📍 Job Overview

• Job Title: Senior Cloud Security Engineer - CISO
• Company: GoTo Group
• Location: Jakarta, Indonesia
• Job Type: On-site, Permanent
• Category: DevOps, Security
• Date Posted: July 7, 2025
• Experience Level: 5-10 years

🚀 Role Summary

• Strategic Security Leadership: Lead the design, implementation, and maintenance of secure cloud infrastructure, ensuring resilience, high availability, and automation at scale.
• Cross-Functional Collaboration: Work closely with products, engineering, and other teams to build, maintain, and improve security measures, enabling system security as a whole.
• Threat Detection & Response: Develop security detections to identify and respond to threats in cloud environments, fostering a strong security culture and driving continuous improvements.
• Security Enablement: Define and enforce cloud security policies, collaborating with engineering teams to drive adoption and ensure consistent implementation.

📝 Enhancement Note: This role requires a seasoned security professional with a strong background in cloud security and a proven track record of driving security initiatives across large-scale cloud environments.

💻 Primary Responsibilities

• Cloud Security Architecture: Design, build, and operate scalable security solutions across cloud platforms, ensuring resilience, high availability, and automation at scale.
• Secure Cloud Infrastructure: Architect and implement cloud security controls, including access management, network security, encryption, and threat detection, following industry best practices.
• Secure Container Orchestration: Enhance container security, ensuring secure orchestration, deployment, and runtime protection.
• Security Automation: Build automation and tooling to enforce cloud security policies, integrate security into development workflows, and improve operational efficiency.
• Compliance & Standards: Develop and enforce secure cloud infrastructure standards, ensuring compliance with security and regulatory requirements.
• Threat Detection & Response: Develop security detections to identify and respond to threats in cloud environments, fostering a strong security culture and driving continuous improvements.
• Cross-Functional Collaboration: Work cross-functionally to influence security best practices, foster a strong security culture, and drive continuous improvements.

📝 Enhancement Note: This role requires a high level of technical expertise and the ability to work effectively with various teams to drive security initiatives across the organization.

🎓 Skills & Qualifications

Education: Bachelor's degree in Computer Science, Information Security, or a related field. Relevant certifications (e.g., CISSP, CISM, CCSP) are a plus.

Experience: 5+ years of experience in designing, developing, deploying, and managing security solutions for large-scale cloud environments.

Required Skills:

• Experience with Cloud Platforms (Alibaba, Tencent, GCP, etc.)
• Proficiency in Infrastructure as Code (IaC) tools such as Terraform, Ansible, or equivalent.
• Experience securing containerized workloads, including Docker and Kubernetes.
• Strong background in security monitoring and detection engineering for cloud environments.
• Hands-on experience in building security automation and tooling, integrating security into CI/CD pipelines.
• Excellent written and verbal communication skills to collaborate across engineering, security, and leadership teams.

Preferred Skills:

• Experience with cloud security tools and services (e.g., AWS Security Hub, Azure Security Center, GCP Security Command Center)
• Familiarity with cloud security frameworks and standards (e.g., CIS Benchmarks, NIST, ISO 27001)
• Knowledge of cloud security compliance and regulatory requirements (e.g., GDPR, HIPAA, PCI-DSS)
• Experience with cloud security incident response and forensics

📝 Enhancement Note: Candidates with experience in cloud security leadership roles and a proven track record of driving security initiatives will be highly sought after for this position.

📊 Web Portfolio & Project Requirements

Portfolio Essentials:

• Cloud Security Projects: Demonstrate your experience in designing, implementing, and managing secure cloud infrastructure projects.
• Threat Detection & Response: Showcase your ability to develop and implement security detections to identify and respond to threats in cloud environments.
• Security Automation: Highlight your experience in building automation and tooling to enforce cloud security policies and integrate security into development workflows.
• Compliance & Standards: Display your understanding of cloud security compliance and regulatory requirements by providing examples of how you've ensured compliance in previous roles.

