SecurXcess technical defense team operates directly on customer sites, monitoring and responding to network threats to ensure resilient and secure infrastructures.
Requirements- Bachelor’s degree in Information Technology or a related field.
- Based in Medan (onsite assignment).
- Minimum 1 year of experience as a Security Engineer or related role.
- Strong understanding of TCP/IP and common application protocols (DNS, HTTP/S, SMB, DHCP).
- Hands‑on experience with network analysis tools such as Wireshark or tcpdump.
- Familiarity with open-source tools (Zeek, Suricata) or commercial NDR platforms (Vectra, Darktrace, ExtraHop, etc.).
- Proficiency in Linux command‑line operations.
- Basic scripting skills in Python or Bash for automation and log analysis.
- Knowledge of the MITRE ATT&CK framework, IDS/IPS, and firewall architecture.
- Understanding of NDR and SIEM operations.
- Monitor and analyze dashboards and alerts generated by the NDR platform in real time.
- Investigate network anomalies and security alerts to determine real incidents versus false positives.
- Conduct deep packet inspection (PCAP analysis) to identify attack behaviors such as lateral movement, C2 communication, or data exfiltration.
- Act as the primary technical responder for network‑based incidents and collaborate closely with SOC and IR teams.
- Support containment and remediation efforts by isolating affected systems and blocking malicious traffic.
- Provide critical network forensics data to support post‑incident investigations.
- Adjust and elevate NDR detection rules to reduce false positives and improve detection accuracy.
- Develop and elevate custom detection rules based on emerging threats, vulnerabilities (CVEs), and attacker TTPs.