threat analysis, and implementing security best practices that safeguard organizational assets and customer data while enabling secure development

Requirements:

• Bachelor's degree in Computer Science, Cybersecurity, Information Security, Computer Engineering, or related field (or equivalent professional experience)
• 4+ years of professional experience in application security, security engineering, or similar role
• Strong understanding of secure coding principles and common vulnerability types (OWASP Top 10)
• Hands-on experience with security testing tools (SAST, DAST, dependency scanners)
• Proficiency in at least one programming language (Java, Python, C#, Go, or similar)
• Experience with security code review and vulnerability assessment methodologies
• Knowledge of authentication, authorization, encryption, and cryptographic concepts
• Excellent communication skills with ability to explain security risks to technical and non-technical audiences
• Detail-oriented with strong problem-solving and analytical abilities
• Ability to work independently and collaborate effectively with cross-functional teams
• Experience with multiple programming languages and frameworks (is preferred)
• Knowledge of cloud security (AWS, Azure, Google Cloud) and containerization (Docker, Kubernetes) (is preferred)
• Familiarity with API security, web application firewalls, and security orchestration (is preferred)
• Experience with threat modeling and secure architecture design (is preferred)
• Relevant certifications (CISSP, CEH, OSCP, Security+, or similar) (is preferred)

Working at Staffinc offers a strong balance of flexibility and growth through our hybrid working model, enabling effective time management and collaboration. You will gain valuable experience in a dynamic environment, working with a passionate team on impactful, innovative projects.

We also provide benefits to support your well-being, including a transportation allowance, health allowance, and full coverage under BPJS Ketenagakerjaan and BPJS Kesehatan for your social security and healthcare needs.