Infosec Engineer - Indonesia

Jakarta - Indonesia

Applications have closed

BukuWarung

BukuWarung adalah aplikasi keuangan untuk UMKM yang menyediakan pembayaran, layanan finansial, pembukuan hingga perdagangan.

View company page

Overview
BukuWarung is SEA’s fastest growing startup and we are building the digital infrastructure for 60 million MSMEs in Indonesia, enabling them to efficiently manage and grow their business, starting with digital bookkeeping, online storefront & payments. BukuWarung’s vision is to empower 60 million MSMEs in Indonesia to become financially aware and enable them to manage and grow their business using technology.
BukuWarung is backed by top tier VCs globally: Peter Thiel’s Valar Ventures, Goodwater Capital, Y-Combinator, AC Ventures, Quona Capital, East Ventures, Golden Gate Ventures, Rocketship.vc, Tanglin Venture Partners and strategic angel investors from Stripe, PayPal, Plaid, Grab, Gojek, Facebook, AirBnB, Fast, Mastercard etc.

Key Responsibilities

  • Build, lead, and manage the Information Security function at BukuWarung.
  • Liaise closely with the IT and Engineering teams to implement best-in-class information/data security/privacy controls across all operations in India, Indonesia, and Singapore.
  • Perform Security review, threat modeling, and analysis of engineering modules and components. Identify weaknesses and recommend fixes.
  • Create detection rules, SOPs, and automation for analyzing application and cloud logs.
  • Manage and continuously improve the Bug Bounty program.
  • Leverage tools and scanners to identify and test weaknesses in the organization’s infrastructure and assets. Perform RCA as needed.
  • Contribute to ideas in automating security processes in collaboration with internal stakeholders as well as third parties.
  • Provide technical guidance in product, component, and vendor selection as appropriate for specific Information Security projects across various departments.
  • Ensure that the company is compliant with local regulatory requirements with regard to Information Security. As required, align the overall company IT processes with global standards such as ISO 27001 and SOC 2.
  • Protect the company from external as well as internal security threats by establishing people, processes, and technology structures. 
  • Work with internal business units to ensure that the management and execution of all systems are operating in compliance with security requirements, and facilitate information security risk assessment and risk management processes.
  • Ensure that data privacy requirements are included in processes, develop and oversee effective disaster recovery policies and standards, and facilitate and support the development of asset inventories
  • Act as an advisor to business stakeholders, project managers, and IT partners to educate them on security risks to information assets and provide guidance on standards and practices.
  • Continuously assess and recommend requirements to establish new or enhance existing Information Security standards and Standard Operating Procedures to meet emerging threats.

What We Are Looking For (Technical):

  • A Bachelor’s or Master’s degree in Computer Information Systems or a related discipline, or equivalent experience, is preferred.
  • At least 2 years of experience in an Information Security role.
  • Have basic knowledge of system security, cryptography, network security, OS fundamentals, OSINT, OWASP top 10, and standard security frameworks.
  • Familiarity with threat modeling tools like Microsoft Threat Modeling Tool, OWASP Threat Dragon, etc
  • Familiarity with open-source scanners for SAST and DAST.
  • Understanding of security technologies like EDR, PAM, SOAR, DLP, and security operations.
  • Information Security certifications such as OSCP, GSEC, CompTIA Pentest+, etc. are a solid plus.
  • Knowledge of, and exposure to privacy and data security laws and regulations is a big plus.

What We Are Looking For (Intangible):

  • Process-driven outlook towards resolving problems.
  • Proven experience working in a Lean/Agile environment.
  • Clear and concise communication.
  • Ability to interact and build relationships at different levels of the organization."Do what it takes to ensure success" attitude, willing to step into multiple disciplines and responsibilities as needed.
  • Ability to work in small organizations, and a highly flexible work environment.
  • Self-directed, resourceful, and comfortable with operating in ambiguity.
  • Experience in prioritizing from a long list of requirements ensuring maximization of ROI
  • Passionate about service and customer focus
If this sounds like you, please apply!

* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰

Tags: Agile Automation Cloud Compliance CompTIA Cryptography DAST EDR GSEC ISO 27001 Network security OSCP OSINT OWASP Privacy Risk assessment Risk management SAST SOAR SOC SOC 2

Perks/benefits: Flex hours Startup environment

Region: Asia/Pacific
Country: Indonesia
Job stats:  6  0  0

More jobs like this

Explore more InfoSec / Cybersecurity career opportunities

Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.