Responsibilities
- Monitor client environments using SIEM platforms to detect, triage, and respond to cybersecurity threats in accordance with agreed SOPs and industry best practices
- Analyse and investigate security alerts escalated from client teams, MSSPs, and internal systems; lead or support incident response through to closure
- Triage alerts from the SIEM to identify notable alerts for escalation, based on established operating procedures or industry best practices
- Advise clients on possible follow-up actions and remediation measures for escalated alerts
- Respond to incidents and critical alerts outside of office hours when required
- Perform indicator of compromise (IOC) searches and triage incoming threat intelligence to assess relevance to client assets
- Gather and report on threat intelligence using the client's Threat Intelligence Platform
- Coordinate with client stakeholders including IT, infrastructure, application, and business teams during active incidents and programme activities
- Collaborate with MSSPs and Ensign delivery teams on detection tuning to reduce noise and improve fidelity
- Manage detection use cases, dashboards, and reports on SIEM: perform monthly and ad hoc reviews, validate and maintain existing rules, and develop and implement new use cases
- Manage playbooks, automation scripts, and integrations on SOAR: review, validate, maintain, and develop new playbooks; optimise existing ones for accuracy and efficiency
- Any other tasks as assigned
Requirements
- Degree in Computer Science, Information Security, or a related discipline
- 3 to 7 years of experience in cybersecurity operations or a Security Operations Centre (SOC) environment
- Hands-on experience with SIEM platforms and solid understanding of network, Windows, and Linux infrastructure
- Experience in security, network, and cyber threat analysis
- Demonstrated ability to triage, investigate, and respond to security incidents independently
- Comfortable operating in a client-facing, on-site environment with direct accountability to client stakeholders
- Clear written and verbal communication; able to produce structured incident reports and brief senior stakeholders
- GIAC Certified Incident Handler (GCIH) or equivalent certification required
Preferred Skills / Qualities
- Working knowledge of SOAR platforms; experience with playbook development or automation scripting
- Knowledge of cloud infrastructure security (AWS, Azure, or GCP)
- Familiarity with Threat Intelligence Platforms and IOC management workflows
- Exposure to Singapore regulatory frameworks: CSA advisories, IMDA guidelines, MAS TRM
- Additional certifications such as GCFE, GCFA, OSCP, or vendor product certifications
