# Cloud Security Engineer > Ajaib · Jakarta, Indonesia (Hybrid) · Full-time · Posted 2026-05-05 **Workplace:** hybrid **Department:** Engineering ## Description To serve as "The Watchtower" for Ajaib’s global infrastructure. You will be responsible for ensuring infrastructure integrity across GCP, AWS, and On-Prem environments while owning the end-to-end detection and response lifecycle. Your mission is to transition from manual "eyes on glass" monitoring to a high-velocity, automated operating model that protects customer trust and company IP at scale. **Responsibilities** 1\. Detection & Incident Response (The Watchtower) - Monitoring & Triage: Lead 24x7 monitoring and triage of security alerts across SIEM (Wazuh), EDR (CrowdStrike),DLP and cloud environments. - Incident Lifecycle: Lead detection, triage, containment, and post-incident reviews for infrastructure and cloud-layer security events. - Core Metric Ownership: Drive the reduction of Mean Time to Detect (MTTD) through improved correlation and automated alerting. - Threat Hunting: Perform proactive threat hunting using MITRE ATT&CK techniques to identify advanced threats before they impact production. 2\. Infrastructure Integrity & Automation (The Paved Road) - Infrastructure-as-Code (IaC) Guardrails: Implement and monitor IaC guardrails with automated drift detection to prevent misconfigurations in GCP/AWS. - Standardized Golden Images: Partner with engineering to deploy immutable infrastructure through standardized "Golden Images" to eliminate manual server hardening. - SOAR & Response Playbooks: Build and manage automated SOAR (Security Orchestration, Automation, and Response) playbooks to reduce Mean Time to Respond (MTTR) and ensure instant containment of threats. - Inventory Discovery: Implement automated inventory discovery to ensure "if it isn't tagged, it doesn't run" within cloud environments. - DLP Governance. 3\. Platform & Tooling Management - EDR Administration: Fine-tune and manage CrowdStrike Falcon (Managed Service) and oversee the decommissioning of legacy EDR solutions (Symantec). - WAF Optimization: Manage and optimize Cloudflare WAF rules to protect application layers against DDoS and web attacks. - Teleport Governance: Manage secure infrastructure access through Teleport, moving away from legacy SSH/VPN access toward a Zero-Trust identity anchor. 4\. Fintech & Crypto Specifics - Asset Monitoring: Monitor for threats targeting hot/cold storage systems and exchange infrastructure. - Identity Integrity: Enforce the "Identity Anchor" by ensuring all infrastructure access is anchored to the corporate IDP (Google Workspace/JumpCloud). ## Requirements - Experience: 3+ years in a SOC or Security Operations environment, preferably within Fintech or Digital Banking - SIEM/Logging: Proficiency in Wazuh (log ingestion, correlation, and dashboards) or any other SIEM tool and Google SCC. - EDR/WAF: Hands-on experience managing CrowdStrike Falcon and Cloudflare WAF. - Cloud Security: Practical experience with GCP or AWS security monitoring and IAM. - Incident Response: Mastery of the full incident lifecycle (Triage, Containment, Eradication, Lessons Learned). - Scripting: Proficiency in Python or Bash for automating response playbooks and custom security checks. - IaC Security: Basic knowledge of GCP or AWS for monitoring infrastructure drift. - Frameworks: Familiarity with MITRE ATT&CK. - Crypto Security: Basic understanding of blockchain fundamentals, wallet security, and DeFi-specific threats (e.g., flash loans, exchange exploits). - JumpCloud Integration: Experience integrating JumpCloud with infrastructure tools to enforce the "Kill Switch" during offboarding. ## Benefits Join us as we make magic happen to increase Indonesia’s financial inclusion! ## Apply [Apply at Ajaib](https://apply.workable.com/ajaib/j/8EDBDC3537/apply) --- Powered by [Workable](https://www.workable.com)