Technical Documentation:

• Cloud Security Architecture: Provide detailed documentation outlining your approach to cloud security architecture, including access management, network security, encryption, and threat detection.
• Security Automation & Tooling: Document the security automation and tooling you've developed to enforce cloud security policies and integrate security into development workflows.
• Threat Detection & Response: Describe your approach to threat detection and response, including the security detections you've developed and how you've responded to threats in cloud environments.
• Compliance & Standards: Document your understanding of cloud security compliance and regulatory requirements, and provide examples of how you've ensured compliance in previous roles.

📝 Enhancement Note: As this role requires a high level of technical expertise, candidates should be prepared to provide detailed technical documentation and case studies demonstrating their experience in cloud security.

💵 Compensation & Benefits

Salary Range: IDR 35,000,000 - 50,000,000 per year (Based on market research and industry standards for senior cloud security roles in Jakarta)

Benefits:

• Competitive health, dental, and vision insurance
• Retirement savings plan with company matching
• Generous vacation and leave policies
• Employee stock purchase plan
• Professional development opportunities and training
• Flexible work arrangements and remote work options

Working Hours: Full-time, 40 hours per week, with flexible hours and the option to work remotely when needed.

📝 Enhancement Note: The salary range provided is an estimate based on market research and industry standards for senior cloud security roles in Jakarta. Actual compensation may vary based on the candidate's experience, skills, and qualifications.

🎯 Team & Company Context

🏢 Company Culture

Industry: GoTo Group is the largest digital ecosystem in Indonesia, with a mission to "Empower Progress" by offering technological infrastructure and solutions for everyone to access and thrive in the digital economy.

Company Size: GoTo Group consists of over 20,000 employees across its various business units, providing ample opportunities for career growth and collaboration.

Founded: GoTo Group was founded in 2010 and has since grown to become a leading player in the Southeast Asian tech industry.

Team Structure:

• The Cloud Security team is responsible for driving security and privacy by design within the Infrastructure lifecycle and engineering processes, as well as continuously researching and responding to evolving threats.
• The team works closely with products, engineering, and other related teams to build, maintain, and improve security measures, ensuring the security of the GoTo ecosystem.
• As a senior member of the team, you will have the opportunity to lead security initiatives, mentor junior team members, and collaborate with stakeholders across the organization.

Development Methodology:

• The Cloud Security team follows Agile development methodologies, with a focus on continuous integration, continuous deployment, and continuous improvement.
• The team uses version control systems (e.g., Git) and collaboration tools (e.g., Jira, Confluence) to manage projects and facilitate communication.
• Security is integrated into the development lifecycle, with regular code reviews, security testing, and penetration testing.

Company Website: GoTo Group

📝 Enhancement Note: GoTo Group's large and diverse team provides ample opportunities for collaboration, learning, and growth. The company's focus on empowering progress through technology makes it an exciting place for security professionals looking to make a significant impact.

📈 Career & Growth Analysis

Cloud Security Career Level: This role is a senior-level position, requiring a high level of technical expertise and leadership skills. As a senior cloud security engineer, you will be responsible for driving security initiatives, mentoring junior team members, and collaborating with stakeholders across the organization.

Reporting Structure: This role reports directly to the Chief Information Security Officer (CISO) and works closely with the products, engineering, and other related teams to build, maintain, and improve security measures.

Technical Impact: As a senior cloud security engineer, you will have a significant impact on the security of the GoTo ecosystem. Your work will ensure that the company's cloud infrastructure is secure, resilient, and compliant with industry standards and regulatory requirements.

Growth Opportunities:

• Technical Leadership: As a senior member of the team, you will have the opportunity to mentor junior team members, lead security initiatives, and drive continuous improvements in cloud security.
• Architecture & Design: With your experience in cloud security architecture, you will have the opportunity to design and implement secure cloud infrastructure solutions that meet the needs of the business.
• Emerging Technologies: As the cloud security landscape continues to evolve, you will have the opportunity to stay up-to-date with emerging technologies and trends, and apply your knowledge to drive innovation in cloud security.

