IAM Security Engineer

About Amartha

At Amartha, we empower micro-businesses across Indonesia, enabling growth and equal prosperity. We've supported over 3.6 million enterpreneurs–mostly women–by disbursing IDR 37 trillion in funding. As we step into 2025, Amartha is evolving into a technology-driven financial ecosystem, expanding our reach in lending, funding, and payments. Through innovation and digital solutions, we aim to enhance accessibility, streamline processes, and create a seamless user experience.

Roles and Responsibilities:

System Integration & Orchestration:

• Design, build, and maintain a centralized identity management system that integrates diverse platforms (SaaS, Legacy On-premise, Cloud Infrastructure).
• Develop end-to-end integration workflows to ensure a seamless "Single Source of Truth" for identities across the organization.
• Implement Single Sign-On (SSO) and automated provisioning across various business units to eliminate login fatigue and manual overhead.

Risk Mitigation & Governance:

• Execute Regular Identity & Access Reviews to identify and remediate "Access Creep," dormant accounts, and unauthorized privilege escalations.
• Maintain the User Access Matrix (UAM), ensuring that every permission is justified by a specific business need.
• Design automated reporting dashboards to monitor identity health and alert on high-risk access anomalies.

Lifecycle Management & Authentication:

• Automate the identity lifecycle (Joiner-Mover-Leaver) to ensure immediate access on day one and instant revocation upon termination.
• Manage and optimize advanced security layers, including Multi-Factor Authentication (MFA) and Conditional Access policies.
• Monitor systems for irregular behavior and set up preventive measures

Regulatory Compliance:

• Ensure all IAM processes strictly adhere to Government Regulation, Industry and International Standards, and the Personal Data Protection (PDP) Law.
• Act as the primary technical point of contact for identity-related audits and regulatory inspections.

Requirements

• 5+ years of related job experience
• Excellent analytical and interpersonal skills
• Ability to express technical information clearly at different organizational levels
• Having relevant certification are preferable 
• Familiarity with Cloud Security concepts, principles, and technologies
• Experienced managing Identify & Access tools such as Keycloack, Authentik, Authelia, JumpCloud
• Familiar with Cloud Platform such as GCP, AWS 
• Proficiency in scripting (Python, PowerShell, or Go) to automate system integrations.
• Deep understanding of SAML, OAuth2, OIDC, SCIM, and LDAP.
• Fluent in English and Bahasa Indonesia, with the ability to explain security risks to non-technical stakeholders.
• Tools familiarity : Python, Bash, TerraFrom, Ansible, GitHub, Jenkins, Artifactory, Jira, Terraform, Git, Nessus, NMap, Metasploit