Security Researcher - Threat Intelligence

Job Description: Security Researcher/Red Teamer – Liveness Testing

Location: Indonesia
Role Overview:
We are seeking a skilled and innovative Security Researcher to lead our Liveness Testing and Presentation Attack Detection (PAD ) initiatives with a focus on offensive approach. The ideal candidate will employ an attacker’s mindset to simulate, test for liveness and presentation attacks, while also managing teams and projects related to liveness detection, data annotation, and quality assurance.

This role is ideal for individuals with experience in bug bounty programs, data annotation management, and QA, who can collaborate with diverse teams and stay updated on emerging attack vectors. The candidate should have expertise in liveness detection systems and presentation attack techniques, including spoofing scenarios like face masks or deepfake media. A strong ability to analyze and identify weaknesses in biometric systems and propose mitigation strategies is essential.

Key Responsibilities:

• Offensive Security & Liveness Attack Simulation:

  • Design and execute red-teaming operations to test liveness detection systems.
  • Simulate presentation attacks using advanced techniques, such as bypass injections, emulator setups, jailbreaks, and rooted device configurations.
  • Leverage frameworks like Frida for dynamic testing and reverse engineering of mobile applications.
• Red Teaming for Liveness Attacks:
  • Lead red-teaming efforts to simulate and analyze injection and presentation attacks.
  • Develop strategies and solutions to mitigate vulnerabilities.
• Liveness Testing & data pipeline Development:
  • Execute and manage liveness and presentation attack tests across systems.
  • Contribute to enhancing machine learning models for PAD (training can be provided).
• Data Annotation & Quality Assurance:
  • Oversee data annotation activities to ensure high-quality datasets for PAD and liveness testing.
  • Manage QA processes to maintain standards in project deliverables.
• Threat Intelligence & Community Monitoring:
  • Engage in online communities, such as WhatsApp, Facebook, or user groups, to monitor and analyze shared attack vectors.
  • Leverage insights from threat intelligence to enhance defense strategies.
• Project Management:

  • Plan, execute, and monitor projects, ensuring timely delivery and alignment with organizational goals.

Requirements:

• Hands-on expertise in bypass injection attacks, emulator usage, jailbreak/rooted environments, and frameworks like Frida.

• Strong experience in Presentation Attack Detection (PAD) or related security domains.
• Knowledge of liveness detection methodologies and testing practices.
• Proven ability to manage data annotation projects, including team coordination and QA.
• Strong understanding of iOS and Android frameworks for setting up attack environments.
• Familiarity with mobile application penetration testing and dynamic instrumentation tools.
• Familiarity with threat intelligence gathering from user groups or online platforms.
• Experience in large-scale BPO operations, data annotation management, or bug bounty programs is highly desirable.

• Willingness to learn and apply skills in Machine Learning for PAD.

Preferred Qualifications:

• Ability to adapt quickly to emerging attack methodologies.

• Background in managing teams in organizations such as Superhands or large BPOs.
• Understanding of security challenges in the Indonesian market.
• Experience with ML models and their application in PAD is a plus.

• Certification in mobile application security or ethical hacking (e.g., OSCP, CEH, or equivalent).