DevSecOps

About Us

INDICO is Telkomsel's subsidiary focusing on creating values in developing Indonesia's digital ecosystem. As a digital ecosystem enabler, INDICO plays a strategic role both as a platform company and a holding company. 

As a platform company, INDICO strives to create non-telecom value by enhancing user experience of Telkomsel and INDICO Group services. Currently, INDICO is building three business platforms through a B2B2C model: INDICO Commerce (digital product transaction solution), INDICO Engage (marketing solution), and INDICO DataHub (data solution).   

As a holding company, INDICO nurtures vertical businesses across sectors: Fita (health tech), Kuncie (edtech), Majamojo (game publishing), and Digital Food Ecosystem (agritech). By harnessing telecom's commercial and technological assets, INDICO aspires to create a new economy, empowering Indonesians and enabling businesses across sectors to advance Indonesia's digital economy.  

INDICO believe we can reach beyond to empower Indonesians and enable businesses through our strong core values of EPIC WAY (Excellence, Positivity, Impactful Collaboration, Customer First, Walk the Talk, Accountability, Yes-if Mindset).

Key Responsibilities:

Infrastructure & Cloud Management 

• Collaborate in designing, implementing, and maintaining secure, scalable, and cost-efficient AWS infrastructure using services such as EC2, S3, Lambda, RDS, DynamoDB, and VPC 

• Develop and maintain Infrastructure as Code (IaC) using Terraform and Terragrunt for consistent and repeatable deployments 
• Assist in monitoring and optimizing AWS resource usage to ensure cost efficiency while maintaining performance standards 
• Support implementation of AWS security best practices, including IAM policies, Secrets Manager, Security Hub, WAF, and GuardDuty, while learning compliance requirements with industry standards 

DevSecOps & CI/CD Pipeline Management 

• Build and maintain GitLab CI/CD pipelines for automated testing, building, and deployment processes 
• Integrate security controls into the DevOps lifecycle by working with tools like SonarQube, Checkmarx, or Snyk for static application security testing (SAST) and dependency scanning 
• Learn and implement DAST (Dynamic Application Security Testing) tools and processes to identify runtime vulnerabilities 
• Use SonarQube to support coding standards enforcement, identify vulnerabilities, and contribute to high-quality code practices across development teams 

 Container Orchestration & Management

• Manage containerized applications using Docker and work with orchestration platforms including Kubernetes (EKS), Amazon ECS, or Fargate 
• Learn and apply container security best practices and vulnerability scanning for Docker images 
• Contribute to designing and maintaining scalable microservices architectures using container technologies 

Monitoring & Observability 

• Set up and manage monitoring tools such as AWS CloudWatch, Prometheus, Grafana, Opentelemetry, and ELK Stack for insights into system performance, availability, and security 
• Create dashboards and alerting mechanisms for proactive incident response 
• Support logging strategies and centralized log management for security and compliance requirements 

Collaboration & Continuous Learning 

• Contribute to disaster recovery (DR) planning and backup strategies to ensure business continuity and data integrity 

• Work closely with development, operations, and security teams to ensure seamless integration and delivery of solutions 

• Continuously learn and stay updated with DevSecOps best practices and emerging technologies 

Requirements

Education 

• Bachelor's degree in Computer Science, Information Technology, Engineering, or related field 
• Equivalent professional experience and demonstrated skills will be considered 
• Continuous learning mindset and willingness to pursue additional certifications 

Technical Expertise 

• 3+ years of experience with AWS cloud services and basic architecture principles 

• 2+ years of experience with Terraform and Terragrunt or willingness to learn infrastructure automation quickly 

• Good understanding of Docker containerization and Kubernetes fundamentals 

• Experience with GitLab CI/CD or similar CI/CD tools and pipeline development 

• Basic knowledge of SAST and DAST security testing concepts with eagerness to deepen expertise 

• Familiarity with Grafana and AWS CloudWatch for monitoring and alerting 

Security & Compliance 

• Understanding of cloud security principles and AWS security services 
• Some exposure to security scanning tools (SonarQube, Checkmarx, Snyk, etc.) 
• Basic knowledge of compliance frameworks and security best practices 
• Interest in learning threat modeling and risk assessment methodologies  

Development & Scripting 

• Proficiency in at least one scripting language (Python, Bash, PowerShell) 
• Strong experience with version control systems (Git) and collaborative development workflows 
• Good understanding of software development lifecycle and agile methodologies  

Soft Skills 

• Strong problem-solving mindset and willingness to learn 
• Good communication and collaboration abilities 
• Ability to work effectively in team environments 
• Strong desire for continuous learning and professional growth 

Preferred Qualifications 

• AWS certifications (Cloud Practitioner, Solutions Architect Associate, or willingness to pursue) 
• Experience with additional monitoring tools (Prometheus, ELK Stack, DataDog) 
• Interest in serverless architectures and AWS Lambda and ECS. 
• Basic understanding of database concepts and optimization 
• Experience with version control branching strategies and code review processes 
• Previous exposure to multi-cloud or hybrid cloud environments