IT Security Operation Center (SOC) L1 & L2

IT SOC L1

Job Description:

• Daily Operation.
• Alert Incident Handling.
• Service request & complaint handling.
• Continuous Improvement.
• Audit Security & Compliance.
• Support Regional Event, Configuration Management (Standard Change Deployment).
• Analyse and monitor it security devices (Cortex XSIAM Palo Alto) include EDR, XDR, SOAR, ASM, UBA, TIP, and SIEM.
• Provide solutions and give recommendations to the customer according to their needs.
• Preventive and corrective maintenance.
• Monitoring and collaboration and security device.
• Responsive services.
• Ensure continued smooth operation of the network infrastructure, minimize network downtime users.
• Proactively monitor and analyse network performance to detect and resolve issues.
• Report day to day (Reporting dan Documentation).

Requirement:

• Have min 1-year experience in Cyber Security or at least 1-year of working as a L1 SOC or fresh graduate are welcome.
• Responsible for working in a 24x7 (Shifting).
• Have min security certification
• Have knowledge of Security, endpoint, and Network.
• Have knowledge concept cyber-attacks and techniques, threat vector, risk, and incident management.
• Have knowledge of various operating system like Windows, Linux, Unix, etc.
• Have good attitude.
• Can performed evaluation false positive alert/issue/vulnerability.
• Have good knowledge for develop and improve processes for monitoring and incident.

IT SOC L2

1. Incident Response and Investigation:

• Perform in-depth investigations of security incidents, analysing security alerts, and developing incident reports.
• Analyse security events from various sources, including SIEM (Security Information and Event Management) tools, intrusion detection systems, firewalls, and antivirus software.

2. Threat Detection and Analysis:

• Identify and classify security threats based on their severity and potential impact on the organization.
• Monitor and respond to real-time security alerts, escalating incidents to higher-level analysts or management as necessary.

3. Security Tool Management:

• Manage and fine-tune security monitoring tools to enhance detection capabilities.
• Assist in creating and updating playbooks for incident response and threat hunting.

4. Collaboration and Communication:

• Work with cross-functional teams, including IT, development, and compliance, to ensure a cohesive approach to security.
• Communicate findings, risks, and recommendations to stakeholders clearly and effectively.

5. Documentation and Reporting:

• Maintain detailed documentation of security incidents, responses, and the overall security posture of the organization.
• Contribute to regular security reports and metrics for management reviews.

6. Continuous Improvement:

• Stay updated on the latest cybersecurity trends, threats, and best practices.
• Participate in training and professional development opportunities to enhance skill sets and knowledge.

Requirement:

1. Minimum 2 years of experience in Cyber security/SOC

2. Proficient in Incident Management and Response

3. In-depth knowledge of security concepts such as cyber-attacks and techniques, threat vectors, risk management, incident management etc.

4. Responsible for working in a 24x7 Security Operation Centre (SOC) environment.

5. Provide analysis and trending of security log data from a large number of heterogeneous security devices

6. Analyze and respond to previously undisclosed software and hardware vulnerabilities

7. Investigate, document, and report on information security issues and emerging trends

8. Integrate and share information with other analysts and other teams.

9. Knowledge of various operating system flavors including but not limited to Windows, Linux, Unix.

10. Have experience operation SIEM Dashboard, Use Case and Policy related with alert / issue/ vulnerability and other security issue.

11. Have experience create knowledge base/Playbook/Guideline for investigation process and every SOC process activity.

12. Communicate effectively Customer Existing

13. Knowledge about various tools like SIEM, Packet Analysis, HIPS/NIPS, Service Now Ticketing Toolset Web Security, AV, UBEA, Advanced SOC

IT SOC L1

Job Description:

• Daily Operation.
• Alert Incident Handling.
• Service request & complaint handling.
• Continuous Improvement.
• Audit Security & Compliance.
• Support Regional Event, Configuration Management (Standard Change Deployment).
• Analyse and monitor it security devices (Cortex XSIAM Palo Alto) include EDR, XDR, SOAR, ASM, UBA, TIP, and SIEM.
• Provide solutions and give recommendations to the customer according to their needs.
• Preventive and corrective maintenance.
• Monitoring and collaboration and security device.
• Responsive services.
• Ensure continued smooth operation of the network infrastructure, minimize network downtime users.
• Proactively monitor and analyse network performance to detect and resolve issues.
• Report day to day (Reporting dan Documentation).

Requirement:

• Have min 1-year experience in Cyber Security or at least 1-year of working as a L1 SOC or fresh graduate are welcome.
• Responsible for working in a 24x7 (Shifting).
• Have min security certification
• Have knowledge of Security, endpoint, and Network.
• Have knowledge concept cyber-attacks and techniques, threat vector, risk, and incident management.
• Have knowledge of various operating system like Windows, Linux, Unix, etc.
• Have good attitude.
• Can performed evaluation false positive alert/issue/vulnerability.
• Have good knowledge for develop and improve processes for monitoring and incident.

IT SOC L2

1. Incident Response and Investigation:

• Perform in-depth investigations of security incidents, analysing security alerts, and developing incident reports.
• Analyse security events from various sources, including SIEM (Security Information and Event Management) tools, intrusion detection systems, firewalls, and antivirus software.

2. Threat Detection and Analysis:

• Identify and classify security threats based on their severity and potential impact on the organization.
• Monitor and respond to real-time security alerts, escalating incidents to higher-level analysts or management as necessary.

3. Security Tool Management:

• Manage and fine-tune security monitoring tools to enhance detection capabilities.
• Assist in creating and updating playbooks for incident response and threat hunting.

4. Collaboration and Communication:

• Work with cross-functional teams, including IT, development, and compliance, to ensure a cohesive approach to security.
• Communicate findings, risks, and recommendations to stakeholders clearly and effectively.

5. Documentation and Reporting:

• Maintain detailed documentation of security incidents, responses, and the overall security posture of the organization.
• Contribute to regular security reports and metrics for management reviews.

6. Continuous Improvement:

• Stay updated on the latest cybersecurity trends, threats, and best practices.
• Participate in training and professional development opportunities to enhance skill sets and knowledge.

Requirement:

1. Minimum 2 years of experience in Cyber security/SOC

2. Proficient in Incident Management and Response

3. In-depth knowledge of security concepts such as cyber-attacks and techniques, threat vectors, risk management, incident management etc.

4. Responsible for working in a 24x7 Security Operation Centre (SOC) environment.

5. Provide analysis and trending of security log data from a large number of heterogeneous security devices

6. Analyze and respond to previously undisclosed software and hardware vulnerabilities

7. Investigate, document, and report on information security issues and emerging trends

8. Integrate and share information with other analysts and other teams.

9. Knowledge of various operating system flavors including but not limited to Windows, Linux, Unix.

10. Have experience operation SIEM Dashboard, Use Case and Policy related with alert / issue/ vulnerability and other security issue.

11. Have experience create knowledge base/Playbook/Guideline for investigation process and every SOC process activity.

12. Communicate effectively Customer Existing

13. Knowledge about various tools like SIEM, Packet Analysis, HIPS/NIPS, Service Now Ticketing Toolset Web Security, AV, UBEA, Advanced SOC