Security Operations Specialist

As a Security Operations Specialist, you will be responsible for designing and strengthening enterprise-wide security operations, incident response, and risk management capabilities. This role sits at the core of operational cybersecurity, ensuring that security governance and risk practices are unified, effective, and embedded across diverse technology environments.

Your mandate is to elevate security operations from reactive incident handling to a risk-informed, resilience-driven discipline. You will establish frameworks and operating models that allow organisations to adopt new technologies confidently, while ensuring that risk management is integrated throughout the lifecycle of digital systems — from web applications and cloud platforms to critical Operational Technology (OT) environments.

Key Responsibilities

Incident Management & Response Standardisation

• Incident Response Frameworks: Define, implement, and maintain unified Incident Response (IR) playbooks covering a broad range of threat scenarios, including ransomware, data exfiltration, insider threats, and cloud security incidents.
• Crisis Leadership: Provide direct guidance and technical oversight during high-and critical-severity incidents, ensuring timely escalation, accurate reporting, and effective containment.
• Incident Governance: Partner with senior technology and security leaders to establish clear command structures, roles, and decision-making authority during crisis situations.

Operational Readiness & Resiliency Testing

• Simulation & Exercises: Design and oversee advanced tabletop exercises (TTX) involving technical teams and senior stakeholders. Ensure exercises are realistic, comprehensive, and challenge existing response capabilities.
• Resiliency & Chaos Testing: Drive the adoption of chaos testing practices to validate system resilience, business continuity plans, and recovery strategies, identifying hidden failure points in critical services.
• Capability Maturity: Continuously assess incident response readiness and lead initiatives to close operational gaps across people, process, and technology.

Continuous Monitoring & Asset Governance

• Centralised Monitoring: Ensure systems are effectively onboarded to centralised monitoring and detection platforms. Work closely with system owners to resolve onboarding challenges.
• Asset Visibility: Support the maintenance of a comprehensive and up-to-date IT and OT asset inventory, reinforcing the principle that effective security starts with visibility.
• Specialised Threat Coverage: Provide expert guidance for environments with unique threat profiles (e.g. OT ICS or bespoke platforms), helping teams design customised detection and monitoring use cases beyond standard tooling.

Vulnerability & Attack Surface Management

• Vulnerability Management SOPs: Establish and maintain standard operating procedures covering vulnerability management across on-premises, cloud, and OT environments, including the handling of unpatched or legacy risks.
• Attack Surface Oversight: Ensure appropriate internal and external scanning tools are deployed and used effectively. Oversee prioritisation workflows and validate that remediation actions are timely and effective.

Advocacy & Education

• Resilience Culture: Champion the importance of incident response readiness, business continuity planning, and operational resilience across stakeholder groups.
• Assumed Breach Mindset: Inculcate a mindset of continuous vigilance, ensuring that system owners and leaders understand their responsibilities in monitoring, escalation, and incident management.

Key Requirements

Experience

• Professional Background: 8–10 years of experience in cybersecurity operations, SOC management, or incident response roles.
• Crisis Management: Demonstrated experience leading or providing technical oversight during high-impact, high-pressure security incidents.
• Operational Breadth: Experience managing security operations across complex hybrid environments, including on-premises infrastructure, cloud platforms, and OT systems.

Technical Skills

• Incident Response & Forensics: Strong command of incident response methodologies, with solid understanding of digital forensics and malware analysis.
• Threat Intelligence & TTPs: Deep understanding of the threat landscape and ability to translate adversary TTPs into actionable detection and response use cases.
• Vulnerability & Exploitation Analysis: Strong knowledge of CVE and CVSS scoring, exploitation techniques, and how vulnerabilities are operationalised by threat actors. Ability to assess exploitability within a specific organisational context to prioritise remediation.
• Detection & Response Tooling: Proficiency with SIEM, SOAR, XDR, and EDR platforms, and the ability to assess the effectiveness of monitoring tools against evolving threats.
• Cloud Security Operations: Strong understanding of monitoring and responding to incidents in cloud-native and hybrid cloud environments.
• Certifications: Professional certifications such as GCIH, GCFA, CHFI, or CISSP are highly desirable.

Soft Skills

• Command Presence: Ability to remain composed and decisive during security crises, providing clear and authoritative direction.
• Stakeholder Influence: Strong communication skills to translate operational risks into strategic priorities for senior leadership.
• Strategic Foresight: Keen interest in emerging threats and security technologies, with the ability to proactively adapt detection and response strategies.

Company Reg No.: 201131609D |License No.: 24S2411 | Reg No: R21102223 | Goh Choon Mui