Roles and Responsibilities
- Develop, enhance, and implement information security policies and SOPs aligned with regulatory requirements and the risk committee.
- Monitor security across on-premise and cloud infrastructure (servers, databases, networks, WAF, firewalls, VPN, API security, endpoints, IAM).
- Perform security risk assessments and design mitigation plans in collaboration with relevant IT teams.
- Handle incident response together with the CSIRT, including investigation, analysis, root cause identification, containment, eradication, recovery, and incident reporting.
- Conduct regular internal vulnerability assessments and penetration testing and coordinate remediation with relevant IT teams.
- Manage access control and privilege management for all systems and applications, including periodic user access reviews.
- Ensure compliance with security standards and external audits (ISO 27001, POJK, NIST, SOC2, internal audit).
- Support the development of the Business Continuity Plan (BCP) and Disaster Recovery Plan (DRP).
- Develop and conduct security awareness training for all employees (phishing simulations, policy awareness sessions).
Requirements
- A Diploma - Bachelor's in Computer Science, Information Technology, or a related field.- Between 1 to 3 years of relevant experience in IT Security (red or blue team), Cybersecurity, Penetration Testing, Network Security, and Information Security.
- Strong analytical and problem-solving skills, with a passion for technology and security.
- Excellent communication and teamwork abilities.
- Good understanding of network security, cloud security (AliCloud/GCP/AWS), and server management.
- Able to develop a clear understanding and proper documentation.
- Hands-on experience with security tools and technologies such as SIEM, Nmap, Wireshark, and Metasploit.
- Hands-on experience with Kali Linux and Linux & Network Administration is a plus.
- A proactive mindset and the ability to work independently while contributing to a team effort.