📝 Enhancement Note: This role offers significant opportunities for career growth and development, both in terms of technical expertise and leadership skills. Candidates should be prepared to take on a high level of responsibility and make a significant impact on the security of the GoTo ecosystem.

🌐 Work Environment

Office Type: GoTo Group's offices are modern, collaborative workspaces designed to facilitate communication, innovation, and teamwork. The company offers flexible work arrangements, including remote work options and flexible hours.

Office Location(s): GoTo Group's headquarters are located in Jakarta, Indonesia, with additional offices in other major cities across Southeast Asia.

Workspace Context:

• Collaborative Workspace: GoTo Group's offices are designed to encourage collaboration and communication, with open-plan workspaces, meeting rooms, and breakout areas.
• Technology & Tools: The company provides state-of-the-art technology and tools to support its employees' work, including high-performance laptops, multiple monitors, and access to relevant software and applications.
• Cross-Functional Collaboration: GoTo Group's diverse team provides ample opportunities for cross-functional collaboration, with employees working closely with colleagues from various departments and business units to drive innovation and growth.

Work Schedule: GoTo Group offers flexible work arrangements, including remote work options and flexible hours. The company's core hours are from 9:00 AM to 5:00 PM, with the option to start earlier or later and make up the hours as needed.

📝 Enhancement Note: GoTo Group's flexible work arrangements and collaborative work environment provide employees with the support and resources they need to succeed in their roles. The company's focus on innovation and growth makes it an exciting place to work for security professionals looking to make a significant impact.

📄 Application & Technical Interview Process

Interview Process:

1. Phone/Video Screen: A brief conversation to discuss your experience, qualifications, and career goals. Be prepared to answer questions about your experience with cloud security, security monitoring, and automation.
2. Technical Deep Dive: A technical interview focused on your cloud security expertise. Be prepared to discuss your experience with cloud platforms, infrastructure as code, container security, and security automation. You may also be asked to complete a hands-on exercise or case study.
3. Behavioral & Cultural Fit: An interview focused on your leadership skills, communication, and collaboration abilities. Be prepared to discuss your experience working with cross-functional teams and driving security initiatives.
4. Final Review: A meeting with the hiring manager or a panel of stakeholders to discuss your qualifications, fit, and career aspirations. Be prepared to ask insightful questions about the role, team, and company.

Portfolio Review Tips:

• Cloud Security Projects: Highlight your experience in designing, implementing, and managing secure cloud infrastructure projects. Provide detailed documentation and case studies demonstrating your approach to cloud security architecture, threat detection, and response, security automation, and compliance.
• Security Automation & Tooling: Showcase your experience in building automation and tooling to enforce cloud security policies and integrate security into development workflows. Provide examples of how you've used automation to improve operational efficiency and drive continuous improvement.
• Threat Detection & Response: Demonstrate your ability to develop and implement security detections to identify and respond to threats in cloud environments. Provide examples of how you've responded to security incidents and how you've worked with cross-functional teams to improve security posture.

Technical Challenge Preparation:

• Cloud Security Architecture: Brush up on your knowledge of cloud security architecture, including access management, network security, encryption, and threat detection. Review industry best practices and relevant standards (e.g., CIS Benchmarks, NIST, ISO 27001).
• Security Automation & Tooling: Familiarize yourself with cloud security automation tools and platforms (e.g., AWS Security Hub, Azure Security Center, GCP Security Command Center). Review your experience with infrastructure as code tools (e.g., Terraform, Ansible) and CI/CD pipelines.
• Threat Detection & Response: Review your experience with cloud security monitoring and detection tools (e.g., Security Information and Event Management (SIEM) systems, Cloud Security Posture Management (CSPM) tools, Intrusion Detection Systems (IDS)). Prepare for questions about your approach to threat detection, response, and remediation.

