90 Soc Engineer jobs in Indonesia

Responsibilities

• Mendesain, mengembangkan, dan melakukan tuning detection rules berbasis MITRE ATT&CK dan threat intelligence
• Membangun dan memelihara playbook SOAR untuk automasi respons insiden
• Melakukan integrasi dan korelasi data dari Splunk SIEM, CrowdStrike EDR, dan ExtraHop NDR
• Berkolaborasi dengan SOC analyst L1/L2 untuk validasi alert dan continuous improvement
• Menyusun dokumentasi teknis dan melakukan knowledge sharing ke tim operasional

Minimum Qualifications: Kami mencari seorang Security Engineer berpengalaman untuk memperkuat tim keamanan dalam pengembangan dan tuning detection rules serta orkestrasi respons insiden melalui Splunk SOAR. Posisi ini akan berperan penting dalam meningkatkan efektivitas deteksi dan automasi respons, serta mendukung tim SOC dalam validasi dan perbaikan berkelanjutan.

Requirements

• Minimal 3 tahun pengalaman di SOC, detection engineering, atau SOAR development
• Pengalaman dengan Splunk SIEM dan Splunk SOAR
• Familiar dengan CrowdStrike EDR dan ExtraHop NDR
• Kemampuan scripting (Python, Bash, atau PowerShell) untuk automasi
• Pemahaman kuat terhadap MITRE ATT&CK, TTP mapping, dan threat modeling
• Kemampuan komunikasi teknis dan kolaborasi lintas tim
• Preferred Qualifications
• Sertifikasi relevan seperti GCDA, GCIA, GCIH, Splunk Certified (Power User/Admin/SOAR), CySA+, atau CEH
• Pengalaman membuat detection logic berbasis MITRE ATT&CK secara terstruktur
• Familiar dengan deployment rule dan versioning playbook
• Kontribusi ke komunitas keamanan (blog, GitHub, lab project, atau publikasi teknis)

Focus Solusi Infotama adalah Perusahaan penyedia layanan informasi teknologi terkemuka di Indonesia. Kami membantu pelanggan kami dengan mengoptimalisasi operasional teknologi informasi mereka dan kami membantu menjaga keamanan digital data Perusahaan pelanggan kami dengan memberikan layanan Solusi serta konsultasi dalam layanan digital yang di dukung oleh Beragam Solusi hardware & software yang dioptimalisasi dalam berbagai macam ekosistem dan reaktualisasi teknologi infrastruktur serta sistem keamanan cyber security.

• Manage, maintain, and enhance the SOC technology stack (SIEM, IDS/IPS, EDR, SOAR, etc.).
• Develop and tune detection rules and alerts to identify security threats accurately.
• Lead the investigation and analysis of complex security incidents.
• Develop and execute incident response plans, including containment, eradication, and recovery.
• Perform forensic analysis of security breaches and malware.
• Create and update SOC playbooks, SOPs, and documentation.
• Identify security vulnerabilities and recommend mitigation strategies.
• Automate routine SOC tasks using scripting languages (e.g., Python, PowerShell).
• Stay current with emerging threats, vulnerabilities, and security technologies.
• Collaborate with IT, development, and other teams on security matters.
• Mentor junior SOC analysts and contribute to team development.
• Contribute to security awareness training initiatives.

• Bachelor's degree in Cybersecurity, Computer Science, Information Technology, or a related field, or equivalent practical experience.
• 5+ years of experience in a SOC environment, with at least 2 years in a senior or lead role.
• In-depth knowledge of SIEM platforms (e.g., Splunk, QRadar, ELK Stack).
• Strong understanding of networking protocols, firewalls, and intrusion detection/prevention systems.
• Experience with Endpoint Detection and Response (EDR) tools.
• Proficiency in performing digital forensics and malware analysis.
• Scripting skills in Python or PowerShell for automation.
• Familiarity with cloud security principles (AWS, Azure, GCP).
• Excellent analytical, problem-solving, and critical thinking abilities.
• Strong communication and interpersonal skills, with the ability to work effectively under pressure.
• Relevant certifications such as GCIH, GCIA, CISSP are highly advantageous.

• Design, deploy, and manage SOC tools, including SIEM, IDS/IPS, EDR, and SOAR platforms.
• Develop and refine security monitoring use cases and detection rules.
• Lead incident response efforts, including investigation, containment, eradication, and recovery.
• Create and maintain security playbooks and automated response workflows.
• Analyze security alerts and events, providing timely and accurate threat assessments.
• Mentor and guide junior SOC analysts, fostering skill development.
• Stay updated on the latest cyber threats, vulnerabilities, and attacker TTPs.
• Collaborate with other IT and security teams to improve overall security posture.
• Contribute to security architecture reviews and provide recommendations for enhancement.
• Develop and present reports on SOC performance, key metrics, and incident trends.

