Job Description

To serve as "The Watchtower" for Ajaib’s global infrastructure. You will be responsible for ensuring infrastructure integrity across GCP, AWS, and On-Prem environments while owning the end-to-end detection and response lifecycle. Your mission is to transition from manual "eyes on glass" monitoring to a high-velocity, automated operating model that protects customer trust and company IP at scale.

Responsibilities

1. Detection & Incident Response (The Watchtower)

• Monitoring & Triage: Lead 24x7 monitoring and triage of security alerts across SIEM (Wazuh), EDR (CrowdStrike),DLP and cloud environments.
• Incident Lifecycle: Lead detection, triage, containment, and post-incident reviews for infrastructure and cloud-layer security events.
• Core Metric Ownership: Drive the reduction of Mean Time to Detect (MTTD) through improved correlation and automated alerting.
• Threat Hunting: Perform proactive threat hunting using MITRE ATT&CK techniques to identify advanced threats before they impact production.

2. Infrastructure Integrity & Automation (The Paved Road)

• Infrastructure-as-Code (IaC) Guardrails: Implement and monitor IaC guardrails with automated drift detection to prevent misconfigurations in GCP/AWS.
• Standardized Golden Images: Partner with engineering to deploy immutable infrastructure through standardized "Golden Images" to eliminate manual server hardening.
• SOAR & Response Playbooks: Build and manage automated SOAR (Security Orchestration, Automation, and Response) playbooks to reduce Mean Time to Respond (MTTR) and ensure instant containment of threats.
• Inventory Discovery: Implement automated inventory discovery to ensure "if it isn't tagged, it doesn't run" within cloud environments.
• DLP Governance.

3. Platform & Tooling Management

• EDR Administration: Fine-tune and manage CrowdStrike Falcon (Managed Service) and oversee the decommissioning of legacy EDR solutions (Symantec).
• WAF Optimization: Manage and optimize Cloudflare WAF rules to protect application layers against DDoS and web attacks.
• Teleport Governance: Manage secure infrastructure access through Teleport, moving away from legacy SSH/VPN access toward a Zero-Trust identity anchor.

4. Fintech & Crypto Specifics

• Asset Monitoring: Monitor for threats targeting hot/cold storage systems and exchange infrastructure.
• Identity Integrity: Enforce the "Identity Anchor" by ensuring all infrastructure access is anchored to the corporate IDP (Google Workspace/JumpCloud).

Requirements

• Experience: 3+ years in a SOC or Security Operations environment, preferably within Fintech or Digital Banking
• SIEM/Logging: Proficiency in Wazuh (log ingestion, correlation, and dashboards) or any other SIEM tool and Google SCC.
• EDR/WAF: Hands-on experience managing CrowdStrike Falcon and Cloudflare WAF.
• Cloud Security: Practical experience with GCP or AWS security monitoring and IAM.
• Incident Response: Mastery of the full incident lifecycle (Triage, Containment, Eradication, Lessons Learned).
• Scripting: Proficiency in Python or Bash for automating response playbooks and custom security checks.
• IaC Security: Basic knowledge of GCP or AWS for monitoring infrastructure drift.
• Frameworks: Familiarity with MITRE ATT&CK.
• Crypto Security: Basic understanding of blockchain fundamentals, wallet security, and DeFi-specific threats (e.g., flash loans, exchange exploits).
• JumpCloud Integration: Experience integrating JumpCloud with infrastructure tools to enforce the "Kill Switch" during offboarding.

Benefits

Join us as we make magic happen to increase Indonesia’s financial inclusion!