Secure the Future of Fintech in Southeast Asia
At BJAK, we're revolutionizing financial services with cutting-edge technology. From instant insurance quotes to seamless payments and automated claims, our platform impacts millions across Southeast Asia. As we rapidly expand, security isn't just a priority - it's in our DNA.
We're seeking a highly motivated Security Engineer to take ownership of our cybersecurity landscape. This isn't a typical security role. We need a builder, a defender, and a proactive threat hunter who can anticipate risks and implement robust security measures in real-time.
This role reports directly to senior leadership, offering unparalleled influence and impact. If you're driven by challenging problems, thrive in a fast-paced environment, and crave full accountability, you'll find your home here. If you prefer the status quo, this isn't for you. But if you're ready to take charge and secure our digital future, let's talk.
Your Mission
Be the Security Champion: Own the end-to-end cybersecurity function across our infrastructure, cloud environments, endpoints, and applications.
Threat Hunter: Monitor SOC alerts, analyze threat intelligence, and lead incident response from initial detection to complete resolution.
Fortify the Fortress: Implement, configure, and manage critical security tools like EDRs, firewalls, antivirus solutions, and intrusion detection systems.
Proactive Defender: Perform vulnerability assessments and penetration testing, prioritize risks, and implement proactive remediation strategies.
DevSecOps Advocate: Integrate security into the software development lifecycle, championing DevSecOps best practices.
Cloud Guardian: Evaluate and secure our cloud infrastructure (GCP, AWS, or Azure), focusing on identity and access management, encryption, and comprehensive audit logging.
Compliance Leader: Lead security audits and support regulatory compliance efforts, including ISO 27001, NIST, and other relevant frameworks.
Security Evangelist: Collaborate with cross-functional teams (DevOps, Compliance, Legal, Product) to cultivate a security-first culture.
Educate and Empower: Conduct security awareness training and simulate real-world attack scenarios to enhance employee preparedness.
Risk Management Guru: Maintain the security risk register and continuously improve controls based on emerging threats.
External Liaison: Interface with external auditors, regulators, and third-party vendors to ensure compliance and resolve any findings promptly.
Are You the Right Fit?
You operate with an ownership mindset - taking responsibility and driving results.
You remain calm and decisive under pressure, effectively managing security incidents.
You're self-motivated and proactive, anticipating needs and taking initiative.
You're comfortable juggling multiple priorities in a dynamic environment.
You possess a deep commitment to protecting users, systems, and business integrity.
You're passionate about continuous improvement, tackling challenges beyond your immediate scope.
You prioritize speed, clarity, and tangible outcomes over mere activity.
You're eager to join a collaborative team where your contributions directly impact millions.
What You'll Bring to the Table
Bachelor’s degree in Computer Science, Cybersecurity, or a related technical field.
3+ years of hands-on experience in cybersecurity or information security roles, ideally within high-growth or regulated industries.
Deep understanding of cybersecurity tools and practices, including EDR, firewalls, SIEM, IDS/IPS, and antivirus platforms.
Proven experience in handling real-world security incidents, conducting root cause analysis, and implementing effective controls.
Experience with cloud security (GCP, AWS, Azure) and a solid grasp of IAM, encryption, and cloud-native threat modeling.
Familiarity with regulatory and compliance frameworks (e.g., ISO 27001, NIST, HIPAA, local data protection laws).
Solid understanding of DevSecOps principles, secure software development practices, and CI/CD pipeline security.
Excellent communication skills, with the ability to clearly articulate complex security concepts to both technical and non-technical audiences.
Availability to start immediately is highly desirable.
Bonus Points
Industry certifications such as CISSP, CEH, OSCP, or equivalent.
Experience in the fintech, banking, or high-risk digital platform sectors.
Experience interacting with auditors, regulators, or compliance committees.
Familiarity with ethical hacking, red teaming, and adversary simulation techniques.
Scripting or automation skills to scale security operations effectively.
Our Culture: High-Speed, High-Trust
We're a fast-moving startup, not a rigid corporation. We value impact over titles, and ownership is paramount. Expect to think independently, act decisively, and take full responsibility. Security at BJAK is a leadership priority. We champion proactive measures and value clarity, urgency, and execution above all else.
Why Join BJAK?
Competitive salary and performance-based incentives.
Flexible hybrid working model built on trust and autonomy.
Direct access to senior leadership and strategic decision-making.
A high-impact role with immediate ownership – your work safeguards millions.
The chance to shape BJAK’s security architecture from the ground up.
Rapid career growth in a mission-driven fintech innovator.
About BJAK
BJAK is the leading digital insurance platform in Southeast Asia. Headquartered in Malaysia and expanding across Thailand, Taiwan, and Japan, we empower millions with accessible and transparent financial protection through Bjak.com.
We leverage automation, AI, and secure digital infrastructure to simplify complex financial services, making them faster, smarter, and safer for everyone.
If you're ready to lead cybersecurity at a startup that demands speed, integrity, and ownership, we encourage you to apply.