• Bachelor's degree in Computer Science, Cybersecurity, Information Technology, or a related field.
• Minimum of 5 years of experience in a SOC environment, with at least 2 years in a senior or lead role.
• In-depth knowledge of SIEM technologies (e.g., Splunk, QRadar, Sentinel).
• Strong understanding of network protocols, operating systems security, and cloud security concepts.
• Experience with scripting languages (e.g., Python, PowerShell) for automation.
• Proficiency in incident response methodologies and forensic analysis techniques.
• Excellent analytical, problem-solving, and critical thinking skills.
• Strong communication and interpersonal skills, with the ability to work effectively in a remote team.
• Relevant certifications such as GSEC, GCIA, GCIH, CISSP are highly desirable.

Kualifikasi:

1. Minimal S1 Teknik Informatika atau Teknik Komputer
2. Minimal pengalaman kerja 3 tahun di bidang Information Security atau IT Networking atau 2 tahun dalam bidang analisa software atau aplikasi
3. Menguasai minimal 3 Teknik Hacking dan mengerti Ethical Hacking
4. Menguasai windows system, linux system, dan IT hardware (Server, Network, LAN, WAN)
5. Memiliki pengalaman dalam prinsip keamanan jaringan dan best practice yang diterapkan
6. Kemampuan untuk dengan cepat mempelajari teknologi dan produk baru

Deskripsi Pekerjaan:

1. Mengatur, mengevaluasi, dan meningkatkan sistem keamanan yang digunakan di Regional & Cabang Utama seperti firewall, kontrol perlindungan data, patching, enkripsi, vulnerability assessment, pen testing, dan sebagainya sesuai dengan kebijakan dan ketentuan yang berlaku
2. Menerapkan kebijakan dan prosedur keamanan di Regional dan Cabang Utama untuk menjaga perusahaan tetap mematuhi standar sistem keamanan yang berlaku saat ini, sehingga perusahaan terhindar dari risiko keuangan dan non-keuangan.
3. Menjaga keamanan seluruh user, sistem, aplikasi, dan jaringan yang memiliki interaksi atau koneksi dengan pihak eksternal, mengimplementasikan standar keamanan yang sama untuk sistem, aplikasi, dan jaringan yang dimiliki perusahaan.
4. Mengatur dan merencanakan jadwal monitoring terhadap semua aktivitas yang terjadi di seluruh user, sistem, aplikasi, atau jaringan JNE.
5. Mengevaluasi risiko vendor, memeriksa kontrak vendor dan terms & condition yang dibuat sehingga bisa sama – sama mengetahui batasan hak dan kewajiban masing - masing, memastikan cost effectiveness kesesuaian dengan budget yang telah ditentukan
6. Menciptakan awareness kepada karyawan dalam rangka menghimbau dan mengingatkan agar karyawan senantiasa menjaga keamanan user, sistem, aplikasi, atau jaringan
7. Mengimplementasikan teknologi paling aman dan terkini terhadap user / sistem / aplikasi / software / hardware
8. Merencanakan dan meningkatkan tugas keamanan jaringan seperti mengelola keamanan host, melakukan konfigurasi firewall, email security, application security, website security, network segmentation, antivirus / anti malware, cloud security, data loss prevention, menghapus dan menambah akses user, restore data, back up data, dan sebagainya sesuai dengan pembagian tugas yang telah ditentukan
9. Berkolaborasi dan berkomunikasi secara berkala dengan pihak – pihak lainnya baik Department di Kantor Pusat / Cabang Utama / Vendor terkait penyelesaian atau penentuan skala prioritas masalah
10. Memberikan arahan dan menyediakan sharing & update knowledge dengan briefing/coaching/counseling/meeting kepada internal departemen untuk menentukan sistem kerja, pencapaian target kerja dan pengembangan kompetensi
11. Mengawasi dan mengatur aktivitas kerja tim yang wajib dituliskan secara berkala dan konsisten dalam bentuk laporan kerja yang telah disepakati, sehingga target yang diberikan dapat tercapai sesuai dengan SLA

Kualifikasi:

