IT Security C&T logo

IT Security C&T

jakarta, bengaluru

Senior DevSecOps Engineer - CISO

full-timeOn-site

About the Role

We’re looking for an experienced and proactive DevSecOps engineer to architect and own secure delivery across our Development Process. In this critical, hands-on role, you will be the champion for shifting security to the earliest stage of development. Your mission is to empower our engineering teams to deliver secure and high-quality code at speed by embedding security guardrails and tooling directly into their workflows. 

What You Will Do

  • Embed Security into the SDLC: You will integrate and automate a suite of security tooling - including secrets management, Software Composition Analysis (SCA), Static Application Security Testing (SAST), and Infrastructure as Code (IaC) scanning into our CI/CD pipelines.
  • Secure the Developer Workflow: A key focus will be securing our development platforms (GitHub/GitLab) from the ground up, implementing security best practices for repository settings, branch protections, and code access.
  • Architect Security as Code: You will leverage your deep programming skills in Python, Go, JavaScript, etc., to build custom tooling, automation, integrations, and supporting documentation that help create a frictionless security experience for accelerated development.
  • Act as a Security SME: With your keen ability to spot security flaws quickly, you will serve as a subject matter expert for engineering teams, guiding them on secure coding and pragmatic remediation strategies.
  • Incorporating AI to enhance security: You will be a key contributor to our efforts on improving our security posture by researching and applying AI-driven solutions to enhance threat detection, automate vulnerability management, and intelligently secure our development lifecycle.

What You Will Need

  • 5+ years of proven experience in a hands-on DevSecOps or Application Security role with a strong DevOps foundation.
  • Solid Kubernetes experience (deployments, RBAC, basic networking, troubleshooting).
  • Development skills at minimum: Python, Go, and JavaScript code.
  • Practical & deep understanding of the use of SCA, SAST, secrets, and IaC scanning tools
  • Strong Git skills (branching, rebasing, signed commits, access controls).
  • Experience securing GitHub or GitLab (tokens, branch protections, CI secrets).
  • Excellent written and verbal communication skills tailored for diverse audiences.

About the Team

Our DevSecOps team works at the intersection of security, platform reliability, and developer velocity. We focus on solving real platform and security challenges, not just running tools. When something doesn’t exist, we build or script it ourselves.

We collaborate closely with Engineering and DevOps teams, sharing ownership of outcomes through fast feedback loops and collective wins, no ticket tossing. Continuous learning is part of our DNA: we conduct open post-mortems, test ideas through small-scale experiments, and continually refine our approach. Our engineers have the freedom to choose the right tools for the job and are encouraged to think creatively to solve complex problems. It’s a space for builders who enjoy autonomy, collaboration, and impact at scale.