To serve as The Watchtower for Ajaib's global infrastructure. You will be responsible for ensuring infrastructure integrity across GCP, AWS, and On-Prem environments while owning the end-to-end detection and response lifecycle. Your mission is to transition from manual eyes on glass monitoring to a high-velocity, automated operating model that protects customer trust and company IP at scale.
Responsibilities
- Detection & Incident Response (The Watchtower)
- Monitoring & Triage: Lead 24x7 monitoring and triage of security alerts across SIEM (Wazuh), EDR (CrowdStrike),DLP and cloud environments
- Incident Lifecycle: Lead detection, triage, containment, and post-incident reviews for infrastructure and cloud-layer security events
- Core Metric Ownership: Drive the reduction of Mean Time to Detect (MTTD) through improved correlation and automated alerting
- Threat Hunting: Perform proactive threat hunting using MITRE ATT&CK techniques to identify advanced threats before they impact production
- Infrastructure Integrity & Automation (The Paved Road)
- Infrastructure-as-Code (IaC) Guardrails: Implement and monitor IaC guardrails with automated drift detection to prevent misconfigurations in GCP/AWS
- Standardized Golden Images: Partner with engineering to deploy immutable infrastructure through standardized Golden Images to eliminate manual server hardening
- SOAR & Response Playbooks: Build and manage automated SOAR (Security Orchestration, Automation, and Response) playbooks to reduce Mean Time to Respond (MTTR) and ensure instant containment of threats
- Inventory Discovery: Implement automated inventory discovery to ensure if it isn't tagged, it doesn't run within cloud environments
- DLP Governance
- Platform & Tooling Management
- EDR Administration: Fine-tune and manage CrowdStrike Falcon (Managed Service) and oversee the decommissioning of legacy EDR solutions (Symantec)
- WAF Optimization: Manage and optimize Cloudflare WAF rules to protect application layers against DDoS and web attacks
- Teleport Governance: Manage secure infrastructure access through Teleport, moving away from legacy SSH/VPN access toward a Zero-Trust identity anchor
- Fintech & Crypto Specifics
- Asset Monitoring: Monitor for threats targeting hot/cold storage systems and exchange infrastructure
- Identity Integrity: Enforce the Identity Anchor by ensuring all infrastructure access is anchored to the corporate IDP (Google Workspace/JumpCloud)
Requirements
- Experience: 3+ years in a SOC or Security Operations environment, preferably within Fintech or Digital Banking
- SIEM/Logging: Proficiency in Wazuh (log ingestion, correlation, and dashboards) or any other SIEM tool and Google SCC
- EDR/WAF: Hands-on experience managing CrowdStrike Falcon and Cloudflare WAF
- Cloud Security: Practical experience with GCP or AWS security monitoring and IAM
- Incident Response: Mastery of the full incident lifecycle (Triage, Containment, Eradication, Lessons Learned)
- Scripting: Proficiency in Python or Bash for automating response playbooks and custom security checks
- IaC Security: Basic knowledge of GCP or AWS for monitoring infrastructure drift
- Frameworks: Familiarity with MITRE ATT&CK
- Crypto Security: Basic understanding of blockchain fundamentals, wallet security, and DeFi-specific threats (e.g., flash loans, exchange exploits)
- JumpCloud Integration: Experience integrating JumpCloud with infrastructure tools to enforce the Kill Switch during offboarding
Benefits
Join us as we make magic happen to increase Indonesia's financial inclusion!
