Cybersecurity Consultant (DevSecOps/Cloud Security) - Jakarta

Key responsibilities:

• Security architecture reviews and assistance including: reviewing architectures from client's product teams and providing security related feedback, analysis and synthesis on feature changes and integrating security into these applications, communication of security focus in agendas with product management for new and existing application development.
• Cloud Security & Compliance review and assistance including: Assisting and supporting the triage and identification of cloud security and compliance issues, training and education with the engineering & product teams around cloud security and compliance issues, integration with the CSIRT and other teams to effectively handle issue identification and remediation, technical and policy advisory around security and compliance issues.
• Consult and advise with client's organizational personnel at tactical, operational, and strategic levels to achieve project goals on compliance toward a variety of regulatory compliance and industry standard frameworks.
• Develop and deliver content on security domains of expertise to establish yourself, our team, and our brand as thought leaders in the community.

We are looking for someone who:

• Passionate in the Cybersecurity domains, especially in DevSecOps and strive to explore new technologies, skillset, frameworks and trends.
• Being a team player, trust and challenge each other, possess good interpersonal communication skills and help mind in a team-oriented environment.
• Being able to communicate well, and willing to receive criticism and feedback.
• Being responsible and taking pride in your work and willing to proactively conduct research as necessary.
• Is familiar with Cloud Environments such as AWS, GCP, Azure or Alibaba Cloud.
• Is familiar with Containerization and its orchestration such as Docker and Kubernetes.
• Is familiar with Configuration Management Tools such as Chef or Ansible.
• Is familiar with Infrastructure as a Code Tools such as Terraform or CloudFormation.
• Is familiar with Security related tools such as OWASP ZAP, Sonarqube, Wazuh, or Vault.
• Is familiar with DevOps related tools such as Jenkins, Grafana, ELK Stack, or Graylog.
• Is comfortable to write any automation using script such as Python, or Bash.
• Has excellent Bahasa Indonesia and English communication skills – both oral (for interviews/meetings, presentations) and written (for designing and writing engaging reports which communicate assessment reports succinctly and clearly convey the message in a way that is appropriate for the audiences).
• Like the sharing and cohesive culture by learning and improving together. We don't have any "subes", "suhu", "panutanque", "master", or similar words here. In our culture, no one is smarter than anyone. It is just a matter of who knows the knowledge in advance.

Experience:

• Associate Consultant: Freshgrad to one (1) year as a DevOps Engineer OR DevSecOps Engineer OR managing (and securing) real-world infrastructure.
• Consultant: One (1) to three (3) years as a DevOps Engineer OR DevSecOps Engineer OR managing (and securing) real-world infrastructure.
• Senior Consultant: More than three (3) years as DevOps Engineer OR DevSecOps Engineer OR managing (and securing) real-world infrastructure.

Nice to have - Certifications

• AWS:  Solutions Architect Associate / Professional, AWS Security Specialty.
• GCP: Associate Cloud Engineer, Professional Cloud Architect, Professional Cloud Security Engineer.
• Container Infrastructure: Certified Kubernetes Administrator (CKA), or Certified Kubernetes Security Specialist (CKS).

Nice to have - Others

• Owning a blog or another sharing media with DevOps or Security-related content.
• Open source contributor or active in any community as a speaker.