Security Engineer

Safeguard the Infrastructure Powering Southeast Asia's Leading Fintech

At BJAK, technology is our backbone, from real-time insurance quoting to payment infrastructure and claims automation. With millions of users across Southeast Asia and rapidly growing operations, security is not just a function - it's mission-critical.

We are hiring a Security Engineer to own and drive the protection of our platforms, devices, and data. This is not a passive role. It's for someone who can build, monitor, respond, and harden systems in real time, while thinking two steps ahead of evolving threats.

This is a high-responsibility position reporting directly to senior management, designed for someone who thrives in high-stakes environments and is energized by fast execution, shifting priorities, and full accountability. If you're looking for predictability and handholding, this isn't for you. If you operate with urgency, think like an owner, and love solving complex problems with autonomy, you'll feel right at home.

What You'll Do

• Own and lead the end-to-end cybersecurity function across infrastructure, cloud, endpoints, and applications.

• Monitor SOC alerts, conduct threat intelligence analysis, and drive incident response from detection to closure.

• Implement, configure, and manage EDRs, firewalls, antivirus, intrusion detection systems, and other security platforms.

• Perform vulnerability assessments and penetration testing, prioritize risks, and implement fixes proactively.

• Drive DevSecOps practices across the software development lifecycle, ensuring security is embedded at every stage.

• Evaluate and secure cloud infrastructure (GCP, AWS, or Azure), including identity and access controls, encryption, and audit logging.

• Lead security audits and support regulatory compliance activities, including ISO 27001, NIST, or equivalent frameworks.

• Collaborate with cross-functional teams (DevOps, Compliance, Legal, Product) to build a culture of security across the company.

• Conduct security awareness training and simulate real-world attack scenarios to improve employee readiness.

• Own the security risk register and continuously improve controls based on current and emerging threats.

• Interface with external auditors, regulators, and third-party vendors to demonstrate readiness and resolve findings quickly.

You'll Thrive Here If You...

• Think and operate like an owner - no excuses, no delays, just action.

• Stay calm under pressure, decisive in incidents, and effective when things break.

• Are self-directed and proactive - you don't wait to be told what to do.

• Are comfortable wearing multiple hats and handling shifting priorities.

• Care deeply about protecting users, systems, and business integrity.

• Take initiative to improve what's broken - even if it's outside your scope.

• Have a strong bias for speed, clarity, and delivering real outcomes, not just activity.

• Want to be part of a tight-knit, high-output team where your work directly impacts millions.

What You Bring

• Bachelor's degree in Computer Science, Cybersecurity or a related technical field.

• 3+ years of hands-on experience in cybersecurity or information security roles, preferably in high-growth or regulated environments.

• Strong knowledge of cybersecurity tools and practices - including EDR, firewalls, SIEM, IDS/IPS, and antivirus platforms.

• Proven track record in handling real incidents, performing root cause analysis, and improving controls.

• Experience with cloud security (GCP, AWS, Azure) and a working knowledge of IAM, encryption, and cloud-native threat modeling.

• Familiarity with regulatory and compliance frameworks (e.g., ISO 27001, NIST, HIPAA, local data protection laws).

• Solid understanding of DevSecOps, secure software development, and CI/CD pipeline security.

• Able to communicate clearly across functions and escalate with clarity when needed.

• Immediate availability is highly preferred.

Nice to Have

• Cybersecurity certifications such as CISSP, CEH, OSCP, or equivalent.

• Experience in fintech, banking, or any high-risk digital platform environment.

• Experience interfacing directly with auditors, regulators, or compliance committees.

• Familiarity with ethical hacking, red teaming, or adversary simulation tools.

• Scripting or automation skills to improve security operations at scale.

Our Team & Culture

We're not a big corporate - we're a high-speed, high-trust startup. We solve hard problems, move fast, and keep execution at the center of everything. Titles don't matter here. Impact does. Everyone is expected to think independently, act fast, and take full ownership.

Security at BJAK is a leadership-level responsibility. If you want a seat at the table, take it. If you care about doing things right, not just ticking boxes, you'll thrive here. We value clarity, urgency, and execution, not red tape.

What You'll Get

• Competitive salary and performance-based bonuses.

• Hybrid working model with high autonomy and trust.

• Direct access to senior leadership and visibility on strategic matters.

• High-impact role with ownership from day one - your work protects millions.

• Opportunity to shape BJAK's security architecture from the ground up.

• Fast-tracked growth in a mission-driven fintech company backed by tech.

About BJAK

BJAK is Southeast Asia's largest digital insurance platform. Headquartered in Malaysia with operations in Thailand, Taiwan, and Japan, we help millions of users access transparent, affordable financial protection through

We simplify complex financial services through automation, AI, and secure digital infrastructure, making finance faster, smarter, and safer for everyone.

If you're ready to lead cybersecurity in a startup that demands speed, integrity, and ownership, we want to talk to you.

---