Security Engineering Lead (Blue Team)

About Amartha

At Amartha, we empower micro-businesses across Indonesia, enabling growth and equal prosperity. We've supported over 3.6 million enterpreneurs–mostly women–by disbursing IDR 37 trillion in funding. As we step into 2026, Amartha is evolving into a technology-driven financial ecosystem, expanding our reach in lending, funding, and payments. Through innovation and digital solutions, we aim to enhance accessibility, streamline processes, and create a seamless user experience.

About the Role 

The Security Engineering Lead plays a crucial role in Amartha. You will be the warrior who will spearhead various Information Security programs to protect Amartha from internal and external threats.

About the team

The Information Security team in Amartha is a group of dynamic, highly-analytical  individuals who are highly mindful in driving security and privacy by design within the various aspects of product lifecycle and engineering processes. We are the team who are highly passionate to be the security enabler of Amartha’s systems

Responsibilities

• Lead, mentor, and grow a team of engineers across security, development, and operations teams, fostering strong cross-functional collaboration and a security-first mindset.
• DevSecOps Integration: Drive the cultural and technical integration of security into every phase of the CI/CD pipeline, promoting "security as code" principles.
• Detection & Response: Lead the blue team in continuous monitoring, threat detection, incident response, and forensic analysis to swiftly address and mitigate cyber threats.
• Automation & Tooling: Automate security controls and leverage tools such as SIEM solutions, vulnerability scanners, and EDR systems to gain real-time visibility across our infrastructure.
• Cloud Security: Implement and manage security controls within our cloud platform environment (GCP), addressing the complexities of infrastructure.
• Support regular risk assessments and security audits, ensuring compliance with local regulations like OJK's and BI’s guidelines for IT implementation on Information Security.
• Identify current and emerging technology issues including security trends, vulnerabilities and threats over the cloud-based infrastructure
• Recognize complex technical issues and managing them within a fast-paced business environment
• Perform proactive investigation to analyze security weaknesses and recommend appropriate strategies
• Perform Threat intelligence activities
• Work closely with internal and external teams to implement security solutions
• Acquire and implement new technological solutions to enhance organizational security posture
• Identify, define and document system security requirements and recommend solutions
• Monitor systems for irregular behavior and set up preventive measures
• Enhance the effectiveness of cloud security related processes through automation and orchestration

• 8+ years in security engineering, with 3+ years in a leadership role
• Excellent analytical and interpersonal skills
• Ability to express technical information clearly at different organizational levels
• Having relevant certification are preferable
• Hands-on expertise with cloud platforms, containerization (Docker, Kubernetes), IaC tools (Terraform, Ansible), and proficiency in scripting/programming languages (Python, Java, Go)
• Familiar with a variety of Pentesting toolkits, including BurpSuite, Hydra, Nessus, NMap, Metasploit, Frida, MobSF, or comparable technologies
• Tools familiarity : Python, Bash, TerraFrom, Ansible, GitHub, Jenkins, Artifactory, Jira, Terraform, Git, Nessus, NMap, Metasploit