Deskripsi pekerjaan SIEM Analyst PT Tricada Intronik
Responsibilities
- Configure, administer, and maintain the SIEM platform to support SOC needs and ensure continuous platform uptime and health.
- Perform regular patching and version upgrades, ensuring the SIEM is up to date with the latest features and security patches.
- Configure and integrate log sources, including on-premises and cloud-based applications, into the SIEM platform using custom parsers, forwarders, and other integration tools.
- Implement and maintain detection capabilities aligned with the latest cybersecurity threats, ensuring that the SIEM is capable of handling evolving attack vectors.
- Support the SOC team with real-time analysis, detection, and alerting through tailored use case creation, monitoring dashboards, and proactive threat hunting.
- Research and implement automation processes through Security Orchestration, Automation, and Response (SOAR) platforms, integrating cloud services into the security ecosystem.
- Support continuous security monitoring and user behavior monitoring for intrusion detection and anomaly detection.
- Collaborate with external security consultants and service providers to ensure comprehensive security across SIEM, PAM, EDR, IDS/IPS, and Web Application Firewall.
- Automate security processes using scripts (e.g., PowerShell, Python, Bash) to reduce manual efforts and improve efficiency within the SOC environment.
- Create, amend, and support complex protective monitoring use cases and advanced queries within the SIEM to enhance threat detection capabilities.
- Provide internal consultancy on SIEM architecture, deployment, and tuning to ensure the platform aligns with enterprise security policies and regulations.
- Troubleshoot and resolve complex SIEM-related issues with vendor support as needed.
- Maintain compliance with regulatory standards (e.g., ISO, NIST, PCI DSS) and advise clients on SIEM and SOC best practices.
Requirements
- Bachelor’s degree in Cybersecurity, Computer Science, Information Technology, Network Security, or related field. Equivalent hands-on experience or relevant certifications may be considered.
- Experience integrating logs from various sources (on-premises and cloud) into SIEM platforms.
- Proven experience as a SIEM Engineer or similar role, with advanced knowledge of SIEM platform architecture, configuration, and operational management.
- Strong understanding of SIEM use cases and experience implementing operational models that align with customer requirements and security best practices.
- Hands-on experience in two or more key security domains, including Security Operations (SIEM, EDR, vulnerability management), Cloud Security, Data Security, Identity and Access Management,
- Familiarity with advanced analytics and threat detection techniques (machine learning, behavioral analysis) for improving SIEM detection capabilities.
- Knowledge of cloud security practices and tools (AWS, Azure) with the ability to integrate and manage logs from cloud-native services into the SIEM.
- Experience with automation and orchestration platforms (SOAR) for enhancing incident response and streamlining SOC workflows.
- Ability to advise clients on security standards, architecture, and SIEM best practices to achieve comprehensive security coverage.
- Excellent troubleshooting skills to resolve complex issues within the SIEM platform.
- SIEM-related certifications (e.g., Splunk Certified Architect, ArcSight Certified Administrator, IBM QRadar SIEM V7.x Deployment) is a plus.





