L2 SOC Analyst Lead

Roles & Responsibilities

We are seeking a seasoned Level 2 SOC Analyst Lead to spearhead threat operations, mentor junior analysts, and drive advanced investigations within a high-stakes 24/7 Security Operations Center. You will be responsible for incident response leadership, threat hunting, forensic analysis, and client governance, while ensuring alignment with government and industry cybersecurity compliance standards.

Key Responsibilities:

• Lead daily SOC shift operations, ensuring strict adherence to incident SLAs (e.g., MTTR < 15 mins for P1).
• Mentor L1 SOC analysts in triage techniques, alert validation, and incident response playbooks.
• Conduct quarterly purple team exercises to validate SOC detection effectiveness.
• Deliver monthly presentations of SOC threat reports to client CISOs and key stakeholders.
• Lead deep-dive forensic investigations involving:
• Memory/disk forensics using Autopsy, FTK, Volatility, Rekall.
• Malware analysis leveraging sandboxing and static/dynamic techniques.
• EDR tools: CrowdStrike, SentinelOne.
• SIEMs: Splunk ES, QRadar (with SOAR integrations).
• Network tools: Wireshark, Corelight.
• Perform proactive threat hunts leveraging MITRE ATT&CK and threat intel sources.
• Engineer and implement custom detection rules (YARA, Sigma) to detect regional APTs.
• Serve as primary POC during high-severity incident response calls with clients.
• Ensure alignment with regulatory frameworks: IM8, NIST 800-53, CSA Cybersecurity Act.
• Compile and present monthly SOC threat trend reports and gap analysis to clients.
• Represent SOC at quarterly threat briefings (e.g., GovWare, ASEAN CERT meetups).
• Correlate intel from ASEAN CERT, MISP, ThreatConnect, and ISC2 Singapore.
• Disseminate timely IOCs and TTPs to analysts during active threats.
• Maintain and manage CTI using MISP, STIX/TAXII, and OpenCTI platforms.

Requirements:

• Minimum 5+ years in Security Operations Center roles.
• At least 2 years in a leadership role within a 24/7 SOC environment.
• Proven record in:
• Managing 200+ critical incidents/year.
• Reducing false positives by 40% through tuning and detection engineering.
• Leading threat hunts that uncovered 3 APT campaigns.
• Prior experience on government cybersecurity projects (e.g., IM8, CSA Cyber Essentials).

Certifications (Mandatory):

• CISSP
• GCIH or GCFA
• Singapore SC Security Clearance (or equivalent, if applicable)

Tool Proficiency (Must-Have):

• Incident Response: Velociraptor, Autopsy, SIFT Workstation
• Threat Hunting: Atomic Red Team, Kestrel analytics, ELK Stack
• Digital Forensics: Volatility, Rekall, FTK Imager
• CTI Management: MISP, OpenCTI, STIX/TAXII feeds