Senior DevSecOps Engineer - CISO
About The Role
We're looking for an experienced and proactive DevSecOps engineer to architect and own secure delivery across our Development Process. In this critical, hands-on role, you will be the champion for shifting security to the earliest stage of development. Your mission is to empower our engineering teams to deliver secure and high-quality code at speed by embedding security guardrails and tooling directly into their workflows.
What You Will Do
- Embed Security into the SDLC: You will integrate and automate a suite of security tooling - including secrets management, Software Composition Analysis (SCA), Static Application Security Testing (SAST), and Infrastructure as Code (IaC) scanning into our CI/CD pipelines.
- Secure the Developer Workflow: A key focus will be securing our development platforms (GitHub/GitLab) from the ground up, implementing security best practices for repository settings, branch protections, and code access.
- Architect Security as Code: You will leverage your deep programming skills in Python, Go, JavaScript, etc., to build custom tooling, automation, integrations, and supporting documentation that help create a frictionless security experience for accelerated development.
- Act as a Security SME: With your keen ability to spot security flaws quickly, you will serve as a subject matter expert for engineering teams, guiding them on secure coding and pragmatic remediation strategies.
- Incorporating AI to enhance security: You will be a key contributor to our efforts on improving our security posture by researching and applying AI-driven solutions to enhance threat detection, automate vulnerability management, and intelligently secure our development lifecycle.
What You Will Need
- 5+ years of proven experience in a hands-on DevSecOps or Application Security role with a strong DevOps foundation.
- Solid Kubernetes experience (deployments, RBAC, basic networking, troubleshooting).
- Development skills at minimum: Python, Go, and JavaScript code.
- Practical & deep understanding of the use of SCA, SAST, secrets, and IaC scanning tools
- Strong Git skills (branching, rebasing, signed commits, access controls).
- Experience securing GitHub or GitLab (tokens, branch protections, CI secrets).
- Excellent written and verbal communication skills tailored for diverse audiences.
About The Team
Our DevSecOps team works at the intersection of security, platform reliability, and developer velocity. We focus on solving real platform and security challenges, not just running tools. When something doesn't exist, we build or script it ourselves.
We collaborate closely with Engineering and DevOps teams, sharing ownership of outcomes through fast feedback loops and collective wins, no ticket tossing. Continuous learning is part of our DNA: we conduct open post-mortems, test ideas through small-scale experiments, and continually refine our approach. Our engineers have the freedom to choose the right tools for the job and are encouraged to think creatively to solve complex problems. It's a space for builders who enjoy autonomy, collaboration, and impact at scale.
About GoTo Group
GoTo Group is the largest digital ecosystem in Indonesia with its mission to "Empower Progress' by offering technological infrastructure and solutions for everyone to access and thrive in the digital economy. The GoTo ecosystem consists of on-demand transportation services, food and grocery delivery, logistics and fulfillment, as well as financial and payment services through the Gojek and GoTo Financial platforms.It is the first platform in Southeast Asia that hosts these crucial cases in a single ecosystem, capturing the majority of Indonesia's vast consumer household.
About Gojek
Gojek is Southeast Asia's leading on-demand platform and pioneer of the multi-service ecosystem with over 2.5 million driver partners across the regions offering a wide range of services such as transportation, food delivery, logistics and more. With its mission to create impact at scale, Gojek is committed to resolving consumer problems and raising standards of living by connecting consumers to the best providers of goods and services in the market.
About GoTo Financial
GoTo Financial accelerates financial inclusion through its leading financial services and merchants solutions. Its consumer services include GoPay and GoPayLater and serve businesses of all sizes through Midtrans, Moka, GoBiz Plus, GoBiz, and Selly. With its trusted and inclusive ecosystem of products, GoTo Financial is open to new growth opportunities and aims to empower everyone to Make It Happen, Make It Together, Make It Last.
GoTo and its business units, including Gojek and GoToFinancial ("GoTo") only post job opportunities on our official channels on our respective company websites and on LinkedIn. GoTo is not liable for any job postings or job offers that did not originate from us. You should conduct your own due diligence to prevent being victims of any fake job scams, if they did not originate from GoTo's official recruitment channels.