DevSecOps (Contract Based)

About Us

INDICO is a digital technology subsidiary company of Telkomsel, Indonesia's leading digital telecom company. INDICO plays a strategic role as a holding company that houses current and prospective vertical digital business portfolios, including Kuncie (edu-tech), Fita (health-tech), and Majamojo (game). Moving forward, INDICO aims to explore opportunities in multiple verticals adjacent to Telkomsel's digital businesses. Our goal is to leverage Telkomsel's digital assets to develop innovative cross-sectoral digital solutions, empowering Indonesia's digital economy.

Key Responsibilities:

Infrastructure & Cloud Management

• Collaborate in designing, implementing, and maintaining secure, scalable, and cost-efficient AWS infrastructure using services such as EC2, S3, Lambda, RDS, DynamoDB, and VPC

• Develop and maintain Infrastructure as Code (IaC) using Terraform and Terragrunt for consistent and repeatable deployments
• Assist in monitoring and optimizing AWS resource usage to ensure cost efficiency while maintaining performance standards
• Support implementation of AWS security best practices, including IAM policies, Secrets Manager, Security Hub, WAF, and GuardDuty, while learning compliance requirements with industry standards

DevSecOps & CI/CD Pipeline Management

• Build and maintain GitLab CI/CD pipelines for automated testing, building, and deployment processes
• Integrate security controls into the DevOps lifecycle by working with tools like SonarQube, Checkmarx, or Snyk for static application security testing (SAST) and dependency scanning
• Learn and implement DAST (Dynamic Application Security Testing) tools and processes to identify runtime vulnerabilities
• Use SonarQube to support coding standards enforcement, identify vulnerabilities, and contribute to high-quality code practices across development teams

Container Orchestration & Management

• Manage containerized applications using Docker and work with orchestration platforms including Kubernetes (EKS), Amazon ECS, or Fargate
• Learn and apply container security best practices and vulnerability scanning for Docker images
• Contribute to designing and maintaining scalable microservices architectures using container technologies

Monitoring & Observability

• Set up and manage monitoring tools such as AWS CloudWatch, Prometheus, Grafana, Opentelemetry, and ELK Stack for insights into system performance, availability, and security
• Create dashboards and alerting mechanisms for proactive incident response
• Support logging strategies and centralized log management for security and compliance requirements

Collaboration & Continuous Learning

• Contribute to disaster recovery (DR) planning and backup strategies to ensure business continuity and data integrity

• Work closely with development, operations, and security teams to ensure seamless integration and delivery of solutions

• Continuously learn and stay updated with DevSecOps best practices and emerging technologies

Education

• Bachelor's degree in Computer Science, Information Technology, Engineering, or related field
• Equivalent professional experience and demonstrated skills will be considered
• Continuous learning mindset and willingness to pursue additional certifications

Technical Expertise

• 3+ years of experience with AWS cloud services and basic architecture principles

• 2+ years of experience with Terraform and Terragrunt or willingness to learn infrastructure automation quickly

• Good understanding of Docker containerization and Kubernetes fundamentals

• Experience with GitLab CI/CD or similar CI/CD tools and pipeline development

• Basic knowledge of SAST and DAST security testing concepts with eagerness to deepen expertise

• Familiarity with Grafana and AWS CloudWatch for monitoring and alerting

Security & Compliance

• Understanding of cloud security principles and AWS security services
• Some exposure to security scanning tools (SonarQube, Checkmarx, Snyk, etc.)
• Basic knowledge of compliance frameworks and security best practices
• Interest in learning threat modeling and risk assessment methodologies

Development & Scripting

• Proficiency in at least one scripting language (Python, Bash, PowerShell)
• Strong experience with version control systems (Git) and collaborative development workflows
• Good understanding of software development lifecycle and agile methodologies

Soft Skills

• Strong problem-solving mindset and willingness to learn
• Good communication and collaboration abilities
• Ability to work effectively in team environments
• Strong desire for continuous learning and professional growth

Preferred Qualifications

• AWS certifications (Cloud Practitioner, Solutions Architect Associate, or willingness to pursue)
• Experience with additional monitoring tools (Prometheus, ELK Stack, DataDog)
• Interest in serverless architectures and AWS Lambda and ECS.
• Basic understanding of database concepts and optimization
• Experience with version control branching strategies and code review processes
• Previous exposure to multi-cloud or hybrid cloud environments