We are seeking a forward-thinking and highly skilled Security Operations Lead to guide the evolution of our cyber defense capabilities. This strategic role is responsible for overseeing our Day 2 security operations while actively driving the transformation and modernization of our Security Operations Center (SOC).
You will lead our incident response function, manage our critical partnership with our Managed Security Service Provider (MSSP), and spearhead initiatives in automation, forensics, and continuous improvement. The ideal candidate is a strategic leader with a strong technical foundation, passionate about building a next-generation, intelligence-driven security operations function.
Key Responsibilities
SOC Transformation & Modernization
- Lead strategic initiatives to mature the SOC's capabilities, focusing on enhancing threat detection, accelerating response times, and improving overall operational efficiency.
- Drive the adoption and optimization of a Security Orchestration, Automation, and Response (SOAR) platform, developing and refining playbooks to automate routine tasks and standardized response workflows.
- Evaluate, recommend, and integrate new technologies and processes to keep our security posture ahead of the evolving threat landscape.
Security Operations & Platform Oversight
- Oversee the health, performance, and policy governance of a diverse portfolio of enterprise-grade security technologies.
- Ensure the effective day-to-day operation of core security platforms, such as Firewalls, XDR, DDoS Mitigation services, IPS, Email Filtering Gateways, and Privileged Access Management (PAM) solutions.
- Act as the primary stakeholder for the security technology stack, ensuring tools are configured to best practices and aligned with the organization's risk appetite.
Incident Response Leadership & Forensics
- Lead the end-to-end incident response lifecycle, from initial triage and escalation by the MSSP to final resolution and reporting.
- Serve as the incident commander during major security events, providing clear direction and communication to all stakeholders.
- Oversee and, when necessary, directly participate in complex security investigations and digital forensics activities to determine the root cause, scope, and impact of incidents.
- Drive the Incident Response Improvement and Planning process by developing, maintaining, and testing the corporate Incident Response Plan (IRP) through regular tabletop exercises and drills.
Reporting, Documentation & Continuous Improvement
- Develop and maintain key performance indicators (KPIs) and metrics to measure the effectiveness of the security operations function.
- Create and present clear, concise reports and dashboards for technical teams and senior leadership to provide visibility into our security posture and incident trends.
- Champion a culture of continuous improvement, using post-incident reviews and operational data to identify and implement enhancements to people, processes, and technology.
- Ensure all processes, procedures, and security configurations are meticulously documented in runbooks and Standard Operating Procedures (SOPs).
MSSP & Vendor Partnership
- Manage the strategic and technical relationship with our MSSP, ensuring alignment and driving maximum value from the partnership.
- Monitor MSSP performance against Service Level Agreements (SLAs), review incident reports, and lead regular service review meetings to ensure quality and address challenges.
Required Qualifications & Skills
- 8-10+ years of experience in cybersecurity, with a significant portion in a Security Operations or Incident Response capacity.
- Proven experience leading SOC modernization or transformation projects, with a strong understanding of how to mature a security operations function.
- Hands-on experience with SOAR platforms and the development of automation playbooks.
- Demonstrable experience in leading complex security investigations and a solid grasp of incident response methodologies.
- Broad technical knowledge across multiple security domains, including network security, endpoint protection, and identity and access management.
- Bachelor's degree in Computer Science, Information Security, or a related field, or equivalent practical experience.
Preferred Qualifications & Skills
- Professional certifications such as CISSP, GCIH, GCFA, or GDAT.
- In-depth knowledge of digital forensics and investigation techniques.
- Familiarity with cybersecurity frameworks like the NIST Cybersecurity Framework and MITRE ATT&CK.
- Strong scripting and automation skills (e.g., Python, PowerShell) to support SOAR and custom integrations.
- Experience presenting complex technical topics to non-technical audiences and senior leadership.
Work Location: FairPrice Hub (Joo Koon)
Address: 1 Joo Koon Circle, #13-01, Singapore 629117
