DevSecOps (Contract Based)
Jakarta, Jakarta, Indonesia
INDICO
INDICO hadir mengakselerasi manfaat inovasi digital yang dapat buka semua kemajuan bagi masyarakat.About Us
INDICO is a digital technology subsidiary company of Telkomsel, Indonesia's leading digital telecom company. INDICO plays a strategic role as a holding company that houses current and prospective vertical digital business portfolios, including Kuncie (edu-tech), Fita (health-tech), and Majamojo (game). Moving forward, INDICO aims to explore opportunities in multiple verticals adjacent to Telkomsel's digital businesses. Our goal is to leverage Telkomsel's digital assets to develop innovative cross-sectoral digital solutions, empowering Indonesia's digital economy.
Key Responsibilities:
Infrastructure & Cloud Management
- Collaborate in designing, implementing, and maintaining secure, scalable, and cost-efficient AWS infrastructure using services such as EC2, S3, Lambda, RDS, DynamoDB, and VPC
- Develop and maintain Infrastructure as Code (IaC) using Terraform and Terragrunt for consistent and repeatable deployments
- Assist in monitoring and optimizing AWS resource usage to ensure cost efficiency while maintaining performance standards
- Support implementation of AWS security best practices, including IAM policies, Secrets Manager, Security Hub, WAF, and GuardDuty, while learning compliance requirements with industry standards
DevSecOps & CI/CD Pipeline Management
- Build and maintain GitLab CI/CD pipelines for automated testing, building, and deployment processes
- Integrate security controls into the DevOps lifecycle by working with tools like SonarQube, Checkmarx, or Snyk for static application security testing (SAST) and dependency scanning
- Learn and implement DAST (Dynamic Application Security Testing) tools and processes to identify runtime vulnerabilities
- Use SonarQube to support coding standards enforcement, identify vulnerabilities, and contribute to high-quality code practices across development teams
Container Orchestration & Management
- Manage containerized applications using Docker and work with orchestration platforms including Kubernetes (EKS), Amazon ECS, or Fargate
- Learn and apply container security best practices and vulnerability scanning for Docker images
- Contribute to designing and maintaining scalable microservices architectures using container technologies
Monitoring & Observability
- Set up and manage monitoring tools such as AWS CloudWatch, Prometheus, Grafana, Opentelemetry, and ELK Stack for insights into system performance, availability, and security
- Create dashboards and alerting mechanisms for proactive incident response
- Support logging strategies and centralized log management for security and compliance requirements
Collaboration & Continuous Learning
- Contribute to disaster recovery (DR) planning and backup strategies to ensure business continuity and data integrity
- Work closely with development, operations, and security teams to ensure seamless integration and delivery of solutions
- Continuously learn and stay updated with DevSecOps best practices and emerging technologies
Requirements
Education
- Bachelor's degree in Computer Science, Information Technology, Engineering, or related field
- Equivalent professional experience and demonstrated skills will be considered
- Continuous learning mindset and willingness to pursue additional certifications
Technical Expertise
- 3+ years of experience with AWS cloud services and basic architecture principles
- 2+ years of experience with Terraform and Terragrunt or willingness to learn infrastructure automation quickly
- Good understanding of Docker containerization and Kubernetes fundamentals
- Experience with GitLab CI/CD or similar CI/CD tools and pipeline development
- Basic knowledge of SAST and DAST security testing concepts with eagerness to deepen expertise
- Familiarity with Grafana and AWS CloudWatch for monitoring and alerting
Security & Compliance
- Understanding of cloud security principles and AWS security services
- Some exposure to security scanning tools (SonarQube, Checkmarx, Snyk, etc.)
- Basic knowledge of compliance frameworks and security best practices
- Interest in learning threat modeling and risk assessment methodologies
Development & Scripting
- Proficiency in at least one scripting language (Python, Bash, PowerShell)
- Strong experience with version control systems (Git) and collaborative development workflows
- Good understanding of software development lifecycle and agile methodologies
Soft Skills
- Strong problem-solving mindset and willingness to learn
- Good communication and collaboration abilities
- Ability to work effectively in team environments
- Strong desire for continuous learning and professional growth
Preferred Qualifications
- AWS certifications (Cloud Practitioner, Solutions Architect Associate, or willingness to pursue)
- Experience with additional monitoring tools (Prometheus, ELK Stack, DataDog)
- Interest in serverless architectures and AWS Lambda and ECS.
- Basic understanding of database concepts and optimization
- Experience with version control branching strategies and code review processes
- Previous exposure to multi-cloud or hybrid cloud environments
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Agile Application security Automation AWS Bash Checkmarx CI/CD Cloud Compliance Computer Science DAST DevOps DevSecOps Docker DynamoDB EC2 ELK GitLab Grafana IAM Incident response Kubernetes Lambda Microservices Monitoring PowerShell Prometheus Python Risk assessment S3 SAST Scripting SDLC SonarQube Terraform Vulnerabilities
Perks/benefits: Career development Startup environment
More jobs like this
Explore more career opportunities
Find even more open roles below ordered by popularity of job title or skills/products/technologies used.