About
Application Security Engineer with 5+ years of experience in securing 1,800+ cloud-native services and leading AppSec automation across Southeast Asia’s largest platforms. Proven success integrating DevSecOps and threat modeling at scale, with measurable impact on vulnerability detection and developer efficiency.
Work
→
Summary
One of Indonesia's leading online travel agencies, serving over 20 million users with a comprehensive platform for flights, hotels, train tickets, and more. Part of the Blibli ecosystem, tiket.com plays a key role in shaping digital travel experiences across Southeast Asia.
Highlights
Led DevSecOps implementation and onboarding organization-wide.
→
Summary
Led Tokopedia security integration during platform migration at ByteDance, improving vulnerability detection, asset coverage, and compliance.
Highlights
Drove security integration for a large-scale migration project, covering 1,800+ repositories and 1,300+ domains/IPs across a major e-commerce platform.
Contributed to PCI DSS scans and compliance for multiple cloud instances.
Led security readiness and control validation for 80+ services during platform migration, including WAF, HIDS, and source control enforcement.
Launched quick-check threat modeling template used for 199 projects, reducing developer friction while meeting compliance standards.
Led GoTo Logistics (GTL) security unification by rolling out whitebox/blackbox coverage and enforced repo-level security controls.
→
Summary
Joined Devsecops team after the merger of Gojek and Tokopedia. Integrating security tools and implementation between two platform during the migration phase and securing more of GOTO tribes.
Highlights
Implement GHAS (SAST) for Bridestory tribe, introduce additional security control for Bridestory repository.
Implement blocking for critical findings in SQLi and RCE (Code Scan), we managed to reduce the critical alerts by about 90% from this initiative
Implementing the Shift-Left on Goto Logistic (GTL) by utilizing GHAS security scan capabilities with a blocking system following Toko successful initiative in reducing security findings.
Integrating the deployment-blocking on Dependency (Dependabot) critical vulnerability in Tokopedia CI/CD in Clusters
→
Summary
Indonesia's largest e-commerce platform and technology company, empowering over 100 million monthly active users and 11 million merchants nationwide. Tokopedia drives digital transformation across commerce, logistics, and financial services in Southeast Asia.
Highlights
Develop Automation Tools for Product Security
Maintaining security dashboard across all Security team to follow up security findings from SAST, DAST, PRISMA, Rapid7 and enforce internal security policy
Cross collaboration with Engineering Productivity team to drive vulnerability management to remediate vulnerabilities reported from GHAS Code Scanning and Dependabot
Built centralized RBAC and automation for provisioning/ deprovisioning user access on external/ internal tools
→
Summary
A pioneering Indonesian electronics company founded in 1975, specializing in the design, manufacturing, and distribution of consumer electronics such as TVs, refrigerators, audio systems, air conditioners, and smartphones.
Highlights
Developed Polytron HR supporting apps and panels
Configure and manage Dockerization on projects (NodeJs, Golang, PHP)
Skills
Programming Languages & Frameworks
Go, Python, Javascript, React, Java, Node.js, PHP, Groovy.
Security Practices
Security Technical Review, Secure SDLC, Threat Modeling, DevSecOps.
Infra & Databases
Docker, Kubernetes, AWS, GCP, MySQL, Postgres, MongoDB.
Security Tools & DevOps
SAST, DAST, SCA, Jenkins, Ansible, Github Actions, GItlab CI/CD.