ATS Keywords:

• Cloud Platforms: Alibaba Cloud, Tencent Cloud, Google Cloud Platform, Amazon Web Services, Microsoft Azure
• Infrastructure as Code: Terraform, Ansible, CloudFormation, Azure Resource Manager, Google Cloud Deployment Manager
• Container Security: Docker, Kubernetes, Amazon EKS, Google Kubernetes Engine, Azure Kubernetes Service
• Security Monitoring & Detection: Security Information and Event Management (SIEM), Cloud Security Posture Management (CSPM), Intrusion Detection Systems (IDS), Security Orchestration, Automation, and Response (SOAR)
• Security Automation: Infrastructure as Code (IaC), Configuration Management, Policy as Code, Compliance as Code, DevSecOps, CI/CD, GitOps
• Access Management: Identity and Access Management (IAM), Role-Based Access Control (RBAC), Attribute-Based Access Control (ABAC), Multi-Factor Authentication (MFA), Single Sign-On (SSO)
• Network Security: Firewalls, Virtual Private Networks (VPNs), Secure Socket Shell (SSH), Transport Layer Security (TLS), Secure Sockets Layer (SSL), Network Segmentation, Microsegmentation, Least Privilege Access
• Encryption: Data at Rest, Data in Transit, Encryption at Rest, Encryption in Transit, Key Management, Hardware Security Modules (HSM), Cloud Key Management Services (KMS)
• Threat Detection: Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS), Security Information and Event Management (SIEM), User and Entity Behavior Analytics (UEBA), Cloud Security Posture Management (CSPM), Cloud Security Gateway (CSG)
• Compliance: ISO 27001, ISO 27002, ISO 27018, NIST Cybersecurity Framework (CSF), GDPR, HIPAA, PCI-DSS, SOC 2, SOC 3, CIS Benchmarks, Center for Internet Security (CIS)
• Collaboration: Agile, Scrum, Kanban, DevOps, CI/CD, Git, GitHub, GitLab, Bitbucket, Jira, Confluence, Slack, Microsoft Teams, Google Workspace
• Communication: Written, Verbal, Presentation, Negotiation, Persuasion, Active Listening, Emotional Intelligence
• Leadership: Strategic Planning, Change Management, Team Building, Mentoring, Coaching, Stakeholder Management, Cross-Functional Collaboration, Decision Making, Problem-Solving, Critical Thinking

📝 Enhancement Note: As this role requires a high level of technical expertise and leadership skills, candidates should be prepared to demonstrate their experience and qualifications through a comprehensive interview process. Candidates should also be prepared to ask insightful questions about the role, team, and company to ensure a good fit.

🛠 Technology Stack & Web Infrastructure

Cloud Platforms:

• Alibaba Cloud
• Tencent Cloud
• Google Cloud Platform
• Amazon Web Services
• Microsoft Azure

Infrastructure as Code:

• Terraform
• Ansible
• CloudFormation
• Azure Resource Manager
• Google Cloud Deployment Manager

Container Security:

• Docker
• Kubernetes
• Amazon EKS
• Google Kubernetes Engine
• Azure Kubernetes Service

Security Monitoring & Detection:

• Security Information and Event Management (SIEM)
• Cloud Security Posture Management (CSPM)
• Intrusion Detection Systems (IDS)
• Security Orchestration, Automation, and Response (SOAR)

Security Automation:

• Infrastructure as Code (IaC)
• Configuration Management
• Policy as Code
• Compliance as Code
• DevSecOps
• CI/CD
• GitOps

Access Management:

• Identity and Access Management (IAM)
• Role-Based Access Control (RBAC)
• Attribute-Based Access Control (ABAC)
• Multi-Factor Authentication (MFA)
• Single Sign-On (SSO)

Network Security:

