Information Security Engineer - Digital Signature

About the Role

We are looking for you to join our defensive security team at GoTo Financial, with a specific focus on supporting our digital signature business, DigiSign. This role will be responsible for designing, developing, and maintaining key defensive security platforms that safeguard our systems and services. You will gain exposure to a range of financial products and services, particularly in the area of digital identity. In daily operations, as the Information Security Engineer, you will contribute to blue team security activities, including log monitoring and hardening of system components. In addition, you will assist in implementing and monitoring security policies, ensuring that all necessary controls are functioning effectively to meet organizational objectives. This position also involves your participation in compliance initiatives, including ISO 27001 certification and regulatory audits such as those required by PSrE.

What You Will Do

• Develop, implement, and sustain threat detection capabilities using SIEM, log analytics, and other security platforms to address emerging threats
• Assist stakeholders in utilizing security tools and conducting investigations to uncover details of potential suspicious activities, assess their impact, and identify associated risks
• Integrate data feeds (logs) into SIEM from deployed devices and applications
• Manage the integration of security tools such as firewalls, IDS/IPS, SIEM, endpoint protection, encryption technologies, and identity/access management systems
• Conduct log analysis to support troubleshooting tasks relevant to security events within the organization
• Act as a Subject Matter Expert in regards to infrastructure hardening to provide relevant & applicable consultation within the digital identity product & services
• Act as a Subject Matter Expert to the stakeholders and provide relevant & applicable consultation for addressing the security requirements in digital identity products & services

What You Will Need

• A minimum of 5 years of experience as an Information Security Engineer (Blue Team) or IT Governance, Risk and Compliance (IT GRC) or IT Auditors with sufficient technical capabilities needed in this role
• Advanced knowledge and experience of Blue Team security operations, especially in managing SIEM platforms, with previous experience that includes architectural design, configuring, operating, and problem-solving activities
• Hands-on expertise with security technologies including firewalls, SIEM, endpoint security, identity/access management, and vulnerability management tools
• Demonstrate excellent communication and writing skills, and be proficient in written and spoken English
• Experienced in dealing with regulatory audits to represent the organization's security operations
• Having good knowledge of local and regional digital identity regulatory requirements (ex. PSrE) and how they impact security operations (having experience is preferred)
• Having excellent experience with ISO 27001, or similar and relevant standards

About the Team

DigiSign is a digital signature solution built upon nearly two decades of experience in Indonesia’s national payment industry. Initially developed to enhance the security of financial transactions during our time managing switching payments, DigiSign has since evolved into a trusted digital signature provider, recognized and registered by the Indonesian government through the Ministry of Communication and Information (Kominfo). Our solution goes beyond document signing. We also provide transaction signing to ensure a higher level of security and trust in every digital interaction.

At DigiSign, we are guided by three core values: Technology — as a tech-driven company, we are committed to building robust and scalable software solutions that serve both financial and non-financial sectors across Indonesia; Inspiration — we envision a unified digital ecosystem in Indonesia and are actively shaping our products and strategies to help realize that future; Teamwork — our team operates with a shared vision and passion to grow together, constantly challenging ourselves to evolve and improve.

We are proud to support Indonesia’s digital transformation by providing world-class infrastructure and secure digital signature services. Our mission is to deliver innovative and differentiated solutions through strong partnerships with our clients, always striving to bring greater value to both consumers and stakeholders.

About GoTo Group

GoTo Group is the largest digital ecosystem in Indonesia with its mission to “Empower Progress’ by offering technological infrastructure and solutions for everyone to access and thrive in the digital economy. The GoTo ecosystem consists of on-demand transportation services, food and grocery delivery, logistics and fulfillment, as well as financial and payment services through the Gojek and GoTo Financial platforms.It is the first platform in Southeast Asia that hosts these crucial cases in a single ecosystem, capturing the majority of Indonesia’s vast consumer household.

About Gojek

Gojek is Southeast Asia’s leading on-demand platform and pioneer of the multi-service ecosystem with over 2.5 million driver partners across the regions offering a wide range of services such as transportation, food delivery, logistics and more. With its mission to create impact at scale, Gojek is committed to resolving consumer problems and raising standards of living by connecting consumers to the best providers of goods and services in the market.

About GoTo Financial

GoTo Financial accelerates financial inclusion through its leading financial services and merchants solutions. Its consumer services include GoPay and GoPayLater and serve businesses of all sizes through Midtrans, Moka, GoBiz Plus, GoBiz, and Selly. With its trusted and inclusive ecosystem of products, GoTo Financial is open to new growth opportunities and aims to empower everyone to Make It Happen, Make It Together, Make It Last.

GoTo and its business units, including Gojek and GoToFinancial ("GoTo") only post job opportunities on our official channels on our respective company websites and on LinkedIn. GoTo is not liable for any job postings or job offers that did not originate from us. You should conduct your own due diligence to prevent being victims of any fake job scams, if they did not originate from GoTo's official recruitment channels.