Senior Information Security Engineer, Tech Lead - GoPay


Gojek logo
Apply now Apply later

Posted 2 weeks ago

About the Role
The role is expected to provide technical leadership for the information security function at GoPay. The role is expected to have an in-depth knowledge in information security throughout the application and technology stack at GoPay. This includes cloud infrastructure, application and API security. The role is expected to provide technical leadership for the information security team at GoPay through knowledge sharing, mentoring and evangelism. The role will work closely with the engineering team to ensure the security of GoPay’s products throughout its technology stack.

What You Will Do

  • Lead the technical analysis and evaluation of systems, cloud infrastructure and application security throughout the SDLC at GoPay
  • Lead the vulnerability management process that includes identification, analysis and evaluation of security threats, vulnerabilities and mitigation for system and application throughout the SDLC at GoPay
  • Lead the analysis, evaluation and implementation of security controls across IT infrastructures and platforms at GoPay
  • Lead the implementation of technical solution to mitigate security vulnerabilities and compliance related findings
  • Lead the investigation, analysis and implementation of mitigation effort during security events, incidents or breach
  • Work closely with the engineering team at GoPay and the information security team at Gojek  to ensure the security of systems, cloud infrastructure and application at GoPay
  • Provide technical guidance and mentoring for GoPay information security team
  • Keep up with the current and emerging security threats, vulnerability, control

What You Will Need

  • Should have at least 6 years of hands on experience as a Security Engineer, and 2 years of experience in leading a security engineering team
  • Proficiency with the Linux operating system and security scripting
  • In-depth knowledge in application, API and cloud infrastructure security
  • In-depth knowledge and experience in vulnerability management and penetration testing, as well as DevOps environment
  • Knowledge and experience on micro-service architecture, container orchestration and cloud computing architectures and their corresponding characteristics in terms of information security would be an advantage
  • Knowledge and experience in DevSecOps environment and security development related automation will be an advantage
  • Having professional security related certification, e.g., CISSP, CCSP, CISA, CCNA, CISM, SANS GIAC, CSX, OSCP would be an advantage
About the Team
GoPay IT-GRC is managing the IT and Information security governance, risk and compliance at GoPay. The role will report to the Head of IT-GRC and will be a part of the GoPay IT-GRC and Gojek Information Security Team.

About Us
Gojek is a Super App. It’s one app for ordering food, commuting, digital payments, shopping, hyper-local delivery, and dozen other products. It is Indonesia’s first and only decacorn. It's also the only Southeast Asian startup to be part of Fortune's list of 'Companies That Changed The World.'
Our Mission: To create and scale positive socio-economic impact for our customers, driver-partners, business and MSMEs.
As of 2018, Gojek processed more than $9 billion annualised gross transaction value across all markets where it operates - in Singapore, Thailand, Vietnam and Indonesia. We have the largest food delivery product in Asia, (outside of China), and the largest payments wallet in Southeast Asia.
Our investors include Google, Facebook, PayPal, Sequoia Capital, Tencent Holdings among others.
Gojek is committed to building a diverse and inclusive workplace and is an equal opportunity employer. We do not discriminate on the basis of race, religion, national origin, gender, gender identity, sexual orientation, disability, age, education status, or any other legally protected status.
Job tags: Architecture Automation CISA CISM CISSP DevOps GIAC Google Linux OSCP Penetration testing SANS Vulnerabilities Vulnerability management