Information Security Engineer / Cybersecurity Engineer / Network Security Engineer
Experience Required: 2 4 years (1 to 3 years of relevant experience in IT Security, Cybersecurity, Penetration Testing, and Network Security)
Location: Indonesia, Jakarta; Jakarta
Role Summary
AsetKu (PT. Pintar Inovasi Digital) is actively seeking a seasoned IT Security Engineer to support the development, enhancement, and implementation of robust information security policies and standard operating procedures (SOPs) that align with regulatory requirements and the organization's risk management framework.
This pivotal role will be instrumental in safeguarding our digital lending platform by ensuring the security of both on-premise and cloud infrastructures, including servers, databases, networks, and applications.
The Information Security Manager will play a critical role in monitoring security protocols, performing comprehensive risk assessments, and collaborating with IT teams to design effective mitigation plans.
The successful execution of these responsibilities will significantly contribute to AsetKu's commitment to maintaining a compliant and secure environment for our customers and partners.
Key Responsibilities
- Develop, enhance, and implement comprehensive information security policies and SOPs that align with regulatory requirements and organizational risk management strategies.
- Monitor and maintain security across on-premise and cloud infrastructures, ensuring the integrity of servers, databases, networks, firewalls, VPNs, APIs, endpoints, and identity access management systems.
- Conduct thorough security risk assessments and collaborate with relevant IT teams to design effective mitigation plans tailored to identified vulnerabilities.
- Lead incident response efforts in partnership with the CSIRT, encompassing investigation, analysis, root cause identification, containment, eradication, recovery, and reporting of security incidents.
- Execute regular internal vulnerability assessments and penetration testing while coordinating remediation efforts with IT teams to address identified weaknesses.
- Manage access control and privilege management across all systems and applications, including conducting periodic user access reviews to ensure compliance with security policies.
- Ensure adherence to security standards and facilitate external audits (ISO 27001, POJK, NIST, SOC2) as well as internal audits to maintain compliance.
- Support the development and maintenance of the Business Continuity Plan (BCP) and Disaster Recovery Plan (DRP) to ensure organizational resilience.
- Develop and conduct security awareness training programs for all employees, including phishing simulations and policy awareness sessions to foster a culture of security within the organization.
Required Qualifications
- A Diploma - Bachelor's in Computer Science, Information Technology, or a related field.
- Between 1 to 3 years of relevant experience in IT Security (red or blue team), Cybersecurity, Penetration Testing, Network Security, and Information Security.
- Strong analytical and problem-solving skills, with a passion for technology and security.
- Excellent communication and teamwork abilities.
- Good understanding of network security, cloud security (AliCloud / GCP / AWS), and server management.
- Able to develop a clear understanding and proper documentation.
- Hands-on experience with security tools and technologies such as SIEM, Nmap, Wireshark, and Metasploit.
- Hands-on experience with Kali Linux and Linux & Network Administration is a plus.
- A proactive mindset and the ability to work independently while contributing to a team effort.
