Please mention DailyRemote when applying
Your application and all hiring communication for this role run through the Techy Recruiter team.
Ajaib is an Indonesian investment platform helping people access and manage investments across stocks, crypto, and U.S. stocks. As the platform continues to grow, protecting our customers, products, and technology is fundamental to maintaining trust.
We’re looking for an Offensive Security Lead to identify weaknesses before attackers do and help strengthen security across our applications, infrastructure, cloud environments, and internal systems.
You’ll lead Ajaib’s offensive security programme and take a hands-on role in testing the resilience of our technology.
You’ll design and execute penetration tests, red-team exercises, adversary simulations, and security assessments across mobile applications, APIs, backend services, cloud infrastructure, and corporate environments.
You’ll work closely with application security, engineering, infrastructure, incident response, and risk teams to turn findings into meaningful improvements. This role requires strong technical depth, sound judgement, and the ability to communicate complex attack paths clearly to both technical teams and senior leaders.
Define and lead Ajaib’s offensive security strategy, roadmap, and testing programme
Conduct hands-on penetration testing across mobile applications, web applications, APIs, backend services, cloud environments, and internal systems
Plan and execute red-team exercises and adversary simulations based on realistic threat scenarios
Identify complex attack paths across applications, infrastructure, identity systems, and third-party integrations
Test authentication, authorisation, session management, account recovery, transaction flows, and customer-protection controls
Perform security assessments of new products, features, architectures, and high-risk integrations
Evaluate the effectiveness of security controls, monitoring, detection, and incident-response capabilities
Partner with engineering and security teams to validate remediation and confirm that vulnerabilities are fully resolved
Provide clear, practical remediation guidance that helps teams reduce risk without slowing delivery
Develop custom testing tools, scripts, payloads, and automation to improve offensive-security coverage
Coordinate external penetration tests, specialist assessments, and independent security reviews
Support responsible-disclosure and bug-bounty activities, including triage, validation, and remediation tracking
Create high-quality reports that explain technical findings, business impact, attack scenarios, and recommended actions
Define offensive-security metrics, testing standards, and risk-prioritisation methods
Mentor offensive-security engineers and help grow the team’s technical capability
Share attack trends, lessons learned, and defensive recommendations with security and engineering teams
Stay current with emerging vulnerabilities, attacker techniques, exploitation methods, and threats affecting financial platforms
Strong experience in penetration testing, red teaming, offensive security, or security research
Experience leading offensive-security engagements or mentoring security professionals
Deep technical knowledge of web, mobile, API, cloud, infrastructure, and identity security
Hands-on experience identifying and exploiting complex vulnerabilities and chained attack paths
Strong understanding of common application and infrastructure weaknesses, including the OWASP Top 10 and OWASP API Security Top 10
Experience testing authentication, authorisation, access control, cryptography, transaction flows, and business logic
Strong knowledge of network protocols, operating systems, cloud environments, containers, and modern application architectures
Experience with manual testing techniques as well as offensive-security tools and frameworks
Ability to write scripts or tools in languages such as Python, Go, JavaScript, or Bash
Experience producing clear technical reports and presenting risk to engineering leaders and senior stakeholders
Strong understanding of responsible testing practices, rules of engagement, and safe exploitation
Ability to balance technical depth with business context and risk prioritisation
Strong written and spoken English
Previous experience within fintech, banking, brokerage, payments, investment, or cryptocurrency platforms
Experience testing Android and iOS applications
Experience with AWS, Google Cloud, or another major cloud platform
Familiarity with Kubernetes, containers, service meshes, and cloud-native architectures
Experience with adversary emulation frameworks and threat-informed testing
Experience running purple-team exercises with detection and incident-response teams
Knowledge of fraud, account takeover, identity abuse, transaction manipulation, and financial-platform attack patterns
Experience managing bug-bounty or responsible-disclosure programmes
Security certifications such as OSCP, OSEP, OSWE, CRTO, GXPN, or equivalent
Public security research, vulnerability disclosures, conference presentations, or contributions to security tools
High-impact ownership: shape and lead offensive security for a growing financial platform
Hands-on technical work: test real-world systems across mobile, APIs, cloud, identity, and infrastructure
Meaningful mission: help protect customers, investments, personal data, and financial transactions
Real influence: work directly with engineering and security teams to drive measurable improvements
Challenging attack surface: assess complex products spanning stocks, crypto, and U.S. investment services
Leadership opportunity: build offensive-security standards, mentor the team, and strengthen Ajaib’s security culture
A few things worth knowing before you apply:
Interviews may include technical, leadership, and offensive-security scenario discussions. You may be asked to explain an attack path, assess an architecture, review a vulnerability, or describe how you would plan and safely execute a red-team exercise.
Please do not include confidential information, customer data, source code, exploit details, security findings, or proprietary information from current or previous employers during the interview process.
If you need accommodations at any stage of the recruitment process, please let us know in your application.
About Techy Recruiter
Techy Recruiter is a boutique hiring partner for startups and scaleups across Europe and the Gulf. We run searches end to end and care about a clear, fair process for every person who applies.
Equal opportunity
We assess people on merit. All applicants are welcome regardless of background, and we do not discriminate on any basis protected by law.
Your data
We treat your information as confidential and use it only for this hiring process.
Stop the endless job search. Our AI finds and applies to the best jobs for you.
Discover remote opportunities in Others
Answer easy questions
200,000+ jobs across 15+ categories
Get your best job matches
Only hand-screened, legit jobs
Find a remote job faster
No ads, scams, or junk
“ I was the first applicant for a remote marketing position that got listed on the company website the same day I applied. Had an interview within 48 hours!