#
New

Security Engineer
1 minggu yang lalu

Jl. Batu Jajar No.11A Sawah Besar Kel, RT.3/RW.1, Kb. Klp., Kec. Gambir, Kota Jakarta Pusat, Daerah Khusus Ibukota Jakarta 10120

PT. Uni Network Communications
Rp. 4.000.000 - Rp. 5.000.000 / Bulan
Lowongan berakhir pada :
Lamar sekarang

Deskripsi pekerjaan :


Deskripsi Lowongan LengkapJob Description
Cloudetica Solutions is looking for a Security Engineer; a hands-on, compliance-focused professional, to join us on a casual, project-by-project basis. You’ll be responsible for assessing and closing gaps against ISO 27001 and SOC 2 (Type I & II) requirements, architecting and implementing AWS security controls, and collaborating with our development teams (React & Express.js) to bake security into every layer of the stack.
Key Responsibilities
Compliance Assessment & Roadmap
Conduct a gap analysis of our clients' platforms against ISO 27001 clauses and controls, and against the Trust Service Criteria for SOC 2 Type I/II.Develop a detailed compliance roadmap: define phases, necessary policies/processes, timelines, and resource estimates.Produce budgetary estimates for certification engagements (audit fees, remediation efforts, technology investments).Implementation & Controls
Design and deploy AWS security controls (IAM policies, VPC configurations, KMS key management, logging/monitoring with CloudTrail/CloudWatch, GuardDuty, Security Hub).Work with the frontend (React/Typescript) and backend (Express.js/Node.js) teams to integrate secure-coding best practices, dependency management, and automated security testing (SAST/DAST).Establish and maintain documentation: information security policies, system security plans, incident response procedures, and evidence-gathering workflows for audits.Audit & Certification Support
Liaise with external auditors and certification bodies to schedule, coordinate, and shepherd ISO 27001 and SOC 2 audits.Prepare and present “readiness” reports, control evidence packages, and remediation status updates.Drive ongoing control testing, gap remediation sprints, and reporting to management.Continuous Improvement & Collaboration
Advise on CI/CD pipeline security (e.g., CodePipeline, CodeBuild) and automate security gating (e.g., infrastructure as code scanning).Mentor developers on security frameworks (OWASP Top 10, CIS benchmarks) and AWS Well-Architected best practices.Monitor evolving compliance requirements and recommend updates to policies or technical controls.Qualifications
Proven experience performing ISO 27001 gap analyses and managing the certification process end-to-end.Hands-on experience scoping and preparing SOC 2 Type I and Type II reports.Deep AWS security expertise: IAM, KMS, CloudTrail, Security Hub, GuardDuty, Config, and network security constructs.Solid full-stack development background with React (Typescript) and Express.js (Node.js), including secure-coding practices.Excellent written and verbal communication skills to translate technical requirements into policies, presentations, and audit artifacts.Preferred
Security certifications such as CISSP, CISM, or AWS Certified Security – Specialty.Familiarity with serverless architectures and securing Lambda/API Gateway patterns.Experience with automated security tools (Snyk, Checkov, Dependabot, OWASP ZAP) integrated into CI/CD.Prior work in regulated industries (FinTech, HealthTech, SaaS) subject to rigorous compliance regimes.Format of Work
Fully remote, part-time/casual-based engagement.Hourly compensation, invoiced monthly.Collaboration via Slack, Trello, GitHub, and regular video calls.Interview Process
Behavioral Discussion: Walk us through a past ISO 27001 or SOC 2 engagement: your role, challenges, and outcomes.Technical Case Study: You’ll be given a mini “readiness” scenario: assess a simplified control set, draft a high-level implementation plan, and estimate timeline & budget.White-board Exercise: Architect AWS security controls for a React/Express serverless prototype (Lambda + API Gateway + DynamoDB) and show how you’d capture audit evidence.Job Type: Part-time
Expected hours: 20 – 30 per week
Application Question(s):
What would your monthly salary expectation be in IDR (assuming full-time, although payment will be made at an hourly rate)?Could you describe your security experience, including with auditing for ISO 27001 if applicable?

Share Profile

Location

Informasi pekerjaan

  • 50 Dilihat
  • 0 Dilamar
  • Tanggal di posting
    08 Juli 2025
  • Lokasi
    Kota Adm. Jakarta Pusat, Dki Jakarta
  • Judul pekerjaan
    Security Engineer
  • Gaji
    Rp. 4.000.000 - Rp. 5.000.000 / Bulan
  • Perusahaan
    PT. Uni Network Communications
  • Kontak
  • Email
    hrd@unc.co.id
  • Website
  • Alamat
    Jl. Batu Jajar No.11A Sawah Besar Kel, RT.3/RW.1, Kb. Klp., Kec. Gambir, Kota Jakarta Pusat, Daerah Khusus Ibukota Jakarta 10120
Lihat Perusahaan