Cyber Threat Lead

Job Summary

Lead and manage a Security Operations Centre (SOC) team to monitor, detect, respond to, and report cybersecurity incidents. Drive SIEM system enhancements and oversee forensic investigations to strengthen organizational cyber defense capabilities.

Responsibilities

• Manage team resources to ensure continuous 24x7 security event monitoring, timely incident response, and comprehensive reporting
• Train and ensure team proficiency in cyber defense monitoring tools to detect malicious activities and respond to threats and vulnerabilities promptly
• Review and update routine monitoring operations to maintain relevance and robustness
• Oversee timely escalation of potential cybersecurity threats within agreed timelines
• Maintain and fine-tune SIEM detection rules and solutions to automate monitoring, triaging, and analysis processes
• Plan and implement SIEM enhancements to optimize log ingestion, ensure high availability, and support disaster recovery
• Lead end-to-end projects to elevate SOC capabilities and maturity
• Respond to incident escalations and support continuous real-time security event monitoring and response
• Lead forensic investigations by collecting, preserving, and analyzing digital evidence to support incident resolution
• Conduct proactive threat hunting for indicators of compromise (IOCs) and monitor threat actor tactics, techniques, and procedures (TTPs)
• Prepare and present detailed investigation and incident response reports including technical analysis, root cause identification, and remediation recommendations

Required competencies and certifications

• Strong understanding of SIEM and SOAR operations and defense solutions at host-based and network-based layers
• Proven experience in incident response and handling methodologies
• Familiarity with Cyber Security Act 2018, Cybersecurity Code of Practice (CCoP), MAS Cyber Hygiene Notice, and Technology Risk Management Guidelines (TRMG)
• Ability to interpret network diagnostic tools such as ping, traceroute, and nslookup
• Knowledge of operating environments including AWS, Microsoft, UNIX, and Linux, and network types such as LAN, WAN, MAN, and WWAN
• Degree in Computer Science, Computer Engineering, Information Security, or related fields
• Minimum 10 years’ experience in SOC or CERT/CIRT environments, including at least 5 years in leadership roles

Preferred competencies and qualifications

• Experience with OWASP Top 10, CVSS, MITRE ATT&CK framework, Cyber Kill Chain, and DevSecOps practices
• Scripting skills in Python, Bash, or PowerShell
• Cloud computing experience and knowledge
• Strong leadership skills to foster a collaborative, high-performance team culture
• Excellent analytical and problem-solving skills to investigate complex security incidents and identify root causes
• Resilience and ability to perform effectively in fast-paced environments
• Strong communication and presentation skills, including public speaking and reporting to management