Cyber Incident Responder (SIEM, 1-Year Contract)

What You'll Do

• Lead technical activities related to security use case definition, design, implementation, and enrichment within the IT Production Security Investigation & Incident Response team, ensuring robust detection across multiple layers based on real-world attack scenarios such as those outlined by MITRE ATT&CK.
• Strengthen detection capabilities throughout the Asia Pacific region by participating as a member of the Global Use Case Development Team, aligning local practices with worldwide standards for security monitoring.
• Enhance SIEM (Security Information and Event Management) and SOAR (Security Orchestration Automation and Response) capabilities through hands-on involvement in tool optimisation and process refinement.
• Act as a reference point for Security Incident Response activities, Anti-Malware/Defence strategies, and Security Detection operations within a team of experts.
• Oversee the detection capabilities for the 24/7 regional IT Production Security Operations Centre (SOC), ensuring timely handling of security alerts affecting critical business functions.
• Respond promptly to cyber or IT security incidents by evaluating event severity, conducting thorough investigations, and coordinating remediation efforts with relevant stakeholders.
• Identify recurring security issues and risks by developing mitigation plans, recommending process improvements, and supporting ongoing risk management initiatives.
• Continuously improve SOC frameworks by reviewing policies, updating operational playbooks, and integrating feedback from incident reviews into daily practice.
• Contribute to compliance with regulatory requirements and internal policies by supporting incident reporting processes, participating in audits, and providing necessary evidence during control framework assessments.

What You'll Need

• At least 5 years’ experience as a cybersecurity professional with proven expertise in incident response across large-scale environments.
• At least 3 hands-on experience designing, developing, coding, and implementing security use cases—ideally with familiarity in Java/Python programming language.
• Comprehensive understanding of SIEM products (such as ELK stack: Elastic Logstash Kibana) coupled with practical experience in Security Incident Management processes.
• Proficiency in Linux operating systems (RedHat/Ubuntu) along with strong skills interpreting security logs or instructions into actionable threat models; SecOPS or DevOPS mindset is highly valued.
• Demonstrated ability to investigate incidents thoroughly—covering remediation actions, tracking progress through closure, and engaging constructively with stakeholders throughout the process.
• Experience conducting threat hunting activities using large data sets; adept at content creation/use case modelling; automation-oriented approach is considered advantageous.

Do note that we will only be in touch if your application is shortlisted.
Robert Walters (Singapore) Pte Ltd
ROC No.: 199706961E | EA Licence No.: 03C5451
EA Registration No.: R1872446 Felicia Valerie Romli