Senior Security Engineer
Tentukan strategi keamanan
Sebagai Senior Security Engineer, Anda akan mendefinisikan strategi keamanan dan roadmap untuk produk dan infrastruktur Pigment. Anda akan bekerja sama dengan tim produk dan teknik untuk mengembangkan fitur keamanan baru dan meningkatkan kontrol keamanan. Anda juga akan bertanggung jawab untuk melakukan analisis risiko dan memberikan saran teknis kepada tim pengembang dan manajer produk.
Kenapa Menarik?
Bergabung dengan Pigment untuk mengembangkan karir Anda di bidang keamanan siber dan menjadi bagian dari tim yang dinamis dan inovatif.
Tanggung Jawab Utama
- Mendefinisikan strategi keamanan dan roadmap
- Melakukan analisis risiko dan memberikan saran teknis
- Mengembangkan fitur keamanan baru dan meningkatkan kontrol keamanan
Persyaratan
- Pengalaman di bidang keamanan siber
- Pengetahuan tentang kerangka kerja keamanan SOC 2 dan ISO 27001
- Kemampuan untuk bekerja sama dengan tim produk dan teknik
Skills Wajib
Konteks Indonesia
- Overlap Jam Kerja:
- Fleksibel — atur jam kerjamu sendiri
Keywords
Lihat Deskripsi Asli dari Lever Postings
Deskripsi asli dari Lever Postings
Join Pigment: The AI Platform Redefining Business Planning Pigment is the AI-powered business planning and performance management platform built for agility and scale. We connect people, data, and processes in one intuitive, feature-rich solution, empowering every team—from Finance to HR—to build, adapt, and align strategic plans in real time. Founded in 2019, Pigment is one of the fastest-growing SaaS companies globally. Industry leaders like Unilever, Snowflake, Siemens, and DPD use Pigment daily to make more informed decisions and confidently navigate any scenario. With a team of 600+ across Paris, London, New York, Toronto, San Francisco and Austin, we've raised nearly $400M from top-tier investors and were named a Visionary in the 2024 Gartner® Magic Quadrant™ for Financial Planning Software. At Pigment, we take smart risks, celebrate bold ideas, and challenge the status quo—all while working as one team. If you're driven by innovation and ready to make an impact at scale, we’d love to hear from you. The opportunity In the context of a rapid growth and a strong focus on AI adoption, Pigment’s security team is well established and expanding in the area overseeing its engineering operations, with a broad project portfolio to bring to fruition. This position will contribute in the execution of this very exciting roadmap with a strong focus on application and infrastructure security, and will allow the candidate to acquire or improve a wide range of skills from governance to technical expertise, reporting to the CISO. Our operations are notably integrated into a rigorous SOC 2 and ISO 27001 certification framework. This role encompasses a broad range of security domains. While immediate expertise in all areas is not required, proficiency across these fields will be beneficial. Key responsibilities include: Security Strategy & Roadmap: Define a risk-driven security roadmap for Pigment's product and infrastructure. This includes designing new security features within the product and continuously enhancing defense-in-depth controls. Prioritise the roadmap items, and exercise influence on the product and engineering team to obtain their buy-in in their delivery Technical Security Advisory & Risk Assessment: Serve as a security advisor for developers, product managers, and other key stakeholders. Proactively identify and assess project-related risks and conduct thorough security reviews of code, architecture, and configurations. Deliver actionable solutions that strike an acceptable balance between risk and business benefit, escalating any high-stakes occurrences that require senior management intervention or arbitration. Security Assurance & Testing: Participate in security assurance activities, such as coordinating third-party audits, conducting internal code, architecture and configuration reviews, managing red team exercises, and overseeing the bug bounty program. Facilitate the compliance efforts by measuring and managing controls KPIs Vulnerability Management: Drive the end-to-end vulnerability remediation process, covering detection, reproduction, scoring, triage, prioritization, design or validation of mitigation strategies, verification of remediation, and management/improvement of vulnerability KPIs. Monitoring & Incident Detection: Continuously improve our security monitoring and incident detection capabilities, working with infrastructure and development teams to identify and collect relevant datapoints, identify security events having a high signal/noise ratio and implement alerts and response playbooks for them. Incident Response & Automation: Contribute to security investigations related to incident response and fraud. Develop automated routines to enhance efficiency in these areas. Security Evangelism: Participate in developing and delivering employee security awareness training. Act as a security evangelist, particularly for key internal groups such as product teams and developers and SREs. Example projects that would fall under the remit of the candidate: Drive the secure design and development of Pigment’s AI-powered features (including MCP Server and Modeler Agent) by performing threat modeling, conducting design reviews, partnering closely with engineers, and performing security assessments. Continuous improvement of the implementation of least privilege across the production environment, and CI/CD Improve the efficiency of Security processes, leveraging automation and AI systems (ex: SIEM) Environment The scope of this role is centered around the production environment (although some projects could be related to internal IT security) Sites in Paris, London and NYC Macos, Windows, Linux GCP, Kubernetes, Terraform, Postgres, SingleStore, Vault Okta, OAuth, JWT, C#, .NET Core, TypeScript, React, Python, Go Datadog (SIEM), CloudFlare ZTNA, Falco, Wiz, Riot Google Workspace, Jumpcloud, Vanta, Hibob, Slack, GitHub, HackerOne Compliance: SOC1, SOC2, ISO27001 Who you are You have at least 5 years of experience on security topics, either as Security Engineer or Security consultant (of course, you can be more experienced too). You are hands-on (the position does not include people management). You have strong technical expertise in security and broad background in tech (development, databases, networking, web, etc) You have great team spirit with a problem-solving, can-do attitude. You have a good dose of humility and the willingness to grow and help your team grow (no matter your seniority). You speak English fluently. #LI-GP1 #LI-REMOTE
Data & laporan pasar
Riset gaji & permintaan skill dari data lowongan kami sendiri.
- Lowongan IT Indonesia vs Remote Global (2026)Analisis data primer 2.049 lowongan: metodologi, klasifikasi, dataset bisa diunduh.
- Permintaan Skill AI: Indonesia vs Global (2026)10.000+ lowongan, classifier taxonomy-first, Wilson CI, pra-registrasi sebelum analisis.
- Laporan Hiring Indonesia: Tech vs Non-TechPermintaan lowongan per bidang dari hitungan agregat — bukan listing per-listing.
- Benchmark Gaji IndonesiaKisaran gaji agregat lintas peran, dengan metodologi dan dataset terbuka.
- Laporan Pasar Remote per PeranLaporan otomatis per kelompok peran — skill, senioritas, perusahaan, gaji.
