About Us
SPH Medias mission is to be the trusted source of news and lifestyle content in Singapore and Asia. One of our core purposes is to produce credible, balanced, and objective news and analysis, always with a view to uphold the public good and fostering an informed, engaged citizenry.
We welcome talented individuals to join us and grow a career in a vibrant and collaborative environment built around a culture of respect and inclusivity.
As an employer, we are committed to rewarding our people fairly and developing them in their careers.
About the role
IR & Detection Engineering
- Lead end-to-end incident response efforts during live cyber events, coordinating with internal teams and external stakeholders.
- Conduct in-depth log analysis, network forensics, endpoint investigations, and memory analysis using tools like CrowdStrike Falcon, Sysmon, Zeek, Wireshark, etc.
- Own and continuously improve detection logic across SIEM/SOAR platforms (e.g., Elastic).
- Develop and tune detections based on MITRE ATT&CK TTPs, threat actor behavior, and threat intel.
- Familiar with threat hunting, detection engineering, and (optionally) malware analysis.
Tabletop & Playbook Execution
- Drive Tabletop Exercises (TTXs) to assess IR readiness and inter-team coordination.
- Build and maintain detailed, actionable playbooks and runbooks for key incident types (e.g., ransomware, insider threat, supply chain attacks, cloud compromise, lateral movement).
Threat Intelligence & Contextualization
- Translate strategic and tactical threat intelligence into actionable detections and prevention mechanisms.
- Collaborate with TI partners and fusion analysts to enrich incident data with attacker context.
Security Operations Excellence
- Conduct hands on investigations, improve detection logic, and response tactics.
- Own and improve security dashboards, investigation workflows, and reporting tools.
Cloud & Hybrid Infrastructure Defense
- Apply deep knowledge of cloud environment (AWS/Azure/GCP/Alibaba Cloud) logging, IAM, network architecture, and native security services.
- Correlate cloud-based events with on-prem data to detect blended or multi-cloud threats.
- Assess and improve the security posture of both on-prem and cloud environments, by driving hardening efforts for Linux/Windows/AD environments and key services.
- Evaluate third-party environments for risk and compliance gaps.
Requirements
- 8+ years in security operations, detection engineering, or incident response.
- Proven experience handling real-world incidents (APT, ransomware, cloud breaches, insider threats).
Strong hands-on expertise in:
- SIEM platforms (Elastic, Splunk, Sentinel)
- EDR/XDR tools (CrowdStrike Falcon, Defender)
- Network & host-level forensic tools (Wireshark, Zeek, Sysmon, PCAP analysis)
- Cloud security in AWS, Azure, GCP, Alibaba Cloud
- Experience monitoring or investigating IAM misconfigurations and abuse or GuardDuty alerts.
- Experience with vulnerability remediation, system hardening, and secure configuration
Familiarity with:
- CCoP, MITRE ATT&CK, NIST 800-61, and SEC504-style IR
- TCP/IP, DNS, SMTP, DHCP, SSL, PKI, key management, and other core protocols
- Able to troubleshoot security issues across hybrid environments
- Strong communication and reporting skills able to build and present dashboards and summaries to technical and non-technical audiences.
Certifications (Preferred but Not Required)
- GIAC: GCIH, GCIA, GCED, GNFA, GREM
- Offensive Security: OSCP, OSEP
- CISSP, CISM, or equivalent
- AWS/Azure cloud security certifications
