Traveloka is a technology company based in Jakarta, Indonesia. Founded in 2012 by ex-Silicon Valley engineers and aims to revolutionize human mobility with technology. Today Traveloka is expanding its reach by operating in 7 countries and experimenting with new endeavors that will create large impact in the markets and industries we touch.
The Sr. Threat Detection and Response Engineer will serve as a technical expert and will work closely with the security lead to enhance and help us mature our detection capabilities and other relevant SOC process across the entire Traveloka environment . The Engineer will be responsible for building, testing, and implementing security alerts as well as help us pick the best solutions to nascent problems. Successful candidates will possess a blend of general business, technology and security competencies.
* Develop and mature detection rules across various platforms and business units to improve our overall detection capabilities
* Create automated processes and workflows to reduce the improve detection and mitigation SLAs
* Provide situational awareness on the current threat landscape and the techniques, tactics and procedures associated with specific threats.
* Investigate security incidents and events, using SIEM and other tools; collect evidence and work across teams to isolate and/or remediate as necessary.
* Help respond to high severity security events in alignment with junior members as needed.
* Proactively collect, assess, and communicate information security intelligence to reduce the firm's risk exposure and better position the firm to prepare for potential security threats.
* Keep abreast of current security threats, events, technologies, vendors and other aspects of the cyber threat landscape. Propose changes or enhancements to our security posture where appropriate.
* Participate in projects in multiple areas and provide technical expertise and guidance on Information Security issues.
* Help us pick the best solutions to nascent problems - vendors, processes, training, etc. You will use your expertise to shape the future of the team.
* Assist with the development of technical policies and procedures
* Assist in defining and executing security projects
* Provide On-Call Support for emergency or high severity issues.
● At least 7-8 years of IT industry experience in a security role ( 3-4 years in Security Operations analyst and/or Incident Response ) improving SOC processes and work-flow related to security operations
● Strong, proven track record of delivering results in fast-paced, resource-scarce environments. Assume your favorite tool is not available but that you have the chance to learn a new one.
● Threat Detection and Incident Response experience - experience conducting IR in cloud environments, experience with multiple security tools/systems/logs Opensource preferably (network, EDR, WAF, OS etc.), working knowledge of frameworks such as ATT&CK and kill-chain and strong communication skills.
● Cloud expertise - be able to stand toe to toe with our IT and infrastructure teams while bringing an investigator’s mindset to the mix.
● Relevant industry certifications - OSCP, OSCE, SANS GCIH, GMON, GCIA, security certs for cloud providers (AWS, GCP).
● Ability to handle stress effectively and maintain strong output during an incident
● Development - Proficient in using languages like Python and Go to automate tasks and process large amounts of messy data.
● Platforms: Developing security rules in a SIEM platform, workflows in a SOAR platform and working knowledge of cloud platforms.
● Ability to build lasting relationships with partner teams and stakeholders.
● Strong written and oral communication skills, including the ability to interact directly with customers that do not have an IT background and/or upper management.