1. Minimal S1 Teknik Informatika atau Teknik Komputer
2. Minimal pengalaman kerja 1 tahun di bidang Information Security atau IT Networking atau 2 tahun dalam bidang analisa software atau aplikasi
3. Menguasai minimal 3 Teknik Hacking dan mengerti Ethical Hacking
4. Menguasai windows system, linux system, dan IT hardware (Server, Network, LAN, WAN)
5. Memiliki pengalaman dalam prinsip keamanan jaringan dan best practice yang diterapkan
6. Kemampuan untuk dengan cepat mempelajari teknologi dan produk baru

Deskripsi Pekerjaan:

1. Mengatur, mengevaluasi, dan meningkatkan sistem keamanan yang digunakan di Regional & Cabang Utama seperti firewall, kontrol perlindungan data, patching, enkripsi, vulnerability assessment, pen testing, dan sebagainya sesuai dengan kebijakan dan ketentuan yang berlaku
2. Menerapkan kebijakan dan prosedur keamanan di Regional dan Cabang Utama untuk menjaga perusahaan tetap mematuhi standar sistem keamanan yang berlaku saat ini, sehingga perusahaan terhindar dari risiko keuangan dan non-keuangan.
3. Menjaga keamanan seluruh user, sistem, aplikasi, dan jaringan yang memiliki interaksi atau koneksi dengan pihak eksternal, mengimplementasikan standar keamanan yang sama untuk sistem, aplikasi, dan jaringan yang dimiliki perusahaan.
4. Mengatur dan merencanakan jadwal monitoring terhadap semua aktivitas yang terjadi di seluruh user, sistem, aplikasi, atau jaringan JNE.
5. Mengevaluasi risiko vendor, memeriksa kontrak vendor dan terms & condition yang dibuat sehingga bisa sama – sama mengetahui batasan hak dan kewajiban masing - masing, memastikan cost effectiveness kesesuaian dengan budget yang telah ditentukan
6. Menciptakan awareness kepada karyawan dalam rangka menghimbau dan mengingatkan agar karyawan senantiasa menjaga keamanan user, sistem, aplikasi, atau jaringan
7. Mengimplementasikan teknologi paling aman dan terkini terhadap user / sistem / aplikasi / software / hardware
8. Merencanakan dan meningkatkan tugas keamanan jaringan seperti mengelola keamanan host, melakukan konfigurasi firewall, email security, application security, website security, network segmentation, antivirus / anti malware, cloud security, data loss prevention, menghapus dan menambah akses user, restore data, back up data, dan sebagainya sesuai dengan pembagian tugas yang telah ditentukan
9. Berkolaborasi dan berkomunikasi secara berkala dengan pihak – pihak lainnya baik Department di Kantor Pusat / Cabang Utama / Vendor terkait penyelesaian atau penentuan skala prioritas masalah
10. Memberikan arahan dan menyediakan 
    sharing & update knowledge
     dengan 
    briefing/coaching/counseling/meeting
    kepada internal departemen untuk menentukan sistem kerja, pencapaian target kerja dan pengembangan kompetensi
11. Mengawasi dan mengatur aktivitas kerja tim yang wajib dituliskan secara berkala dan konsisten dalam bentuk laporan kerja yang telah disepakati, sehingga target yang diberikan dapat tercapai sesuai dengan SLA

Nice to Meet You We are Dropsuite, a NinjaOne Company

We are seeking a Security Observability Engineer to join our Security team to monitor and protect our systems and applications. In this role, you will be responsible for safeguarding Dropsuite's cloud and private infrastructure by actively monitoring security events, detecting potential threats, and performing surveillance of our computer systems, applications, networks, and security controls.

This role involves continuously monitoring security alerts, identifying and analysing suspicious activities, and responding in the capacity of a Level 1 SOC engineer. You will be responsible for the timely triage and escalation of security incidents, threats, and vulnerabilities to ensure rapid containment and resolution.

Work Arrangement

• Full-time position
• Onsite work model (5 days per week in the office)
• Monday to Friday, 5-day work week
• Eligible to reside and work in Bandung (Indonesian citizenship only)

This position is open exclusively to candidates who reside in and are authorised to work in
Indonesia.
Only shortlisted candidates will be contacted.

