Senior Security Engineer (Remote)

Remote   |   Full Time
About Flip
Rafi, Luqman, and Anjar, who were college friends in Universitas Indonesia, started Flip as a project in 2015 to transfer payments to each other at a fraction of what banks would charge them. They are pioneers in the Indonesian market, with their technology now helping millions of Indonesians, both individuals and businesses, carry out bank-to-bank money transfers through a reliable and seamless app.

After five years of operations, Flip has helped Indonesians transfer money worth several trillions of rupiah and has received double-digit funding from respectable investors such as Sequoia India, Insight Partner, and Insignia. Flip’s ultimate mission is to give Indonesians access to one of the most progressive and fairest financial services in the world.

At Flip, we always strive to provide the fairest place for you to work, learn, and grow with talented and fun people in various opportunities to advance your career and get fair rewards. We believe that we have to treat employees, customers, and all stakeholders fairly and respectfully. Fair treatment for employees means we establish clear goals, facilitate our employees to achieve them, and value their contribution to the company with equitable benefits.

What You'll Do:
  • Provide domain expertise and guidelines in cloud security, secure software development, data security, security compliance, and other security best practices.

  • Support and manage Flip’s incident and vulnerability response, blameless postmortems, and use the insights to come up with improvements in collaboration with other product engineering teams.

  • Conduct penetration tests, design reviews, threat modeling, threat detection, and other necessary security assessments.

  • Create and maintain Flip’s security governance documents, policies, and guidelines to ensure compliance with industry security compliance and standards, e.g. PCI DSS, ISO 27001.

  • Identify product and infrastructure security gaps, provide recommendations to remediate them, and collaborate with product engineering teams to uplift the products security posture.

  • Review, validate, and manage security vulnerabilities identified from Flip bug bounty program, SAST and DAST tools.

  • Continuously improve Flip’s software development life cycle adhering to security best practices.

  • Continuously improve Flip’s overall security posture, manage, and remediate security risks.

  • Continuously improve Flip’s security standards, tooling, documents, processes, and governance.

  • Continuously improve Flip’s overall security monitoring and observability solutions.

  • Advocate security best practices and become a security champion in Flip.

What You'll Need:
  • 5 years of experience as Security Engineer or similar role.

  • Experience working on cloud platforms, e.g. GCP, AWS, Alibaba Cloud, etc.

  • Experience with security principles, secure software development, application security, data security, and cloud security.

  • Experience designing, developing, operating, and maintaining secure production-grade applications in distributed virtualized/containerized environments.

  • Experience conducting penetration tests either as a red team or blue team.

  • Experience programming in one or more languages, e.g. PHP, Java, Python, Golang, JavaScript, etc.

  • Bachelor's degree in Computer Science or equivalent practical experience.

  • Experience with operating system and database security.
    Operating systems: UNIX / Linux. Database: MySQL, PostgreSQL.

  • Experience with network security and network monitoring solutions. e.g. Suricata, Wazuh, OSSEC, Snort, etc.

  • Experience with security systems, including anti-virus applications, content filtering, firewalls, authentication systems, intrusion detection, security information and event management (SIEM), security orchestration automation and response (SOAR), data loss prevention.

  • Experience securing cloud-based workloads, including Kubernetes and containerized workloads, VM workloads, and cloud native workloads.

  • Experience with OWASP standards and guidelines.

  • Experience with authentication & access control, security protocols, applied cryptography, e.g. OAuth, SSL/TLS, SSO, encryption, etc.

  • Experience in cyber attacks and mitigation methods, security incident response and forensics, threat modeling, security vulnerability management.

  • Experience with industry compliance and security standards, e.g. PCI DSS, ISO 27001, GDPR, NIST, CSA-CCM, SOC 1, SOC 2.

  • Experience with security frameworks, e.g. MITRE ATT&CK, Cyber Kill Chain, etc.

  • Additional advantage for having security-related certifications, e.g. CISA, CISM, CISSP.

P.S. if you have experience problems when submitting your CV through this platform, you can send it directly to

Submit Your Application

You have successfully applied
  • You have errors in applying