• Firewalls
• Virtual Private Networks (VPNs)
• Secure Socket Shell (SSH)
• Transport Layer Security (TLS)
• Secure Sockets Layer (SSL)
• Network Segmentation
• Microsegmentation
• Least Privilege Access

Encryption:

• Data at Rest
• Data in Transit
• Encryption at Rest
• Encryption in Transit
• Key Management
• Hardware Security Modules (HSM)
• Cloud Key Management Services (KMS)

Threat Detection:

• Intrusion Detection Systems (IDS)
• Intrusion Prevention Systems (IPS)
• Security Information and Event Management (SIEM)
• User and Entity Behavior Analytics (UEBA)
• Cloud Security Posture Management (CSPM)
• Cloud Security Gateway (CSG)

Compliance:

• ISO 27001
• ISO 27002
• ISO 27018
• NIST Cybersecurity Framework (CSF)
• GDPR
• HIPAA
• PCI-DSS
• SOC 2
• SOC 3
• CIS Benchmarks
• Center for Internet Security (CIS)

📝 Enhancement Note: As this role requires a high level of technical expertise in cloud security, candidates should be familiar with the technology stack and infrastructure used by the company. Candidates should also be prepared to discuss their experience with relevant tools, platforms, and best practices.

👥 Team Culture & Values

Cloud Security Values:

• Security by Design: Prioritize security in the design, development, and deployment of cloud infrastructure and applications.
• Threat-Informed Defense: Stay up-to-date with emerging threats and trends, and continuously improve security posture based on threat intelligence.
• Automation & Efficiency: Leverage automation and tooling to enforce security policies, improve operational efficiency, and drive continuous improvement.
• Collaboration & Communication: Work closely with cross-functional teams to drive security initiatives, foster a strong security culture, and ensure consistent implementation of security best practices.

Collaboration Style:

• Cross-Functional Integration: Work closely with developers, designers, and stakeholders to build, maintain, and improve secure cloud infrastructure and applications.
• Code Review Culture: Foster a culture of code review and peer programming to ensure the quality, security, and consistency of cloud infrastructure and applications.
• Knowledge Sharing: Encourage knowledge sharing, technical mentoring, and continuous learning to drive personal and professional growth and improve security posture.

📝 Enhancement Note: As this role requires a high level of collaboration and communication, candidates should be prepared to work effectively with cross-functional teams and drive security initiatives across the organization. Candidates should also be prepared to foster a culture of knowledge sharing, technical mentoring, and continuous learning.

⚡ Challenges & Growth Opportunities

Technical Challenges:

• Cloud Security Architecture: Design, build, and operate scalable security solutions across cloud platforms, ensuring resilience, high availability, and automation at scale.
• Secure Cloud Infrastructure: Architect and implement cloud security controls, including access management, network security, encryption, and threat detection, following industry best practices.
• Secure Container Orchestration: Enhance container security, ensuring secure orchestration, deployment, and runtime protection.
• Security Automation: Build automation and tooling to enforce cloud security policies, integrate security into development workflows, and improve operational efficiency.
• Compliance & Standards: Develop and enforce secure cloud infrastructure standards, ensuring compliance with security and regulatory requirements.
• Threat Detection & Response: Develop security detections to identify and respond to threats in cloud environments, fostering a strong security culture and driving continuous improvements.

Learning & Development Opportunities:

• Technical Skill Development: Stay up-to-date with emerging cloud security technologies, trends, and best practices. Pursue relevant certifications (e.g., CISSP, CISM, CCSP) to enhance your technical expertise.
• Conference Attendance & Networking: Attend industry conferences, webinars, and meetups to network with other cloud security professionals, learn about emerging trends, and gain insights into best practices.
• Mentorship & Leadership Development: Seek out mentorship opportunities to develop your leadership skills, technical expertise, and career progression. Consider taking on mentorship roles to help others grow and develop their skills.

📝 Enhancement Note: As this role requires a high level of technical expertise and leadership skills, candidates should be prepared to take on significant challenges and drive continuous improvement in cloud security. Candidates should also be prepared to pursue learning and development opportunities to enhance their technical expertise and career progression.