Key Accountabilities

• Monitor security alerts, events, and logs from multiple sources (SIEM, IDS/IPS, EDR, cloud security tools, firewalls, etc.) for potential security threats or anomalous activity.
• Perform first-level triage of security alerts, classify incidents based on severity and criticality, and escalate to engineers of relevant departments as needed.
• Investigate suspicious activities, malware detections, phishing attempts, data loss alerts, or account compromise indicators.
• Execute standard operating procedures (SOPs) for incident response, containment, and remediation at the L1 level.
• Create, update, and track incident tickets to closure, ensuring timely communication with stakeholders and compliance with defined SLAs.
• Collaborate with IT, engineering, and security teams to validate alerts, mitigate risks, and enforce security controls.
• Conduct daily health checks of security monitoring systems and tools to ensure data is collected and processed accurately.
• Assist with vulnerability triage by reviewing scan results and escalating to appropriate teams for remediation.
• Generate and deliver reports on security incidents, trends, and SOC metrics for management review.
• Stay current with emerging cybersecurity threats, tactics, techniques, and procedures (TTPs) through ongoing research and training.
• Contribute to improving SOC workflows, runbooks, and detection use cases for greater operational efficiency.
• Support awareness efforts by documenting and sharing lessons learned from incidents.

Qualifications and Competencies

• Diploma or Degree in Computer Science, Cybersecurity, or a related field.
• Minimum 2 years of experience in IT support, SOC, or related security operations environment.
• Familiarity with SIEM platforms (e.g., Splunk, Sentinel, Chronicle, etc) and security monitoring tools (e.g., EDR, IDS/IPS, DLP, CASB, CNAPP, CSPM, etc).
• Basic understanding of networking concepts, firewalls, cloud infrastructure (AWS/GCP), and endpoint security.
• Strong problem-solving, analytical, and investigative skills.
• Ability to differentiate between false positives and true security incidents.
• Knowledge of common attack vectors, MITRE ATT&CK framework, and incident response best practices.
• Strong sense of accountability and urgency in responding to security threats.
• Ability to work on rotational shifts and flexible hours, including nights and weekends.
• Clear communicator, confident, self-sufficient, and disciplined in following processes.
• Knowledge of scripting or automation (Python, PowerShell, etc.) is a plus.
• Security certifications such as CompTIA Security+, CySA+, CC, or equivalent are advantageous.
• Open and candid in discussing security incidents, potential improvements, and solutions.
• A passion for cybersecurity, continuous learning, and adopting SOC/SIEM best practices.

Why Join Us

At Dropsuite, now proudly part of NinjaOne, we are on a mission to safeguard business information and help businesses stay in business. We are a global, fast-growing, partner-centric company building secure, scalable, and highly usable cloud backup technologies for businesses of all sizes. Today, we perform billions of backups daily for organizations across more than 100 countries.

As we enter an exciting new chapter with NinjaOne—a leader in endpoint management, security, and IT automation—our combined strengths enable us to drive even greater impact, innovation, and global scale. Together, we are building a world-class platform that empowers IT teams with simplicity, performance, and reliability.

At our core, we are a team of hungry owners: we are tenacious in our pursuit of excellence and take full ownership in everything we do. We are deeply customer-focused, collaborative, and solutions-driven. We play as a team—respecting, supporting, and elevating one another every step of the way.

Join us as we shape the future of IT and data protection—powered by passion, purpose, and the spirit of ownership.

Rewards That Go Beyond

• Competitive compensation
• Health insurance for you and your dependents
• Social Security (BPJS Ketenagakerjaan)
• Hybrid work model
• 12 Days of Annual Leave
• Entitled to Indonesia Public Holidays
• Other leave benefits, such as Wedding leave
• Free lunches in office
• Growth opportunities
• Work in a global company with meaningful work, highly skilled colleagues and an amazing culture

Diversity and Inclusion Statement

Dropsuite is an Equal Employment Opportunity and Affirmative Action Employer. Qualified applicants will receive consideration for employment without regard to race, colour, religion, sex, sexual orientation, gender perception or identity, national origin, age, marital status, protected veteran status, or disability status.

As part of our recruitment process, we may collect personal data to support hiring-related activities such as screening, assessment, and communication. This information is collected solely for recruitment purposes and handled in accordance with applicable data protection and privacy regulations. Your data will be treated with strict confidentiality and used only to facilitate your application with us.

Your Career Growth Starts Here. Apply Now

We are seeking a Security Observability Engineer to join our Security team to monitor and protect our systems and applications. In this role, you will be responsible for safeguarding Dropsuite's cloud and private infrastructure by actively monitoring security events, detecting potential threats, and performing surveillance of our computer systems, applications, networks, and security controls.

This role involves continuously monitoring security alerts, identifying and analysing suspicious activities, and responding in the capacity of a Level 1 SOC engineer. You will be responsible for the timely triage and escalation of security incidents, threats, and vulnerabilities to ensure rapid containment and resolution.

Work Arrangement

• Full-time position

• Onsite work model ( 5 days per week in the office)

• Monday to Friday, 5-day work week

Eligible to reside and work in Bandung (Indonesian citizenship only)

This position is open exclusively to candidates who reside in and are authorised to work in Indonesia. Only shortlisted candidates will be contacted.

