Security Engineering Lead

1 day ago Be among the first 25 applicants

About The Job:

We are looking for an experienced and passionate Security Engineering Lead with a proven track record in building and leading security teams. You will play a critical role in shaping and executing the company’s cybersecurity strategy, ensuring compliance with regulatory requirements, and strengthening our security posture across applications, infrastructure, and governance. This role requires strong leadership, technical expertise, and the ability to collaborate with multiple stakeholders to achieve company-wide security goals.

Responsibilities:

• Define and create the Info Sec division’s quarterly task list and ensure alignment with company objectives
• Supervise and guide the work of each Info Sec team member across Cloud Security, Application Security, Governance & Compliance, and Incident Response, ensuring OKRs are achieved
• Regularly report team progress, challenges, and achievements to the CTO
• Maintain and oversee ISO 27001:2022 certification for the company group
• Develop and update cybersecurity strategies to anticipate and address evolving cyber threats
• Establish annual Cap Ex and OpEx budget plans for the company’s cybersecurity needs and Info Sec team requirements
• Maintain and prepare annual security reports required by regulatory bodies (e.g., BI & OJK)
• Implement company security policies based on industry frameworks such as ISO 27001:2022, NIST, RMF, and OWASP
• Coordinate and collaborate with other divisions on security-related initiatives and shared responsibilities
• Compile quarterly cybersecurity reports for management and stakeholders
• Reduce operational security costs while maintaining efficiency and effectiveness according to management priorities
• Develop and maintain a company-wide security maturity assessment framework and track improvements over time.

• Minimum 5 years of experience in Information Security, with at least 2 years in a leadership or management role
• Strong communication skills, with the ability to translate complex security concepts into business language
• Proven experience leading security teams in areas such as App Sec, Cloud Sec, GRC, and Incident Response
• Deep understanding of regulatory requirements (ISO 27001:2022, PCI DSS, BI, OJK)
• Strong background in penetration testing, cloud security (GCP/Hybrid/Kubernetes), and security operations
• Proficiency in security defense technologies (e.g., SIEM, WAF, Firewall, CSPM)
• Knowledge of scripting/programming (Java, Python, Golang) is an advantage
• Hands-on experience with CI/CD security (SAST, DAST) and version control (Git)
• Good knowledge of risk scoring methodologies (OWASP Risk Rating, CVSS)
• Familiar with SQL-based databases (Postgre
  
  SQL, MySQL, etc.)
• Strong ability to design security strategies, reduce costs, and improve overall security maturity
• Professional certifications such as CISM, CISSP, ISO
  27001 Lead Auditor or equivalent are highly desirable

• Seniority level
  
  Mid-Senior level

• Employment type
  
  Full-time

• Job function
  
  Other, Information Technology, and Management
• Industries Internet Publishing

Referrals increase your chances of interviewing at by Orange by 2x

Apply BELOW