Swoopd

DevSecOps Engineer - Bandung, Indonesia

NinjaOne·Jobvite
Bandung Wetan, IndonesiaFull-timePosted Jun 30, 2026
Open original posting

About the Role

We are looking for a DevSecOps Engineer with strong hands-on experience in cloud and infrastructure security, complemented by solid application security skills. Working closely with our Site Reliability Engineering and development teams, you will harden our cloud and on-premise  environments and embed security throughout our engineering lifecycle — from infrastructure through to CI/CD pipelines and code.  

Our primary stack is Ruby on Rails and C#, with additional services in Java, Python, and Go. This role suits someone with 4–5 years of experience who is grounded in cloud and infrastructure security, can hold their own in a code review, and wants to build security standards from the ground up rather than inherit someone else’s playbook.

Location – Hybrid | Bandung, Indonesia (at least 2 days per week in the office)

What You’ll be Doing  
Cloud & Infrastructure Security 

  • Secure AWS/GCP workloads including EC2, ECS, S3, RDS, VPC, IAM, and associated managed services. 
  • Harden Linux/Windows servers, VMware environments, PostgreSQL databases, and storage systems (LVM/EBS/S3). 
  • Design and enforce VPC/subnet segmentation, firewall rules, and zero-trust access patterns. 
  • Implement encryption standards, access controls, data lifecycle policies, and secure configuration baselines. 
  • Drive IAM/PAM governance, access reviews, and least-privilege enforcement across cloud and on-premise environments. 
  • Advocate for secure-by-design patterns and serve as a security partner to SRE and infrastructure teams. 

Application Security 

  • Manage and operate SAST, DAST, and SCA tooling integrated into CI/CD pipelines — tuning rules, triaging findings, and tracking remediation. 
  • Deploy and own new AppSec standards across the engineering organisation — including logging standards, secure coding guidelines, vulnerability severity classification, and remediation SLAs. 
  • Conduct hands-on security code reviews across Ruby on Rails, C#, Java, Python, and Go codebases, focusing on authentication, authorization, injection risks, cryptography, and data handling. 
  • Work directly with developers to explain vulnerabilities in context and help implement secure fixes. 
  • Lead threat modeling sessions for new features, services, and architectural changes. 
  • Run developer security awareness and training initiatives to build a security-first engineering culture. 
  • Own the vulnerability disclosure and bug triage process end-to-end. 


About You  
Must-Have

  • 4–5 years of experience in cloud or infrastructure security, ideally in hybrid environments. 
  • Strong, hands-on cloud security experience in AWS or GCP production environments — this is a core requirement. 
  • Hands-on application security experience: managing SAST/DAST/SCA tooling, conducting code reviews, and working directly with development teams. 
  • Demonstrated ability to define and deploy security standards — not just follow existing ones. 
  • Familiarity with common security vulnerabilities in web frameworks — experience with Ruby on Rails or C# is a strong advantage. 
  • Solid grounding in network security, OS hardening, IAM/PAM, and database security. 
  • Familiarity with OWASP Top 10 and CIS Benchmarks. 
  • Comfortable working cross-functionally with engineering, SRE, and infrastructure teams. 
  • Able to communicate security risk clearly to both technical and non-technical audiences. 

Nice-to-Have 

  • Certifications: AWS Security Specialty, CISSP, CEH, OSCP, or equivalent. 
  • Experience deploying or operating CSPM, CNAPP, SIEM/SOAR, EDR/MDR, WAF, or vulnerability management tools. 
  • Exposure to governance and compliance frameworks such as SOC 2, ISO 27001, or GDPR/PDPA. 
  • Experience with security tooling such as Snyk, Trivy, Semgrep, or Burp Suite. 
  • Exposure to privacy and data classification considerations for PII vs. non-PII data. 
  • Background in FedRAMP, CMMC, or other regulated industry compliance frameworks. 


About Us
NinjaOne unifies IT to simplify work for nearly 40,000 customers in 140+ countries.  

The NinjaOne Unified IT Operations Platform delivers endpoint management, autonomous patching, backup, and remote access in a single console to improve efficiency, increase resilience, and reduce spend. By automating IT and managing all endpoints, organizations give employees a great technology experience at work.  

NinjaOne is obsessed with customer success and has retained a 98% customer satisfaction score for more than 5 years.

What You’ll Love 

  • We are a collaborative, kind, and curious community 
  • We prioritise your work/life balance offering a hybrid work environment and free in-office lunches throughout the week 
  • We reward your work with opportunity for growth and advancement 
  • Grow personally and together with one of the fastest growing companies globally 
  • Develop your skills through our renowned training platform 
  • Receive competitive compensation  
  • Collaborate with an amazing international workforce   
     

Additional Information 

This position is NOT eligible for Visa sponsorship.

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, genetic information, marital status, veteran status, or any other status protected by applicable law. We are committed to providing an inclusive and diverse work environment.

Want jobs like this matched to you?

Swoopd scores fresh postings against your résumé so you only see the matches that matter.

Get started free