Company Overview:
Traveloka is a leading technology company that provides a one-stop travel and lifestyle platform for customers in Southeast Asia. Our platform offers a wide range of travel-related services, including flight and hotel bookings, activities, attractions, and more. With a mission to empower travelers with seamless experiences, we're committed to pushing the boundaries of technology and innovation in the travel industry.
It's fun to work in a company where people truly BELIEVE in what they're doing!
Job Description:
As a leading travel technology company, Traveloka manages a vast ecosystem of APIs, microservices, cloud infrastructures, and front-end applications (web and mobile) that serve millions of users worldwide. On the back side, we operate large-scale data pipelines and internal business operations, many are engineered in-house, which require robust security measures to protect user data, intellectual property, and sensitive corporate information.
The Security Engineering Manager will take a holistic approach to safeguarding our engineering assets, working and managing across multiple teams including DevSecOps, Product Security, and Offensive Security. Success in this role requires strong analytical, problem-solving, and leadership abilities, as well as the capacity to think from defensive, offensive, and engineering perspectives to craft tailored security solutions for our unique environment. The ideal candidate will not only be proficient in using readily available or off-the-shelf tools but will also have the expertise to assess when and how custom security tools need to be developed and maintained with a software engineering perspective to address specific challenges.
Requirements:
- Proven experience managing Security Engineering or Software Engineering teams, with at least 7 years of extensive expertise in cybersecurity.
- Strong background in leading cybersecurity or software development projects using agile methodologies.
- Experience securing applications in fast-paced environments with frequent changes.
- Proficient in general-purpose programming languages (e.g., Python) and Object-Oriented Programming (e.g., Java).
- Hands-on experience with cloud platforms like AWS and GCP, including platform- specific security features and common security tools.
- Familiarity with modern technologies such as containerization, managed container services, serverless functions, infrastructure as code, API gateways, BFF (Backend for Frontend), CI/CD, and microservices.
- Deep technical knowledge of web, mobile, OS, and network security
- Able to practically demonstrate various security tests and control implementation such as SAST, DAST, SCA, WAF, secure-by-design, and secure application framework.
- Excellent verbal and written communication skills.
- Strong self-initiative to bridge gaps between Software Engineering, Infrastructure Engineering, and Security Engineering, while providing a security framework for the entire technology team and management.
- Commitment to cybersecurity with a dedication to continuous learning and staying updated on new technologies.
- Experience in CTF, bug bounty programs, presenting at security conferences, or publications is a plus.
- Experience with penetration testing, red teaming, or purple teaming is a plus.
- Web development experience or developing security tools is a plus.
- Relevant technical security certifications (e.g., Offensive Security, CREST, SANS GIAC) are a plus
If you like wild growth and working with happy, enthusiastic over-achievers, you'll enjoy your career with us!