Staff Security Engineer

Jakarta Selatan, Jakarta, Indonesia

Full Time Senior-level / Expert
Xendit logo
Apply now Apply later

Xendit provides payment infrastructure across Southeast Asia, with a focus on Indonesia and the Philippines. We process payments, power marketplaces, disburse payroll and loans, provide KYC solutions, prevent fraud, and help businesses grow exponentially. We serve our customers by providing a suite of world-class APIs, eCommerce platform integrations, and easy to use applications for individual entrepreneurs, SMEs, and enterprises alike.

Our main focus is building the most advanced payment rails for Southeast Asia, with a clear goal in mind — to make payments across in SEA simple, secure and easy for everyone. We serve thousands of businesses ranging from SMEs to multinational enterprises, and process millions of transactions monthly. We’ve been growing rapidly since our inception in 2015, onboarding hundreds of new customers every month, and backed by global top-10 VCs. We’re proud to be featured on among the fastest growing companies by Y-Combinator.


Our vision is to build digital infrastructure for Southeast Asia, supporting customers from fast-growing startups, NGOs to multinational enterprises such as Traveloka, Lazada, Garuda Indonesia, Suzuki, and Ciputra. 

Your mission as part of Xendit information security team is to improve security culture in Xendit by breaking  down barriers and open collaboration between development, operations and, last but not least, security team.


  • Define metrics and key performance indicators to determine the effectiveness of the security testing, tooling & automation program
  • Collaborate with the architects group to drive long term security improvements across Xendit
  • Build security standard for product & infrastructure development
  • Perform security review of product & infrastructure design plan
  • Design, engineer, and build automated security tools to help product engineer to catch security vulnerabilities in SDLC as early as possible
  • Design, engineer, and build tooling to ensure best practices and standards are adhered in our cloud infrastructure
  • Drive automation of compliance implementation, verification, remediation, monitoring and reporting
  • Ensure that security testing plan evaluate all possible impacts and scenarios on the assets being tested
  • Improve the analysis and defence techniques and tactics to combat new types and sources of threats and attacks
  • Do whatever it takes to make Xendit succeed

You may be a good fit if

  • Bachelor's degree in Computer Science. An equivalent combination of education and work experience may be taken into consideration in lieu of a degree
  • 7 - 10 years of relevant IT experience, with a minimum of 6-year hands-on technical experience in information security, infrastructure or software development
  • Hands-on technical experience implementing security scanning tools (SAST, DAST, IAST)
  • Hands-on technical experience using automation platforms or scripting languages (shell, Python, ansible, terraform) for managing scans, infrastructure, and data
  • You are familiar with software development lifecycle and agile methodologies
  • You are familiar with cloud computing platform such as AWS, Alicloud, or GCP
  • You are eager to explore new security tooling or new security open source projects
  • You thrive on the autonomy and have proven you can push towards a goal by yourself
  • Exceptional verbal and written communication skills in English
  • Bonus point if you have knowledge at common security or regulatory compliance (PCI DSS, ISO27001)
What we care about
  • Solve for the customer first: You build what customers want. You think about what is right for customers, not what is easiest for you
  • Demonstrate mastery of honey badgery: You make ambitious goals. Then execute…no matter what stands in the way. When knocked down, you get up
  • Take on challenges willingly and can be trusted to execute: You can be trusted to get things done right the first time quickly. You hit your deadlines
  • You’re like us: You smile a lot, think work is fun and don’t take yourself too seriously. You measure yourself against the best and believe feedback is the breakfast of champions. You follow the golden rule.
  • You’re remarkable: People naturally talk about how awesome you are. If we can’t find someone who raves about you then it’s unlikely we will too.
Job region(s): Asia/Pacific
Job stats:  12  0  0
  • Share this job via
  • or

Explore more Information Security career opportunities