Achmad Firdaus

SecLab Indonesia

Lead developer and architect of SIERA, SecLab's internal security assessment platform, now in production at a large telecommunications client (under NDA). Responsible for the full stack (Golang, Node.js, React/Next.js, PostgreSQL, Redis, Docker), a small cross-functional team, and security consulting with the client from strategy through remediation.

• Built SIERA in 2022 and have led it since. It runs in production for a large telecom client (NDA) with about 370 internal users who run assessments themselves, from the first vulnerability scan through penetration testing to the final report. What used to take one or two days now takes a few hours.
• Added a Security Testing Planner with requestor and respondent roles, so teams know up front whether a project actually needs a penetration test.
• Automated vulnerability assessment for infrastructure, web apps, and source code, tying together Nessus, Rapid7, Acunetix, SonarQube, and Burp Suite Professional, including rescans and automatic closeout once a finding is fixed.
• Wrote a connectivity pre-check service that confirms a target is reachable before manual testing, covering web, infrastructure, and API scopes (curl/wget, nmap, TLS, SSH, Playwright, and Postman/Newman collections).
• Handled the Pentest Management side too: findings intake, remediation tracking, retests, and report generation.
• Connected SIERA to Microsoft Power Automate for approvals and digital signatures on clearance and release documents.
• Lead a team of eight across backend, frontend, UI/UX, and security.
• Used AI-assisted engineering to move faster on prototyping, building, and docs, without cutting corners on secure development.
• Set testing strategy and remediation plans with client stakeholders, and walked their engineering teams through the findings.
• Ran hands-on penetration tests across web, API, and mobile.

SecLab Indonesia

Split the role between building SIERA and hands-on penetration testing of the client's web apps and APIs (telecom client, under NDA).

• Expanded SIERA's automation around VA rescans, pentest submissions, and the finding lifecycle, all running in the client's production environment.
• Assessed the client's web applications and APIs for security issues.
• Ran manual exploitation with Burp Suite Professional and custom testing methods.
• Wrote up vulnerabilities with working proof-of-concept and clear, prioritized fixes.

SecLab Indonesia

Started building SIERA while running application security assessments on web apps and APIs.

• Kicked off SIERA's design and build, covering planner intake, vulnerability assessment, and pentest workflows.
• Ran penetration tests and vulnerability assessments on web applications and APIs.
• Built the backend services and REST APIs behind the platform and its tooling.
• Managed the Linux servers and deployments.

Mimotek Indonesia

Built web and Android apps end to end, from the REST API to the interface.

• Built web and Android apps on both the frontend and backend, mostly with Laravel and CodeIgniter.
• Designed and consumed REST APIs linking mobile clients to backend services and databases.
• Tuned MySQL and SQL Server queries and stored procedures for the heavier, data-driven features.

PT. Astra Graphia Information Technology (AGIT)

Built and integrated backend systems for large enterprise operations.

• Developed and maintained enterprise backend systems in PHP (Laravel, CodeIgniter, CakePHP).
• Wrote and tuned stored procedures across SQL Server and MySQL.
• Built automation scripts and integrations with SAP, AS400, and other enterprise systems.

Educational institution

• Ran the school's network on MikroTik: firewall, hotspot, and shared printing.
• Served as technical proctor for the national computer-based exams (UNBK).
• Taught networking basics and information-system applications to students.