Job Summary:
The role is part of our Global SOC team, tasked to deliver Managed Security Services (MSS) and help customers achieve their business goals & objectives by re-imagining cybersecurity as one of its business enablers. The role reports to SOC vertical based in Singapore.
Job Responsibilities:
• Actively research and stay updated with latest and new cyberattacks, TTPs, threat attackers, vulnerabilities and based on it perform proactive threat hunting in customer environments.
• Understand customer environments to develop use cases based on industry, targeted attacks, vulnerabilities, attack vector, threat landscape, TTPs etc., for the scope of monitoring.
• Develop identification and documentation of Indicators of Compromise (IOCs).
• Ability to perform malware reverse engineering on the detected malware file to investigate and identify its potential entry points.
• Perform forensic analysis and investigations leveraging SOC solutions and provide evidence in case of breaches. • Handle security incidents tickets escalated by Level II team, and draft security incident report covering the root cause, forensic evidence, and recommended mitigation plans.
• Escalate complex incidents to higher-level teams, ensuring proper documentation and reporting.
• Strong understanding of MITRE ATT&CK framework, and ability to operationalize it for day-day SecOps activities, to develop tactics, techniques, procedures (TTPs) for security analysis and threat hunting. Collaborate with other security teams to enhance the detection and mitigation of emerging threats.
• Perform SIEM/EDR rule fine-tuning to minimize false positive alerts and enhance detection accuracy for MSS SOC.
• Review 3rd party threat intel feeds and integrate them into MSS platforms to provide value to our customers.
• Identify gaps in existing SOC process and work with team members or other departments to create, modify standard operating procedures, to automate any mundane daily operational activities, ensuring Ops are run efficiently.
• Provide guidance and mentoring to junior SOC analysts, supporting their growth and knowledge development. Enable regional security analysts to deliver seamless support locally by developing SOC playbooks, relevant and sufficient Knowledge base.
• Lead regional security analysts in handling incidents, customer escalations and requests, SLA (Service Level Agreement) requirements.
• Stay updated on the latest security trends, vulnerabilities, and attack techniques to improve incident response capabilities.
Required Qualifications:
• Candidate should have at least 8-10 years of working experience in SOC and MSS environments,
• Bachelor's degree in computer engineering, Computer Science, Cyber Security, Information Security, or other equivalents.
• Excellent hands-on experience in implementations, incident analysis of IBM QRadar, Azure Sentinel SIEM (Security Information and Event Management) & Devo technologies.
• Hands on experience on any Endpoint Protection (EPP) or Endpoint Detection Response (EDR) technologies. Preferred if CrowdStrike, Microsoft Defender.
• Hands on experience on SOAR (Security Orchestration, Automation, and Response) technologies.
• Experience in malware analysis for Windows and Linux/Mac.
• Exposure to firewall technologies such as Cisco, Palo Alto, Checkpoint, Fortinet.
• Good understanding of WIN, LINUX environments and well versed with basic LINUX commands and troubleshooting, with proven Unix (Solaris, Linux, BSD (Bumi Serpong Damai)) experience.
• Knowledge of any shell scripting language and applying it to automate mundane operations tasks
• Knowledge of current cyber threats, attack vectors, vulnerabilities, and threat intelligence feeds.
• Ability to work effectively in a team environment, collaborate cross-functionally, and mentor junior analysts
• Candidate should have at least one SANS certification. Preferred if that is GCIH
• Good understanding of basic network concepts and advantages of exposure to cloud technologies.
• Lateral thinking combined with excellent troubleshooting skills, preferably with experience following ITIL (Information Technology Infrastructure Library) standards
• Excellent English communication skills (verbal and written) combined with professional telephone manner.
• Lead team of security analysts, develop SOC standard operating procedures and develop Threat Intel feeds such as MISP.
Good To Have:
• Advantage if have hands on experience in performing vulnerability assessments and presenting to customer business teams
• Familiarity with threat hunting techniques and proactive security measures.
• Expertise in network security technologies such as firewalls, IDS/IPS, and VPNs.
• Strong understanding of cyberattack tactics, techniques, and procedures (TTPs), including familiarity with frameworks like MITRE ATT&CK.
• Experience with cloud security platforms (e.g., AWS, Azure, Google Cloud).
• Knowledge of compliance standards and frameworks (e.g., GDPR, NIST, PCI-DSS).
• Strong troubleshooting skills with the ability to analyze and resolve complex security incidents.
• Experience in Forensics and Incident Response, penetration testing and report drafting
• Advanced knowledge of SIEM tools (e.g., QRadar, Splunk) and threat intelligence platforms.
• Familiarity with scripting languages (e.g., Python, PowerShell) for automation and incident response.
• Multilingual proficiency (e.g., Mandarin, Cantonese, Bahasa Malayu) for effective communication in global environments.
