Defend the Digital Frontier: Security Engineer at Southeast Asia's Leading Fintech
At BJAK, we're not just building a fintech platform; we're constructing the future of financial services in Southeast Asia. From instant insurance quotes to automated claims, technology fuels everything we do. As our user base explodes across the region, cybersecurity isn't just a department – it's the foundation of our trust and the key to our continued success.
We're seeking a battle-tested Security Engineer to take ownership of protecting our entire digital ecosystem – from cloud infrastructure to endpoint devices and critical data assets. Forget passive monitoring; this is a hands-on role for a proactive security leader who can build, monitor, respond, and harden systems in real time, anticipating threats before they materialize.
This is a high-impact, high-visibility position reporting directly to senior management. We need someone who thrives under pressure, executes with speed, and embraces accountability. If you crave predictability, this isn't for you. But if you're driven by urgency, think like an owner, and relish solving complex security challenges with autonomy, you'll find your tribe here.
Your Mission:
Architect, implement, and manage the end-to-end cybersecurity function across our infrastructure, cloud environments, endpoints, and applications.
Lead threat intelligence analysis, monitor SOC alerts, and drive incident response from initial detection to complete resolution.
Deploy, configure, and maintain critical security platforms, including EDRs, firewalls, intrusion detection systems, and antivirus solutions.
Conduct vulnerability assessments and penetration testing, prioritizing risks and proactively implementing remediation strategies.
Champion DevSecOps practices throughout the software development lifecycle, ensuring security is baked in from design to deployment.
Evaluate and fortify our cloud infrastructure (GCP, AWS, or Azure), with a focus on identity and access controls, encryption, and comprehensive audit logging.
Spearhead security audits and ensure compliance with relevant regulatory frameworks, including ISO 27001, NIST, and other applicable standards.
Collaborate seamlessly with cross-functional teams (DevOps, Compliance, Legal, Product) to cultivate a security-first culture across the organization.
Develop and deliver engaging security awareness training programs and conduct realistic attack simulations to elevate employee readiness.
Own and maintain the security risk register, continuously refining controls based on the evolving threat landscape.
Serve as the primary point of contact for external auditors, regulators, and third-party vendors, demonstrating our security posture and resolving findings efficiently.
Are You The Right Operative?
You think and act like an owner – no excuses, no delays, just relentless execution.
You maintain composure under pressure, make decisive calls during incidents, and remain effective when systems fail.
You're a self-starter who proactively identifies and addresses security gaps without waiting for instructions.
You're comfortable juggling multiple responsibilities and adapting to rapidly changing priorities.
You're deeply committed to protecting our users, systems, and the integrity of our business.
You take the initiative to improve broken processes, even if they fall outside your immediate scope.
You possess a strong bias for speed, clarity, and delivering tangible outcomes, not just activity.
You're eager to join a close-knit, high-performing team where your contributions directly impact millions of users.
Your Arsenal:
Bachelor’s degree in Computer Science, Cybersecurity, or a related technical discipline.
3+ years of hands-on experience in cybersecurity or information security roles, ideally within high-growth or regulated environments.
Deep expertise in cybersecurity tools and techniques, including EDR, firewalls, SIEM, IDS/IPS, and antivirus platforms.
A proven track record of successfully handling real-world security incidents, conducting thorough root cause analysis, and implementing effective control improvements.
Hands-on experience with cloud security (GCP, AWS, Azure) and a solid understanding of IAM, encryption, and cloud-native threat modeling.
Familiarity with relevant regulatory and compliance frameworks (e.g., ISO 27001, NIST, HIPAA, local data protection laws).
Solid understanding of DevSecOps principles, secure software development practices, and CI/CD pipeline security.
Excellent communication skills, with the ability to clearly articulate security risks and recommendations to both technical and non-technical audiences.
Immediate availability is a significant advantage.
Bonus Points:
Industry-recognized cybersecurity certifications such as CISSP, CEH, OSCP, or equivalent.
Prior experience in fintech, banking, or other high-risk digital platform environments.
Experience interacting directly with auditors, regulators, or compliance committees.
Familiarity with ethical hacking, red teaming, or adversary simulation tools.
Scripting or automation skills to streamline and scale security operations.
Inside BJAK:
We're a fast-moving, high-trust startup, not a bureaucratic corporation. We tackle tough challenges head-on, prioritize speed of execution, and empower every team member to think independently, act decisively, and take full ownership. Here, titles are secondary to impact. Security is a top-level priority, not an afterthought. If you're passionate about doing things right and want a seat at the table, you'll thrive in our environment.
Your Rewards:
Competitive salary and performance-based bonuses.
Flexible hybrid working model with a focus on autonomy and trust.
Direct access to senior leadership and high visibility into strategic decision-making.
A high-impact role with significant ownership from day one – your work will directly protect millions of users.
The opportunity to shape BJAK’s security architecture from the ground up.
Rapid professional growth within a mission-driven fintech company backed by cutting-edge technology.
About BJAK:
BJAK is the leading digital insurance platform in Southeast Asia. Headquartered in Malaysia with operations spanning Thailand, Taiwan, and Japan, we empower millions of users with transparent, affordable financial protection through Bjak.com.
We're simplifying complex financial services through automation, AI, and secure digital infrastructure, making finance faster, smarter, and safer for everyone.
If you're ready to lead the charge in cybersecurity within a dynamic startup that demands speed, integrity, and unwavering ownership, we want to hear from you.