SecurXcess technical defense team operates directly on customer sites, monitoring and responding to network threats to ensure resilient and secure infrastructures.

Requirements:

-Bachelor’s degree in Information Technology or a related field.
-Based in Medan (onsite assignment).
-Minimum 1 year of experience as a Security Engineer or related role.
-Strong understanding of TCP/IP and common application protocols (DNS, HTTP/S, SMB, DHCP).
-Hands-on experience with network analysis tools such as Wireshark or tcpdump.
-Familiarity with open-source tools (Zeek, Suricata) or commercial NDR platforms (Vectra, Darktrace, ExtraHop, etc.).
-Proficiency in Linux command-line operations.
-Basic scripting skills in Python or Bash for automation and log analysis.
-Knowledge of the MITRE ATT&CK framework, IDS/IPS, and firewall architecture.
-Understanding of NDR and SIEM operations.

Job Description:

-Monitor and analyze dashboards and alerts generated by the NDR platform in real time.
-Investigate network anomalies and security alerts to determine real incidents versus false positives.
-Conduct deep packet inspection (PCAP analysis) to identify attack behaviors such as lateral movement, C2 communication, or data exfiltration.
-Act as the primary technical responder for network-based incidents and collaborate closely with SOC and IR teams.
-Support containment and remediation efforts by isolating affected systems and blocking malicious traffic.
-Provide critical network forensics data to support post-incident investigations.
-Adjust and escalate NDR detection rules to reduce false positives and improve detection accuracy.
-Develop and escalate custom detection rules based on emerging threats, vulnerabilities (CVEs), and attacker TTPs.