💡 Interview Preparation

Technical Questions:

• Cloud Security Architecture: Describe your approach to designing, building, and operating scalable security solutions across cloud platforms. Discuss your experience with cloud security architecture, access management, network security, encryption, and threat detection.
• Security Automation: Explain your experience with security automation and tooling, including infrastructure as code, configuration management, policy as code, and compliance as code. Discuss your approach to integrating security into development workflows and improving operational efficiency.
• Threat Detection & Response: Describe your experience with security monitoring and detection, including security information and event management, intrusion detection systems, and user and entity behavior analytics. Discuss your approach to threat detection, response, and remediation in cloud environments.
• Cloud Security Compliance: Explain your understanding of cloud security compliance and regulatory requirements, including ISO 27001, ISO 27002, ISO 27018, NIST Cybersecurity Framework (CSF), GDPR, HIPAA, PCI-DSS, SOC 2, and SOC 3. Discuss your approach to ensuring compliance in cloud environments.

Company & Culture Questions:

• Cloud Security Culture: Describe your experience working in a cloud security team and driving security initiatives across the organization. Discuss your approach to fostering a strong security culture, driving continuous improvements, and collaborating with cross-functional teams.
• Cloud Security Leadership: Explain your experience with cloud security leadership, including mentoring, coaching, and stakeholder management. Discuss your approach to driving technical innovation, architecture decisions, and security best practices.
• Cloud Security Challenges: Describe the most significant cloud security challenges you've faced in previous roles and how you've addressed them. Discuss your approach to problem-solving, critical thinking, and decision-making in the face of complex security challenges.

Portfolio Presentation Strategy:

• Cloud Security Projects: Highlight your experience in designing, implementing, and managing secure cloud infrastructure projects. Provide detailed documentation and case studies demonstrating your approach to cloud security architecture, threat detection, and response, security automation, and compliance.
• Security Automation & Tooling: Showcase your experience in building automation and tooling to enforce cloud security policies and integrate security into development workflows. Provide examples of how you've used automation to improve operational efficiency and drive continuous improvement.
• Threat Detection & Response: Demonstrate your ability to develop and implement security detections to identify and respond to threats in cloud environments. Provide examples of how you've responded to security incidents and how you've worked with cross-functional teams to improve security posture.

📝 Enhancement Note: As this role requires a high level of technical expertise and leadership skills, candidates should be prepared to demonstrate their experience and qualifications through a comprehensive interview process. Candidates should also be prepared to ask insightful questions about the role, team, and company to ensure a good fit.

📌 Application Steps

To apply for this Senior Cloud Security Engineer - CISO position:

1. Tailor Your Resume: Highlight your experience with cloud security, security monitoring, and automation. Include relevant keywords and skills to optimize your resume for applicant tracking systems (ATS).
2. Prepare Your Portfolio: Showcase your experience in designing, implementing, and managing secure cloud infrastructure projects. Provide detailed documentation and case studies demonstrating your approach to cloud security architecture, threat detection, and response, security automation, and compliance.
3. Research the Company: Learn about GoTo Group's mission, values, and culture. Prepare questions to ask during the interview process to demonstrate your interest and fit with the company.
4. Prepare for Technical Interviews: Review your experience with cloud security architecture, security automation, threat detection, and response. Brush up on your knowledge of relevant tools, platforms, and best practices. Be prepared to discuss your approach to cloud security, security automation, and threat detection and response in depth.
5. Prepare for Behavioral Interviews: Reflect on your experience working in cross-functional teams, driving security initiatives, and collaborating with stakeholders. Be prepared to discuss your approach to problem-solving, critical thinking, and decision-making in the face of complex security challenges.

⚠️ Important Notice: This enhanced job description includes AI-generated insights and web development/server administration industry-standard assumptions. All details should be verified directly with the hiring organization before making application decisions.

---