Infosec Engineer - Indonesia
Jakarta - Indonesia
Applications have closed
BukuWarung
BukuWarung adalah aplikasi keuangan untuk UMKM yang menyediakan pembayaran, layanan finansial, pembukuan hingga perdagangan.BukuWarung is SEA’s fastest growing startup and we are building the digital infrastructure for 60 million MSMEs in Indonesia, enabling them to efficiently manage and grow their business, starting with digital bookkeeping, online storefront & payments. BukuWarung’s vision is to empower 60 million MSMEs in Indonesia to become financially aware and enable them to manage and grow their business using technology.
BukuWarung is backed by top tier VCs globally: Peter Thiel’s Valar Ventures, Goodwater Capital, Y-Combinator, AC Ventures, Quona Capital, East Ventures, Golden Gate Ventures, Rocketship.vc, Tanglin Venture Partners and strategic angel investors from Stripe, PayPal, Plaid, Grab, Gojek, Facebook, AirBnB, Fast, Mastercard etc.
Key Responsibilities
- Build, lead, and manage the Information Security function at BukuWarung.
- Liaise closely with the IT and Engineering teams to implement best-in-class information/data security/privacy controls across all operations in India, Indonesia, and Singapore.
- Perform Security review, threat modeling, and analysis of engineering modules and components. Identify weaknesses and recommend fixes.
- Create detection rules, SOPs, and automation for analyzing application and cloud logs.
- Manage and continuously improve the Bug Bounty program.
- Leverage tools and scanners to identify and test weaknesses in the organization’s infrastructure and assets. Perform RCA as needed.
- Contribute to ideas in automating security processes in collaboration with internal stakeholders as well as third parties.
- Provide technical guidance in product, component, and vendor selection as appropriate for specific Information Security projects across various departments.
- Ensure that the company is compliant with local regulatory requirements with regard to Information Security. As required, align the overall company IT processes with global standards such as ISO 27001 and SOC 2.
- Protect the company from external as well as internal security threats by establishing people, processes, and technology structures.
- Work with internal business units to ensure that the management and execution of all systems are operating in compliance with security requirements, and facilitate information security risk assessment and risk management processes.
- Ensure that data privacy requirements are included in processes, develop and oversee effective disaster recovery policies and standards, and facilitate and support the development of asset inventories
- Act as an advisor to business stakeholders, project managers, and IT partners to educate them on security risks to information assets and provide guidance on standards and practices.
- Continuously assess and recommend requirements to establish new or enhance existing Information Security standards and Standard Operating Procedures to meet emerging threats.
What We Are Looking For (Technical):
- A Bachelor’s or Master’s degree in Computer Information Systems or a related discipline, or equivalent experience, is preferred.
- At least 2 years of experience in an Information Security role.
- Have basic knowledge of system security, cryptography, network security, OS fundamentals, OSINT, OWASP top 10, and standard security frameworks.
- Familiarity with threat modeling tools like Microsoft Threat Modeling Tool, OWASP Threat Dragon, etc
- Familiarity with open-source scanners for SAST and DAST.
- Understanding of security technologies like EDR, PAM, SOAR, DLP, and security operations.
- Information Security certifications such as OSCP, GSEC, CompTIA Pentest+, etc. are a solid plus.
- Knowledge of, and exposure to privacy and data security laws and regulations is a big plus.
What We Are Looking For (Intangible):
- Process-driven outlook towards resolving problems.
- Proven experience working in a Lean/Agile environment.
- Clear and concise communication.
- Ability to interact and build relationships at different levels of the organization."Do what it takes to ensure success" attitude, willing to step into multiple disciplines and responsibilities as needed.
- Ability to work in small organizations, and a highly flexible work environment.
- Self-directed, resourceful, and comfortable with operating in ambiguity.
- Experience in prioritizing from a long list of requirements ensuring maximization of ROI
- Passionate about service and customer focus
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Agile Automation Cloud Compliance CompTIA Cryptography DAST EDR GSEC ISO 27001 Network security OSCP OSINT OWASP Privacy Risk assessment Risk management SAST SOAR SOC SOC 2
Perks/benefits: Flex hours Startup environment
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Staff Security Engineer jobs
- Open Information Security Specialist jobs
- Open Senior Security Analyst jobs
- Open Security Operations Engineer jobs
- Open Senior Cyber Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Senior Information Security Analyst jobs
- Open Product Security Engineer jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Cybersecurity Analyst jobs
- Open Cyber Security Specialist jobs
- Open Principal Security Engineer jobs
- Open Cybersecurity Consultant jobs
- Open Consultant SOC / CERT H/F jobs
- Open Senior Information Security Engineer jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Specialist jobs
- Open Security Specialist jobs
- Open Chief Information Security Officer jobs
- Open Security Researcher jobs
- Open Senior Penetration Tester jobs
- Open Senior Security Architect jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Senior Cyber Security Specialist jobs
- Open Information System Security Officer (ISSO) jobs
- Open Agile-related jobs
- Open ISO 27001-related jobs
- Open Application security-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open Pentesting-related jobs
- Open CISM-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open Analytics-related jobs
- Open SaaS-related jobs
- Open IAM-related jobs
- Open CISA-related jobs
- Open Threat intelligence-related jobs
- Open Security assessment-related jobs
- Open DevOps-related jobs
- Open Java-related jobs
- Open Kubernetes-related jobs
- Open EDR-related jobs
- Open Malware-related jobs
- Open APIs-related jobs
- Open IDS-related jobs
- Open Security Clearance-related jobs
- Open CI/CD-related jobs
- Open DevSecOps-related jobs