Back to search:Soc L2 / Pondok Aren

What You Will Do

  • Monitor and analyze security events using SIEM platforms such as Microsoft Sentinel, Splunk, Wazuh, or Google SecOps.
  • Triage and investigate security alerts to determine their nature, severity, and impact.
  • Perform in-depth analysis of potential security incidents and escalate confirmed threats to appropriate teams.
  • Coordinate with Tier 1 analysts and incident response teams to ensure effective containment, eradication, and recovery.
  • Maintain detailed documentation of investigations, actions taken, and incident resolution timelines.
  • Refine and enhance SOC playbooks, response workflows, and detection rules.
  • Perform proactive threat hunting using IOCs and behavioral patterns from internal and external threat intelligence.
  • Provide insights and recommendations for system hardening, patching, and configuration improvements.
  • Mentor and support SOC L1 analysts through technical guidance and knowledge sharing.

What You Will Need

  • 3–5 years of experience in cybersecurity operations, threat detection, or IT security.
  • Hands-on experience with at least one SIEM solution (e.g., Sentinel, Splunk, Wazuh, Google SecOps).
  • Proficient in log analysis across diverse platforms (Windows, Linux, cloud services).
  • Knowledge of common attack vectors, tactics, and techniques (e.g., OWASP Top 10, MITRE ATT&CK).
  • Ability to respond calmly and effectively in high-pressure incident scenarios.

Nice to Have

  • Industry certifications: CompTIA Security+, SC-200, Google Security, or equivalent.
  • Basic scripting ability (Python, PowerShell, Bash) for automation and log parsing.
  • Exposure to cloud security monitoring (Azure Security Center, AWS GuardDuty, GCP SOC).
  • Familiarity with case management and SOAR platforms.

SOC Operational Focus

  • Detection & Analysis: Identify real threats from false positives using contextual analysis and security telemetry.
  • Incident Handling: Drive the incident lifecycle from identification through containment and recovery.
  • Threat Intelligence Integration: Enrich alerts with threat intel to improve detection fidelity.
  • Reporting & Metrics: Contribute to weekly threat trend reports, KPIs, and post-incident summaries.
  • Continuous Improvement: Participate in SOC tuning activities and detection use-case refinement.

Work Schedule

This role operates in two rotational shifts during working days:

(Morning): 7:00 AM – 4:00 PM

(Afternoon): 1:00 PM – 10:00 PM

Apply on the website