About This Role

Halodoc is seeking an experienced Engineering Manager, Security to lead our efforts across Application Security, Cloud Security, and Security Operations. This role requires a strategic thinker with deep technical expertise and strong leadership capabilities to build and manage a high-performing security team.

As Engineering Manager, you will define and drive Halodoc’s security strategy across products and infrastructure, ensuring security is embedded throughout the software development lifecycle. You will collaborate closely with engineering, product, and business teams to identify risks, design secure solutions, and respond proactively to threats.

The ideal candidate will have a deep understanding of application security, cloud security architectures, and security operations, along with the ability to lead cross-functional initiatives. You must also possess strong communication skills to articulate complex security concepts to both technical and non-technical stakeholders. We value individuals who are passionate about staying ahead in security, leveraging emerging technologies like AI/ML, LLMs, and adopting innovative methodologies to enhance our security posture.

Responsibilities

• Lead and mentor team of security engineers across Application Security, Cloud Security, and Security Operations.
• Partner with senior leadership to define and execute Halodoc’s long-term security strategy.
• Foster a culture of collaboration, innovation, and continuous learning within the security team.
• Set clear goals and KPIs aligned with broader organizational objectives.
• Provide technical guidance and professional development support to team members.
• Act as a bridge between the security team and other verticals, ensuring seamless collaboration and shared ownership of security outcomes.
• Oversee implementation of secure development practices, including threat modeling, secure code reviews, and penetration testing.
• Lead the adoption and optimise the automated security tools (e.g., SAST, SCA, DAST) into the CI/CD pipeline to identify and address security vulnerabilities at the earliest stages of development.
• Collaborate with engineering teams to architect secure software solutions, balancing security, performance, usability, and cost-efficiency.
• Coordinate the remediation of vulnerabilities identified through internal testing, automated scanning, and public bug bounty programs.
• Stay up-to-date with emerging cloud security threats and technologies, ensuring Halodoc remains resilient against evolving risks.
• Lead incident response activities, including detection, containment, remediation, and post-mortem analysis.
• Evaluate and recommend security tools, technologies, and methodologies to enhance the organization's defense capabilities.
• Represent Halodoc at industry conferences, forums, and events, showcasing our commitment to security excellence.
• Engage with the broader security community through blogs, research, talks, or contributions to open-source initiatives.

Qualifications

• 8–10 years of experience in cybersecurity, with 3–5 years in a leadership or managerial role.
• In-depth knowledge of application security principles, secure coding practices, vulnerability management, and penetration testing.
• Deep experience with security on one, or more of, AWS, Azure, or GCP.
• Hands-on experience designing and managing security operations processes (e.g., incident response, SIEM, threat hunting, log analysis).
• Excellent verbal and written communication skills, with the ability to convey complex topics to diverse audiences.
• Demonstrated ability to lead and scale high-performing teams while driving measurable security improvements.

Preferred Qualifications

• Public contributions to the security community (e.g., blog posts, conference presentations, open-source tools or research).
• Familiarity with AI/ML-specific security challenges (e.g., prompt injection, model poisoning, privacy leakage).
• Relevant certifications such as CISSP, CISM, OSCP, or AWS Certified Security – Specialty.