IT Security Engineer

Job Requirements

• Bachelor’s degree in Information Technology, Cybersecurity, Computer Science, or a related field.
• Relevant professional certifications (at least one required), such as: CISSP, CISA, CISM, CEH, ISO 27001 Lead Implementer, or equivalent.
• Minimum 3–5 years of experience in IT Security Engineer especially Blue Team
• Prior experience in Payment Gateway, or Financial Services industry is a strong plus.
• Proven experience in implementing and managing IT security architecture across hardware, operating systems, networks, databases, and applications in Cloud Environtment.
• Strong understanding of network, endpoint, and application security principles in Cloud Environtment.
• Hands-on experience with Vulnerability Management tools (e.g., Nessus, Qualys, Rapid7, OpenVAS).
• Experience in security incident handling and forensic investigation.
• Familiar with SIEM tools (Security Information and Event Management) and real-time threat monitoring.
• Capable of conducting risk assessments and preparing comprehensive security documentation.
• Deep knowledge of security frameworks such as ISO 27001, NIST CSF, COBIT, or equivalent.
• Strong communication skills, especially in presenting security findings and recommendations to non-technical stakeholders.
• Collaborative mindset with the ability to work cross-functionally with IT, compliance, legal, and business teams.
• Proactive problem-solver with the ability to respond quickly and effectively in security incidents.

Job Description:

• Implement and maintain security controls for systems and applications.
• Design and implement appropriate security policies, including network security configurations and operating system security settings.
• Conduct vulnerability assessments and coordinate remediation activities.
• Actively monitor systems and networks to detect and respond to threats using security monitoring tools and intrusion detection systems.
• Respond to and resolve security incidents promptly, and implement appropriate remediation measures.
• Evaluate systems and applications to identify security gaps and provide recommendations for improvement.
• Manage and maintain security systems, including software updates, security patches, and proper configurations.
• Investigate security incidents and perform forensic analysis to identify root causes and impacts.
• Respond to and recover from cybersecurity attacks, including data recovery, system restoration, and remediation of exploited vulnerabilities.
• Stay up to date with the latest security trends, emerging threats, and technological developments to ensure effective protection against new risks.
• Continuously improve the security infrastructure and implement necessary updates to security policies and practices.
• Ensure information security is maintained by complying with security policies, safeguarding company data, and reporting any suspicious activities that may threaten information security.
• Support audit and compliance activities, including adherence to standards and regulations such as ISO 27001, PCI DSS, and OJK / Bank Indonesia requirements.