• Design, deploy, and fine-tune SIEM solutions such as IBM QRadar, Splunk, Wazuh, ArcSight, and Elastic SIEM.
• Manage log ingestion pipelines, develop correlation rules, and continuously optimize alerting mechanisms.
• Lead and coordinate incident response activities based on industry frameworks (MITRE ATT&CK, NIST IR, Cyber Kill Chain).
• Integrate and operationalize threat intelligence feeds to enhance detection and response capabilities.
• Conduct threat hunting to identify and mitigate advanced persistent threats.
• Develop automation workflows using Python, PowerShell, or Bash to streamline security operations.
• Operate and manage SOAR platforms such as Cortex XSOAR, Splunk Phantom, or IBM Resilient.
• Perform digital forensics, memory analysis, and root cause investigation of complex security incidents.
• Collaborate with IT and SOC teams to implement effective mitigation strategies and security improvements.
• Create and maintain comprehensive technical documentation, playbooks, and reports.
• Mentor and provide guidance to Tier 1 and Tier 2 SOC Analysts.
• Stay current with emerging security trends, threats, and technologies through continuous learning.

Kualifikasi

• Bachelor's degree of Computer Science or related field
• +4 years of experience in SOC with a focus on SIEM Engineering and Incident Response.
• Expertise in SIEM solutions (IBM QRadar, Splunk, Wazuh, ArcSight, Elastic SIEM, etc.).
• Experience in log ingestion management, correlation rule development, and SIEM fine-tuning.
• Strong knowledge of threat intelligence integration and threat hunting.
• Proficiency in Python, PowerShell, or Bash for automation & scripting.
• Familiarity with MITRE ATT&CK, Cyber Kill Chain, and NIST Incident Response Framework.
• Hands-on experience with SOAR platforms (Cortex XSOAR, Splunk Phantom, IBM Resilient).
• Experience in digital forensics and memory analysis.
• Strong analytical and troubleshooting skills for security incidents and SIEM optimization.
• Ability to develop effective mitigation strategies for advanced cyber threats.
• Excellent communication and collaboration skills with SOC teams and IT staff.
• Ability to train and mentor SOC Analysts (Tier 1 & Tier 2).
• Strong technical documentation skills.
• Preferred certifications: GCIA, GSOC, GCIH, Splunk Architect, IBM QRadar, CISSP, CEH.
• Commitment to continuous learning and staying updated on cybersecurity trends.

Link: https://dealls.com/loker/cyber-security-engineer-6~pt-bumi-amartha-teknologi-mandiri