Monitor client environments using SIEM platforms to detect, triage, and respond to cybersecurity threats in accordance with agreed SOPs and industry best practices
Analyse and investigate security alerts; perform deep-dive log analysis across system and OS layers to establish baselines and identify anomalous behaviour
Map threat tactics, techniques, and procedures (TTPs) to the MITRE ATT&CK framework and construct plausible attack-path hypotheses to inform containment actions
Produce escalation reports and notes; manage triage workflow and identify improvements to automation playbooks
Conduct IOC-based reactive threat hunts against limited TTPs
Operate SIEM, SOAR, EDR, and wider security tooling within the scope of the service engagement
Perform indicator of compromise (IOC) searches and triage incoming threat intelligence to assess relevance to client assets
Coordinate with vendors, external CERTs, and internal business stakeholders during incident response activities
Manage detection use cases, dashboards, and SOAR playbooks: author and tune detection rules, validate existing content, and implement automation to streamline triage and response
Manage the full incident ticket lifecycle, including creation, updates, closure, hygiene, and MITRE ATT&CK mapping
Respond to incidents and critical alerts outside of office hours when required
Any other tasks as assigned
Requirements
Degree in Computer Science, Information Security, or a related discipline
Minimum 6 years of experience in cybersecurity operations or a Security Operations Centre (SOC) environment
Hands-on experience with SIEM platforms and solid understanding of network, Windows, and Linux infrastructure
Hands-on experience with EDR platforms for endpoint detection, investigation, and response
Demonstrated ability to triage, investigate, and respond to security incidents independently, with accurate escalation judgement
Experience mapping threats to MITRE ATT&CK and conducting IOC-based threat hunts
Clear written and verbal communication; able to produce structured escalation reports and brief senior stakeholders
Experience with SOAR platforms, playbook development, or automation scripting
Knowledge of cloud infrastructure security (AWS, Azure, or GCP)
Familiarity with Threat Intelligence Platforms and IOC management workflows
Experience with next-generation SIEM, NDR, or ITSM/incident management platforms
Exposure to OT security monitoring or regulatory frameworks such as NIST CSF, ISO 27001, or GDPR
CrowdStrike certifications (e.g., CCFA, CCFR) or other vendor product certifications are a plus
Other Special Working Conditions
Able to perform 12-hour shift duties (2 days’ work with 2 off-days). Working hours: AM - 8:30am to 8:30pm; PM - 8:30pm to 8:30am. Shift patterns and duration may vary from time to time
All Job Ads are subject to GrabJobs’s Terms of Service. We allow users to flag postings that may be in violation of those terms. Job Ads may also be flagged by GrabJobs moderation team. However, no moderation system is perfect, and flagging a posting does not ensure that it will be removed.
Be the first to receive the latest Back End Developer Full-Time Jobs in Singapore.
Setup your job alert:
By activating job alerts, I agree to GrabJobs Terms & Privacy Policy. I can unsubscribe to job alerts anytime.
Skip
GrabJobs is the no1 job portal in Singapore, connecting you to thousands of jobs fast!
Find the best jobs in Singapore, apply in 1 click and get a job today!