- Selangor Malaysia
Working Location
Job Description
Responsibilities
Company Description
Clone & Freemen has been a trusted technology partner for over 28 years, specializing in creating integrated and innovative solutions for B2B leaders. From managed IT and cybersecurity to digital design and IoT systems, the company delivers tailored services through its MSP+ ecosystem. Operating as a full-service partner, Clone & Freemen bridges the gap between maintaining operational stability and driving forward-looking technological innovation. Their mission is to empower businesses with seamless, connected technology solutions that support both current operations and future growth. The company is known for its commitment to accountability and delivering impactful results.
The Role
As a Security Defense Analyst, you are the first line of defense for our security posture, operating in a 7x24 shift environment to ensure continuous monitoring and response. You will monitor security alerts, investigate potential threats, and respond to incidents in our hybrid environment—covering on‑premises systems, cloud infrastructure (AWS/Azure), and endpoints. You will perform initial triage using Sumo Logic as our primary SIEM, escalate confirmed incidents to senior analysts, and execute routine defense tasks such as log reviews, IOC hunts, and playbook-driven responses. You will work closely with the EDR team to correlate endpoint telemetry with broader security events and ensure rapid containment. This role is the foundation of our Security team, offering broad exposure to modern security tools and a clear path to growing into an incident responder or threat hunter.
Shift expectations:
Key Responsibilities
1. Security Monitoring & Alert Triage (24/7)
· Monitor Sumo Logic dashboards, scheduled searches, and real-time alerts continuously during your shift
· Assess severity, validate false positives, and escalate confirmed incidents to L2/L3 analysts (or on-call engineers as needed)
· Document initial findings and alert context for efficient handoff to follow‑on shifts
2. Initial Incident Response
· Perform first‑level investigation of suspected malware, unauthorized access, or policy violations
· Execute predefined response actions (e.g., isolate endpoint, revoke sessions, block IOCs)
· Collaborate with the EDR team (available during core hours or via on call) to validate endpoint alerts and coordinate containment steps
3. Log Review & Threat Hunting Support
· Use Sumo Logic queries to review critical logs (authentication, firewall, cloud audit trails) for suspicious patterns
· During quieter shift periods, assist senior analysts in proactive threat hunting using Sumo Logic’s search and analytics features
· Maintain awareness of emerging threats and apply IOCs to the environment using Sumo Logic threat intelligence sources
4. Cloud Security Support
· Monitor cloud security posture (AWS Security Hub, Azure Defender) for misconfigurations
· Correlate cloud logs ingested into Sumo Logic (e.g., AWS CloudTrail, Azure Audit Logs)
· Assist in investigating cloud‑related alerts and support basic remediation under guidance (escalating to the cloud team if needed)
5. Documentation & Handoff
· Document incident timelines, actions taken, and Sumo Logic queries used for future reference
· Contribute to security runbooks and knowledge base articles for common scenarios
· Maintain detailed shift logs and provide a clear, actionable handoff to the next shift analyst
6. Collaboration & Escalation
· Work closely with the EDR team to correlate SIEM alerts with endpoint telemetry and ensure unified incident response
· Partner with EDR engineers (during alignment hours or via async communication) to fine-tune detection rules
· Communicate clearly with internal stakeholders about security status and required actions, even outside normal business hours
· Participate in team meetings, post‑incident reviews, and knowledge‑sharing sessions (as schedule permits)
Important Information
Never provide your bank or credit card details when applying for jobs. Do not transfer any money or complete unrelated online surveys. If you see something suspicious, Report this Job ad.