Defend the Digital Frontier: Security Engineer at Southeast Asia's Leading Fintech
At BJAK, we're revolutionizing financial services across Southeast Asia. Our platform powers everything from real-time insurance quotes to automated claims processing, serving millions of users. Security isn't an afterthought here; it's the bedrock of our operations.
We're seeking a driven and experienced Security Engineer to champion the protection of our entire ecosystem. This isn't a spectator role. We need a proactive builder, a vigilant monitor, and a rapid responder who can anticipate emerging threats and fortify our defenses in real time.
Reporting directly to senior management, you'll be a key player in a fast-paced, high-stakes environment. If you thrive on autonomy, embrace challenges, and operate with a sense of urgency, you'll find your calling here. If you prefer predictability over impact, this isn't the role for you.
Your Mission:
Take ownership of the end-to-end cybersecurity function across our infrastructure, cloud environments, endpoints, and applications.
Monitor SOC alerts, analyze threat intelligence feeds, and orchestrate incident response from initial detection to complete resolution.
Implement, configure, and manage critical security platforms, including EDRs, firewalls, antivirus solutions, and intrusion detection systems.
Conduct thorough vulnerability assessments and penetration tests, prioritize risks, and proactively implement remediation strategies.
Champion DevSecOps practices throughout the software development lifecycle, ensuring security is integrated at every stage.
Evaluate and secure our cloud infrastructure (GCP, AWS, or Azure), with a focus on identity and access controls, encryption, and comprehensive audit logging.
Lead security audits and support regulatory compliance initiatives, adhering to standards such as ISO 27001, NIST, and other relevant frameworks.
Collaborate seamlessly with cross-functional teams (DevOps, Compliance, Legal, Product) to foster a culture of security awareness and responsibility across the organization.
Design and deliver engaging security awareness training programs, including simulated attack scenarios, to enhance employee readiness.
Maintain the security risk register and continuously refine controls based on the evolving threat landscape.
Serve as a key point of contact for external auditors, regulators, and third-party vendors, ensuring seamless communication and swift resolution of findings.
Are You the Right Fit?
You operate with an owner's mindset – action-oriented, accountable, and results-driven.
You remain calm and decisive under pressure, effectively managing incidents and resolving critical issues.
You are a self-starter who takes initiative and proactively identifies and addresses security gaps.
You are comfortable juggling multiple responsibilities and adapting to shifting priorities in a dynamic environment.
You have a deep commitment to protecting our users, systems, and the overall integrity of our business.
You are driven to improve processes and fix vulnerabilities, even beyond your defined scope.
You prioritize speed, clarity, and delivering tangible outcomes over mere activity.
You aspire to be part of a close-knit, high-performing team where your contributions directly impact millions of users.
What You'll Bring to the Table:
Bachelor’s degree in Computer Science, Cybersecurity, or a related technical discipline.
3+ years of hands-on experience in cybersecurity or information security roles, ideally within high-growth or regulated industries.
Expertise in a range of cybersecurity tools and practices, including EDR, firewalls, SIEM, IDS/IPS, and antivirus platforms.
A proven track record of successfully handling real-world security incidents, conducting thorough root cause analysis, and implementing effective control improvements.
Experience securing cloud environments (GCP, AWS, Azure) and a strong understanding of IAM, encryption, and cloud-native threat modeling.
Familiarity with relevant regulatory and compliance frameworks (e.g., ISO 27001, NIST, HIPAA, local data protection laws).
A solid understanding of DevSecOps principles, secure software development methodologies, and CI/CD pipeline security.
Exceptional communication skills, with the ability to articulate complex security concepts clearly across diverse audiences and escalate critical issues effectively.
Immediate availability is a significant plus.
Bonus Points:
Possession of industry-recognized cybersecurity certifications such as CISSP, CEH, OSCP, or equivalent.
Experience in the fintech, banking, or other high-risk digital platform sectors.
Direct experience interacting with auditors, regulators, or compliance committees.
Familiarity with ethical hacking, red teaming, or adversary simulation techniques and tools.
Proficiency in scripting or automation to streamline and scale security operations.
Our Culture: High-Speed, High-Impact
We're not your typical corporate giant. We're a lean, agile startup that values speed, trust, and ownership above all else. Titles don't define us; impact does. Every member of our team is empowered to think independently, act decisively, and take full responsibility for their contributions.
At BJAK, security is a leadership priority. We encourage you to seize opportunities, challenge the status quo, and advocate for doing things the right way. We prioritize clarity, urgency, and execution over bureaucracy.
Perks & Benefits:
Competitive salary and performance-based bonus structure.
Flexible hybrid working model built on autonomy and trust.
Direct access to senior leadership and exposure to strategic decision-making.
A high-impact role with immediate ownership – your work will directly protect millions of users.
The chance to shape BJAK's security architecture from the ground up.
Rapid career growth within a mission-driven fintech company backed by cutting-edge technology.
About BJAK:
BJAK is Southeast Asia's premier digital insurance platform. With headquarters in Malaysia and operations spanning Thailand, Taiwan, and Japan, we empower millions of users to access transparent and affordable financial protection through Bjak.com.
We're simplifying complex financial services through automation, AI, and secure digital infrastructure, making finance faster, smarter, and safer for everyone.
If you're a passionate cybersecurity professional ready to lead the charge in a startup environment that demands speed, integrity, and ownership, we encourage you to apply. Let's build a safer digital future together!