Staff Cybersecurity Threat Analyst

Leverage specialized security expertise to identify and resolve complex cyber threat management challenges, recommending best practices and determining new approaches that have an impact on broader security operations, while aligning security strategies with business priorities. Partner across teams and key stakeholders to drive security initiatives, leading and solutioning complex projects and programs to strengthen overall security posture. Apply advanced analytical skills and sound judgment to solve security challenges, considering diverse perspectives and innovative solutions. Stay current with industry trends and emerging technologies, understanding their security implications to the company's context. Directly contribute to improvements within the security domain and occasionally beyond, ensuring decisions lead to meaningful enhancements in security practices and organizational resilience. Leverage relationships across teams, both within and outside of security, to influence initiatives and integrate feedback into cyber threat management. Develop and articulate clear plans and priorities for the team, guiding them to achieve security objectives while fostering a collaborative and high-performance environment. Lead by example, providing mentorship and support to ensure the team successfully executes on initiatives and goals. In this role, you'll focus primarily on incident response with forensic analysis applied during investigations: Respond to and lead security incidents: Coordinate the full incident response lifecycle including detection, triage, containment, eradication, and recovery, providing timely updates on findings, root causes, and recommended remediation actions. Serve as incident commander: Lead declared incidents during Singapore business hours, driving coordination across technical teams and stakeholders. Conduct digital forensic analysis: Collect, preserve, and analyze digital evidence using industry-standard tools and techniques to determine the source, scope, and impact of security incidents while maintaining proper chain of custody. Perform host-based forensics and timeline analysis: Examine forensic artifacts across Windows, macOS, and Linux environments to determine attack vector, lateral movement, and data exfiltration. Correlate events from multiple sources: Analyze SIEM, EDR, firewall, network traffic, VPN, and proxy logs to build comprehensive incident timelines. Create forensic and investigative reports: Prepare detailed technical reports suitable for senior leadership, legal counsel, and regulatory audiences. Drive post-incident reviews: Ensure thorough documentation of lessons learned and identify improvements to strengthen organizational resilience. Develop and maintain playbooks: Refine incident response playbooks, standard operating procedures, and forensic protocols to continuously improve response capabilities. Maintain incident tracking: Drive continuous updates in the incident tracking system to ensure accurate documentation and reporting of security events. Collaborate with stakeholders: Work with legal, compliance, and regulatory stakeholders as needed during incident progression, validating and communicating impact levels. Engage external partners: Work with third-party vendors, consulting partners, and industry intelligence groups to enhance overall cybersecurity posture. Mentor junior analysts: Provide technical guidance on incident response and forensic best practices. Participate in on-call rotation: Provide regional incident response coverage as part of the Singapore on-call rotation. 5+ years relevant experience and a Bachelor's degree OR Any equivalent combination of education and experience. Demonstrated experience in security incident handling and security operations within a SOC or similar high-tempo environment. Strong digital forensics skills, including host-based forensics, evidence preservation, chain of custody, and data breach response. Proficiency in analyzing forensic artifacts across Windows, macOS, and Linux operating systems to determine attack vector, lateral movement, and data exfiltration. Experience correlating events from multiple sources (SIEM, EDR, firewall, network traffic, VPN, proxy logs) to build comprehensive timeline analyses. Solid hands-on knowledge of SIEM, EDR, threat intelligence platforms, and forensic tools. Familiarity with industry standards (e.g., NIST, MITRE ATT&CK) and best practices for incident response. Experience with digital forensic tools such as EnCase, FTK, X-Ways Forensics, Axiom, Surge Collect, or equivalent open-source tools. Familiarity with command line tools and scripting languages (Python, bash, etc.). In-depth understanding of network protocols, systems, and infrastructure security principles. Exceptional communication skills, capable of relaying complex security scenarios to executive stakeholders and non-technical audiences. Ability to organize case notes and prepare detailed technical and forensic reports. Bachelor's degree in Computer Science, Information Security, or a related field, or equivalent practical experience. Experience with cloud infrastructures (AWS, GCP, Azure) and cloud-based forensic investigations. Experience with proactive threat hunting activities to uncover security gaps, vulnerabilities, or unaddressed risks. Ability to conduct malware analysis beyond basic triage. Track record of leading technical initiatives or coordinating response efforts under pressure. Certifications such as GCFA, GCFE, GCIH, CISSP, CCE or equivalent DFIR certifications.