Security Engineer

Bukalapak is a leading Indonesian technology company dedicated to empowering small and medium‑sized enterprises (SMEs). We are committed to creating a fair economy for all, driving innovation, and contributing to the growth of society. At Bukalapak, you'll be part of a dynamic and passionate team making a real impact.

We're looking for a Security Engineer to safeguard Mitra Bukalapak's applications, APIs, and infrastructure from evolving cyber threats. In this role, you'll take ownership of identifying and mitigating vulnerabilities through security assessments, penetration testing, and continuous monitoring.

You’ll collaborate closely with engineering and product teams to embed security into every stage of development—designing secure architectures, automating threat detection, and integrating robust protection into CI/CD pipelines. This role is perfect for someone passionate about staying ahead of emerging threats and driving a culture of security‑first innovation across the organization.

• Conduct security assessments and penetration testing on Mitra's applications, APIs, and infrastructure to identify potential risks and vulnerabilities.
• Collaborate closely with backend, frontend, DevOps, and product teams to design and implement secure architecture and coding practices.
• Perform regular vulnerability scanning, threat modeling, and remediation verification to ensure compliance with internal security standards.
• Monitor Mitra's systems and services using SIEM tools, analyze alerts, and coordinate incident response and forensic investigation when necessary.
• Develop and maintain security automation scripts or integrations to improve efficiency in threat detection and response.
• Partner with cross‑functional teams to embed security into CI/CD pipelines, ensuring early detection of potential security issues.
• Maintain and update documentation on Mitra's security posture, processes, and mitigation strategies.
• Stay informed on emerging cyber threats, technologies, and best practices, and proactively recommend improvements to strengthen defense mechanisms.

• Bachelor's degree in Computer Science, Information Security, or related field.
• 2+ years of experience in application security, penetration testing, infrasec, devsecops or cybersecurity engineering.
• Hands‑on experience with penetration testing tools (e.g., Burp Suite, OWASP ZAP, Nmap, Metasploit).
• Familiarity with orchestration tools like Ansible and Terraform, cloud infrastructure, cloud security (AWS/GCP), application security and container security (Docker, Kubernetes).
• Experience with SIEM tools and log analysis (e.g., Splunk, ELK, Graylog).
• Understanding of OWASP Top 10, threat modeling, and secure SDLC principles.
• Basic programming/scripting knowledge (Python, Go, or Bash).
• Experience integrating security checks into CI/CD pipelines (e.g., GitLab, Jenkins).
• Exposure to SecOps, EDR tools and vulnerability scanning processes.
• Hardworking and smart‑working person.
• Strong analytical and problem‑solving mindset.
• Excellent collaboration and communication skills with both technical and non‑technical stakeholders.
• Proactive learner who stays updated with the latest in cybersecurity trends and threats.