Cyber Threat Lead

Team Management

• Effective management of team resources to ensure 24x7 security event monitoring, response and reporting of incidents
• Ensure the team is proficient in using the various cyber defense monitoring tools to identify malicious activities to response to threats and software/hardware vulnerabilities in a timely manner
• Ensure routine monitoring operations processes are relevant and robust
• Ensure the team responds and escalates potential cyber-security threats in the environment within the agreed timeline

Project Management

• Maintain the SIEM, fine-tune detection rules and solutions to enhance and automate the monitoring, triaging and analysis process.
• Plan and implement enhancement to SIEM to effectively and efficiently perform log ingestion and ensure high availability and disaster recovery of the system.
• Manage projects end-to-end to uplift SOC capability and maturity.

Monitoring and Threat Management

• Receive and respond to incident escalation from detection operations and assist with real-time, continuous (24x7) security event monitoring, response, and reporting.
• Lead to the team to conduct and perform forensic investigations, collect, preserve, and analyze data and digital evidence.
• Ensure effective active hunt for indicators of compromise (IOCs) and threat actor groups and tactics, techniques, and procedures (TTPs) in the environment.
• Prepare and present detailed reports documenting findings from investigations and incident response activities, including technical analysis, root cause analysis, and remediation recommendations.

Education and Experience

• Degree in Computer Science, Computer Engineering, Information Security, or related fields.
• At least 10 years of experience working in a Security Operation Centre (SOC) or Computer Emergency Response Team (CERT/CIRT) with a minimum of 5 years in a leadership role.

Skills and Knowledge

• Possess strong understanding of SIEM/ SOAR operations and various defence solutions at host-based or network-based layers.
• Experienced in incident response and handling methodologies.
• Familiar with the Cyber Security Act 2018, Cybersecurity Code of Practice (CCoP), MAS Cyber Hygiene Notice and Technology Risk Management Guidelines (TRMG).
• Strong ability in interpreting the information collected by network tools (e.g., ping, traceroute, nslookup).
• Good knowledge of operating environments (e.g., AWS, Microsoft, UNIX and Linux) and different types of network communication (e.g., Local Area Network, Wide Area Network, Metropolitan Area Network and Wireless Wide Area Network).
• Working experience with OWASP Top 10, CVSS, MITRE ATT&CK framework, Cyber Kill Chain and DevSecOps are preferred.
• Scripting capabilities (i.e. Python, Bash or PowerShell), cloud experience and knowledge will be a plus.
• Strong leadership skills and able to foster a collaborative and high-performance team culture.
• Excellent analytical and problem-solving skills, with the ability to investigate complex security incidents and identify root causes.
• Resilient and able to work effectively in a fast-paced environment.
• Strong communication and presentation skills, comfortable with public speaking and presentation to the management team.