Security Operations & Automation

I build security that defends itself.

SOC analyst and automation engineer in Jakarta. I wire XDR, SIEM, and threat intelligence into self-driving incident response.

Currently: Security Operations Associate Analyst at PT. Bank Sinarmas

n8n / Splunk / Wazuh / Cynet XDR / Recorded Future / Zscaler / Python

Three disciplines,
one connected practice.

Cybersecurity

Blue-team work end to end: threat analysis, detection tuning, and incident handling across XDR, SIEM, VPN, and endpoint fleets for a national bank. Certified Blue Team Practitioner.

  • Threat analysis
  • Detection engineering
  • Incident response
  • IAM / LDAP

Automation

n8n pipelines and Python middleware that block malicious IPs, close confirmed alerts, and page analysts on Telegram before a human opens a dashboard.

  • n8n
  • Python
  • REST APIs
  • Telegram bots

IoT Engineering

Connected hardware from sensor to dashboard. My university project PATRIOT automated an entire broiler farm and was covered by regional press.

  • ESP-8266
  • Raspberry Pi
  • MQTT
  • Arduino

Experience

  1. Feb 2025 - Present PT. Bank Sinarmas, Central Jakarta

    Security Operations Associate Analyst

    Deployed an automated threat response system in n8n that instantly blocks malicious IPs and domains across XDR, VPN, and firewall platforms. Hardened endpoints with Zscaler strict enforcement, automated LDAP account lifecycle, and tuned XDR detections to cut false positives for the SOC.

  2. Nov 2024 - Jan 2025 PT. Alto Network, South Jakarta

    Cyber Threat Intelligence Associate

    Ran threat intelligence on Recorded Future and engineered its API into the alert pipeline, adding reputation checks for hashes, IPs, and URLs. Produced security advisories that put actionable intel in front of stakeholders.

  3. Jul 2023 - Nov 2024 PT. Alto Network, South Jakarta

    Security Operations Center Analyst

    Handled SIEM incidents around the clock and built the tooling to do it faster: Cynet 360 AutoXDR response, a Wazuh deployment with active response, and Splunk integrations that pushed every critical alert straight to Telegram.

Featured projects

SOC Automation Suite

Incident response,
answered from a chat window.

A Python and n8n pipeline connecting Cynet XDR, Splunk, AbuseIPDB, and Recorded Future to Telegram. Alerts arrive enriched with IP and hash reputation. Analysts close alerts or delete infected files with a single command, on call, from anywhere, at any hour.

  • Real-time alert forwarding with threat-intel enrichment
  • Close alerts and quarantine files directly from Telegram
  • 24/7 on-call flow built on the Splunk API
Cynet XDR Splunk SIEM
Python + n8n AbuseIPDB + Recorded Future
Telegram close alert / delete file

Bot commands the team uses daily

  • /check_ipAbuseIPDB reputation
  • /rf_check_ipRecorded Future IP intel
  • /check_hashRecorded Future hash intel
  • /cve_checkRecorded Future CVE intel
  • /check_sslStatusCake SSL check

PATRIOT, IoT Farm System

A chicken farm that
runs itself.

My Computer Engineering capstone: an MQTT-based system that feeds broiler chickens automatically by age and growth stage while streaming cage temperature, humidity, and ammonia levels to the farmer's phone. Covered by East Java's communications agency and regional news.

  • Age-tracked automatic feed scheduling, no manual intervention
  • Live environmental monitoring from a mobile dashboard
  • Built on ESP-8266, Raspberry Pi, and MQTT
Temperature 31.4°C kept in brooding range
Humidity 64% streamed over MQTT
Ammonia 12 ppm alert on threshold
Feeding Day 18 schedule follows age

More automation running in production

n8n workflow: confirmed IOCs split into IP and domain branches, pushed to Palo Alto Panorama, then committed

XDR to Palo Alto Panorama

Scheduled pipeline that reads confirmed IOCs, separates IPs from domains, pushes them into firewall block groups through the Panorama API, then commits the config and writes every block back to a daily ledger.

n8n workflow: XDR and Tipping Point alerts merged and pushed to Zscaler

XDR to Zscaler

Mirrors the same confirmed IOCs into Zscaler so blocks follow users off-network, with duplicate detection before every push.

n8n workflow: alert hostnames matched against the EDR fleet and triage acquisitions fired automatically

EDR fleet triage

Matches alert hostnames against the whole endpoint fleet, fires forensic triage acquisitions on affected machines, and records completion status without an analyst touching the console.

n8n workflow: LDAP query of a Zscaler security group, excluding disabled accounts, exported to a spreadsheet

Active Directory lifecycle

Automated LDAP account lifecycle management: queries Active Directory OUs and security groups, excludes disabled accounts, and exports a clean membership audit for IAM review.

Let's work
together.

Open to security automation projects, SOC consulting, and IoT builds.