Please mention DailyRemote when applying
Your application and all hiring communication for this role run through the Techy Recruiter team.
Ajaib is an Indonesian investment platform helping people access and manage investments across stocks, crypto, and U.S. stocks. As the platform continues to grow, protecting our customers, products, and technology is fundamental to maintaining trust.
We’re looking for a DevSecOps Lead to embed security into the way we build, deploy, and operate our technology.
You’ll lead DevSecOps across Ajaib’s engineering and security organisations.
This is a hands-on leadership role focused on making security an integrated and automated part of the software-development lifecycle. You’ll work closely with engineering, platform, infrastructure, application security, cloud, and operations teams to build secure delivery pipelines, strengthen cloud controls, and reduce risk without slowing down releases.
You’ll define the DevSecOps roadmap, improve security automation, and help engineering teams adopt secure practices across applications, infrastructure, containers, and cloud environments.
Define and lead Ajaib’s DevSecOps strategy, roadmap, standards, and operating model
Embed security controls throughout the software-development lifecycle
Integrate security testing into CI/CD pipelines across applications, services, and infrastructure
Implement and improve SAST, DAST, software-composition analysis, secrets detection, container scanning, and infrastructure-as-code scanning
Build automated security guardrails that help teams identify and resolve issues early
Partner with engineering and platform teams to improve the security of build, deployment, and release processes
Strengthen security across cloud environments, containers, Kubernetes, APIs, backend services, and internal platforms
Establish secure infrastructure-as-code practices and reusable security patterns
Improve identity, access, secrets, keys, and privileged-access controls across engineering environments
Define secure configuration baselines for cloud services, containers, workloads, and deployment platforms
Automate vulnerability identification, prioritisation, assignment, remediation tracking, and verification
Work with application security and engineering teams to reduce false positives and make security findings actionable
Support threat modelling, architecture reviews, and security assessments for new systems and platforms
Improve logging, monitoring, alerting, and detection across development and production environments
Partner with incident-response teams to strengthen readiness, containment, recovery, and post-incident improvements
Assess and improve software-supply-chain security, including dependencies, artefacts, build systems, and third-party components
Define DevSecOps metrics and provide clear reporting on security coverage, risk, and remediation progress
Build security knowledge across engineering teams through documentation, training, tooling, and practical guidance
Mentor DevSecOps and security engineers and help grow the function as Ajaib scales
Strong experience in DevSecOps, cloud security, platform security, security engineering, or infrastructure security
Experience leading DevSecOps programmes, technical initiatives, or security-engineering teams
Hands-on experience building and securing CI/CD pipelines
Strong knowledge of cloud security, containers, Kubernetes, infrastructure as code, and modern software-delivery practices
Experience implementing security tools such as SAST, DAST, software-composition analysis, secrets scanning, container scanning, and infrastructure-as-code scanning
Strong understanding of software-supply-chain security and secure build practices
Experience with cloud platforms such as AWS, Google Cloud, or Azure
Experience with tools such as Terraform, Kubernetes, Docker, GitHub Actions, GitLab CI, Jenkins, or similar technologies
Ability to write automation and integrations using languages such as Python, Go, Bash, or JavaScript
Strong understanding of identity and access management, secrets management, encryption, key management, and privileged access
Experience managing vulnerabilities across applications, cloud environments, infrastructure, and third-party components
Understanding of secure software-development practices, threat modelling, and application-security principles
Ability to translate security requirements into practical engineering controls and automated workflows
Strong communication and stakeholder-management skills
Strong written and spoken English
Previous experience within fintech, banking, brokerage, payments, investment, or cryptocurrency platforms
Experience securing high-availability or highly regulated financial systems
Familiarity with policy-as-code tools and automated compliance controls
Experience with cloud-native security tooling and runtime protection
Knowledge of service meshes, microservices, API gateways, and distributed architectures
Experience with security-information and event-management platforms and cloud-security monitoring
Familiarity with frameworks and standards such as NIST, CIS Benchmarks, ISO 27001, or PCI DSS
Experience building a DevSecOps programme in a fast-growing organisation
Certifications such as CISSP, CCSP, CSSLP, CKS, AWS Security Specialty, or equivalent
High-impact ownership: shape how security is embedded across Ajaib’s engineering and delivery practices
Meaningful technical challenges: secure cloud platforms, CI/CD pipelines, containers, applications, and financial systems
Real influence: partner directly with engineering and platform teams to improve how technology is built and operated
Security at scale: create automation and guardrails that protect the business as it grows
Leadership opportunity: define DevSecOps standards, mentor engineers, and help build a strong security-engineering culture
Meaningful mission: help protect customers, investments, personal data, and financial transactions
A few things worth knowing before you apply:
Interviews may include technical, leadership, and DevSecOps scenario discussions. You may be asked to review a delivery pipeline, assess a cloud architecture, design an automated security control, or explain how you would introduce security without slowing down engineering teams.
Please do not include confidential information, customer data, source code, credentials, security findings, or proprietary details from current or previous employers during the interview process.
If you need accommodations at any stage of the recruitment process, please let us know in your application.
About Techy Recruiter
Techy Recruiter is a boutique hiring partner for startups and scaleups across Europe and the Gulf. We run searches end to end and care about a clear, fair process for every person who applies.
Equal opportunity
We assess people on merit. All applicants are welcome regardless of background, and we do not discriminate on any basis protected by law.
Your data
We treat your information as confidential and use it only for this hiring process.
Stop the endless job search. Our AI finds and applies to the best jobs for you.
Discover remote opportunities in Software Development
Answer easy questions
200,000+ jobs across 15+ categories
Get your best job matches
Only hand-screened, legit jobs
Find a remote job faster
No ads, scams, or junk
“ I was the first applicant for a remote marketing position that got listed on the company website the same day I applied. Had an interview within 48 hours!