Key Accountabilities

• Monitor security alerts, events, and logs from multiple sources (SIEM, IDS/IPS, EDR, cloud security tools, firewalls, etc.) for potential security threats or anomalous activity.

• Perform first-level triage of security alerts, classify incidents based on severity and criticality, and escalate to engineers of relevant departments as needed.

• Investigate suspicious activities, malware detections, phishing attempts, data loss alerts, or account compromise indicators.

• Execute standard operating procedures (SOPs) for incident response, containment, and remediation at the L1 level.

• Create, update, and track incident tickets to closure, ensuring timely communication with stakeholders and compliance with defined SLAs.

• Collaborate with IT , engineering, and security teams to v alidate

alerts, mitigate risks, and enforce security controls.

• Conduct daily health checks of security monitoring systems and tools to ensure data is collected and processed accurately.

• Assist with vulnerability triage by reviewing scan results and escalating to appropriate teams for remediation.

• Generate and deliver reports on security incidents, trends, and SOC metrics for management review.

• Stay current with emerging cybersecurity threats, tactics, techniques, and procedures (TTPs) through ongoing research and training.

• Contribute to improving SOC workflows, runbooks, and detection use cases for greater operational efficiency.

Support awareness efforts by documenting and sharing lessons learned from incidents.

Qualifications and Competencies

• Diploma or Degree in Computer Science, Cybersecurity, or a related field.

• Minimum 2 years of experience in IT support, SOC, or related security operations environment.

• Familiarity with SIEM platforms (e.g., Splunk, Sentinel, Chronicle, etc) and security monitoring tools (e.g., EDR, IDS/IPS, DLP, CASB, CNAPP, CSPM, etc)).

• Basic understanding of networking concepts, firewalls, cloud infrastructure (AWS/GCP), and endpoint security.

• Strong problem-solving, analytical, and investigative skills.

• Ability to differentiate between false positives and true security incidents.

• Knowledge of common attack vectors, MITRE ATT&CK framework, and incident response best practices.

• Strong sense of accountability and urgency in responding to security threats.

• Ability to work on rotational shifts and flexible hours, including nights and weekends.

• Clear communicator, confident, self-sufficient, and disciplined in following processes.

• Knowledge of scripting or automation (Python, PowerShell, etc.) is a plus.

• Security certifications such as CompTIA Security+, CySA +, CC, or equivalent are advantageous .

• Open and candid in discussing security incidents, potential improvements, and solutions.

A passion for cybersecurity, continuous learning, and adopting SOC/SIEM best practices.

Why Join Us

At Dropsuite , now proudly part of NinjaOne , we are on a mission to safeguard business information and help businesses stay in business. We are a global, fast-growing, partner-centric company building secure, scalable, and highly usable cloud backup technologies for businesses of all sizes. Today, we perform billions of backups daily for organizations across more than 100 countries.

As we enter an exciting new chapter with NinjaOne —a leader in endpoint management, security, and IT automation—our combined strengths enable us to drive even greater impact, innovation, and global scale. Together, we are building a world-class platform that empowers IT teams with simplicity, performance, and reliability.

At our core, we are a team of hungry owners: we are tenacious in our pursuit of excellence and take full ownership in everything we do. We are deeply customer-focused, collaborative, and solutions-driven. We play as a team—respecting, supporting, and elevating one another every step of the way.

Join us as we shape the future of IT and data protection—powered by passion, purpose, and the spirit of ownership.

Rewards That Go Beyond

• Competitive compensation

• Health insurance for you and your dependents

• Social Security (BPJS Ketenagakerjaan )

• Hybrid work model

• 12 Days of Annual Leave

• Entitled to Indonesia Public Holidays

• Other leave benefits, such as Wedding leave

• Free lunches in office

• Growth opportunities

Work in a global company with meaningful work, highly skilled colleagues and an amazing culture

Diversity and Inclusion Statement

Dropsuite is an Equal Employment Opportunity and Affirmative Action Employer. Qualified applicants will receive consideration for employment without regard to race, colour, religion, sex, sexual orientation, gender perception or identity, national origin, age, marital status, protected veteran status, or disability status.

As part of our recruitment process, we may collect personal data to support hiring-related activities such as screening, assessment, and communication. This information is collected solely for recruitment purposes and handled in accordance with applicable data protection and privacy regulations. Your data will be treated with strict confidentiality and used only to facilitate your application with us.

Your Career Growth Starts Here. Apply Now