DevSecOps

About Us INDICO is Telkomsel's subsidiary focusing on creating values in developing Indonesia's digital ecosystem. As a digital ecosystem enabler, INDICO plays a strategic role both as a platform company and a holding company.

As a platform company, INDICO strives to create non-telecom value by enhancing user experience of Telkomsel and INDICO Group services. Currently, INDICO is building three business platforms through a B2B2C model: INDICO Commerce (digital product transaction solution), INDICO Engage (marketing solution), and INDICO DataHub (data solution).

As a holding company, INDICO nurtures vertical businesses across sectors: Fita (health tech), Kuncie (edtech), Majamojo (game publishing), and Digital Food Ecosystem (agritech). By harnessing telecom's commercial and technological assets, INDICO aspires to create a new economy, empowering Indonesians and enabling businesses across sectors to advance Indonesia's digital economy.

INDICO believe we can reach beyond to empower Indonesians and enable businesses through our strong core values of EPIC WAY (Excellence, Positivity, Impactful Collaboration, Customer First, Walk the Talk, Accountability, Yes-if Mindset).

Key Responsibilities Infrastructure & Cloud Management

Collaborate in designing, implementing, and maintaining secure, scalable, and cost-efficient AWS infrastructure using services such as EC2, S3, Lambda, RDS, DynamoDB, and VPC

Develop and maintain Infrastructure as Code (IaC) using Terraform and Terragrunt for consistent and repeatable deployments

Assist in monitoring and optimizing AWS resource usage to ensure cost efficiency while maintaining performance standards

Support implementation of AWS security best practices, including IAM policies, Secrets Manager, Security Hub, WAF, and GuardDuty, while learning compliance requirements with industry standards

DevSecOps & CI/CD Pipeline Management

Build and maintain GitLab CI/CD pipelines for automated testing, building, and deployment processes

Integrate security controls into the DevOps lifecycle by working with tools like SonarQube, Checkmarx, or Snyk for static application security testing (SAST) and dependency scanning

Learn and implement DAST (Dynamic Application Security Testing) tools and processes to identify runtime vulnerabilities

Use SonarQube to support coding standards enforcement, identify vulnerabilities, and contribute to high-quality code practices across development teams

Container Orchestration & Management

Manage containerized applications using Docker and work with orchestration platforms including Kubernetes (EKS), Amazon ECS, or Fargate

Learn and apply container security best practices and vulnerability scanning for Docker images

Contribute to designing and maintaining scalable microservices architectures using container technologies

Monitoring & Observability

Set up and manage monitoring tools such as AWS CloudWatch, Prometheus, Grafana, Opentelemetry, and ELK Stack for insights into system performance, availability, and security

Create dashboards and alerting mechanisms for proactive incident response

Support logging strategies and centralized log management for security and compliance requirements

Collaboration & Continuous Learning

Contribute to disaster recovery (DR) planning and backup strategies to ensure business continuity and data integrity

Work closely with development, operations, and security teams to ensure seamless integration and delivery of solutions

Continuously learn and stay updated with DevSecOps best practices and emerging technologies

Education

Bachelor's degree in Computer Science, Information Technology, Engineering, or related field

Equivalent professional experience and demonstrated skills will be considered

Continuous learning mindset and willingness to pursue additional certifications

Technical Expertise

3+ years of experience with AWS cloud services and basic architecture principles

2+ years of experience with Terraform and Terragrunt or willingness to learn infrastructure automation quickly

Good understanding of Docker containerization and Kubernetes fundamentals

Experience with GitLab CI/CD or similar CI/CD tools and pipeline development

Basic knowledge of SAST and DAST security testing concepts with eagerness to deepen expertise

Familiarity with Grafana and AWS CloudWatch for monitoring and alerting

Security & Compliance

Understanding of cloud security principles and AWS security services

Some exposure to security scanning tools (SonarQube, Checkmarx, Snyk, etc.)

Basic knowledge of compliance frameworks and security best practices

Interest in learning threat modeling and risk assessment methodologies

Development & Scripting

Proficiency in at least one scripting language (Python, Bash, PowerShell)

Strong experience with version control systems (Git) and collaborative development workflows

Good understanding of software development lifecycle and agile methodologies

Soft Skills

Strong problem-solving mindset and willingness to learn

Good communication and collaboration abilities

Ability to work effectively in team environments

Strong desire for continuous learning and professional growth

Preferred Qualifications

AWS certifications (Cloud Practitioner, Solutions Architect Associate, or willingness to pursue)

Experience with additional monitoring tools (Prometheus, ELK Stack, DataDog)

Interest in serverless architectures and AWS Lambda and ECS.

Basic understanding of database concepts and optimization

Experience with version control branching strategies and code review processes

Previous exposure to multi-cloud or hybrid cloud environments

#J-18808-Ljbffr