# Product Security Engineer > Ajaib · Jakarta, Indonesia (Hybrid) · Full-time · Posted 2026-05-07 **Workplace:** hybrid **Department:** Engineering ## Description To elevate Ajaib’s security posture to global financial standards by building a high-velocity "Paved Road". You will move away from being a "siloed" security auditor to becoming an enabler who builds the automated infrastructure that makes the secure path the easiest path for developers. **Responsibilities** 1\. Building the "Paved Road" (Platform Layer) - Continuous Scanning: Integrate SAST, DAST, and SCA (Software Composition Analysis) into CI/CD pipelines (GitHub Actions) to provide instant feedback to developers. - Security-as-Code: Automate security gates in the deployment pipeline to block high/critical severity findings from reaching production. - Tooling Ownership: Manage and maximize the value of the current security stack, including SonarQube, Cloudflare \[WAF\] and Cloud Automation . - Infrastructure-as-Code (IaC): Build IaC guardrails with automated drift detection to ensure cloud infrastructure (GCP/AWS) remains resilient. 2\. Delivery & Cultural Leadership - Security Champions: Identify and support embedded Security Champions in every squad, ensuring threat modeling occurs during the design phase rather than right before launch. - Vulnerability Management: Transition from manual tracking to a prioritized Jira backlog, partnering with developers to verify root causes and remediation. - Security Culture: Run developer awareness sessions and secure code workshops to foster a "you build it, you run it, you secure it" mindset. 3\. Fintech & API Security - API Assessment: Test payment APIs, transaction flows, and KYC/AML pipelines for fintech-specific attack vectors like BOLA (Broken Object Level Authorization) and mass assignment. - Compliance Support: Ensure technical execution meets Governance Layer standards for Zero Trust and corporate identity anchoring. ## Requirements - AppSec Fundamentals: Deep understanding of OWASP Top 10, CWE, and secure SDLC principles. - Automated Tooling: Proficiency in SAST/DAST/SCA tools such as Semgrep, Snyk, Burp Suite Professional, and SonarQube. - Cloud & CI/CD: Practical experience with GCP/AWS IAM, secrets management, and embedding security into GitHub Actions. - Threat Modeling: Ability to conduct threat models using STRIDE or PASTA during the design phase. - Scripting: Proficiency in Python or Bash for scan automation and custom security checks. - Identity & Access: Experience with JumpCloud or Google Workspace for identity anchoring and automated lifecycle management. - Crypto Exposure: Understanding of wallet security, smart contract audit basics, or DeFi risk awareness. - Fintech Security: Awareness of PCI-DSS standards and payment gateway security. ## Benefits Join us as we make magic happen to increase Indonesia’s financial inclusion! ## Apply [Apply at Ajaib](https://apply.workable.com/ajaib/j/7BFBDAA8F2/apply) --- Powered by [Workable](https://www.workable.com)