Mekari is Indonesia's no. 1 Software-as-a-Service (SaaS) company. With our ecosystem of software solutions—including Mekari Jurnal, Mekari Talenta, Mekari Qontak, and Mekari Flex, we aim to facilitate entrepreneurs and leaders as they accelerate the digital transformation of their businesses.

In our 10+ years of journey we have reached over 1 Million platform users, and we're not planning to stop any time soon. We need more people like you: builders and owners with calculated ambition who are eager to grow and create their #BiggestImpact.

Key responsibilities:

Security Alignment Across Product Teams:

• Act as a central security point of contact and collaborate closely with product tribes and engineering squads to align on security initiatives and priorities
• Understand the security needs and challenges of different product areas and tailor security guidance accordingly
• Proactively engage with product teams to embed security into their workflows and development processes
• Advocate for security best practices and secure development methodologies across the organization.

Proactive Security Design Reviews:

• Conduct thorough security reviews of product designs, including Product Requirements Documents (PRDs) and Requests for Comments (RFCs), to identify potential security vulnerabilities and design flaws before implementation
• Perform threat modeling exercises on new product features and functionalities to anticipate potential attack vectors
• Provide actionable and timely security feedback to product and engineering teams, ensuring security considerations are integrated from the earliest stages of development
• Collaborate with architects and engineers to propose secure design patterns and mitigations.

Vulnerability Management Program Development and Maintenance:

• Collaborate with the Offensive Security Engineer to develop, implement, and maintain a comprehensive vulnerability management program focused on our products
• Define processes and workflows for vulnerability intake, triage, prioritization, remediation tracking, and reporting within the product context
• Work with product and engineering teams to ensure timely remediation of identified vulnerabilities, based on risk and business impact
• Continuously improve the vulnerability management program based on feedback, lessons learned, and industry best practices
• Track vulnerability metrics and generate reports to provide visibility into product security posture and remediation efforts.

Requirements:

• 5+ years of experience in product security, application security, or a related security engineering roles
• Strong understanding of secure software development lifecycle (SSDLC) principles and methodologies
• Proven experience in conducting security design reviews and threat modeling
• Solid understanding of common web application and product vulnerabilities (OWASP Top 10, etc.) and mitigation techniques
• Experience working with product development teams in an Agile or similar environment
• Familiarity with vulnerability management processes and tools
• Excellent communication, collaboration, and interpersonal skills, with the ability to influence and guide technical teams
• Ability to clearly articulate security risks and recommendations to both technical and non-technical audiences
• Understanding of common software development technologies and architectures.

Our team will review your application and will be in touch if your application is shortlisted to the next stage. If you do not hear from us in 30 days, we will keep your resume on file in case a relevant opportunity opens up. 

Don't forget to check our Recruitment FAQ at https://bit.ly/FAQMekariRecruitment  [ENG] or https://bit.ly/FAQRekrutmenMekari [INA] to find the answers to commonly asked questions regarding our recruitment process.

We wish you the best. Hope to see you around soon!