Tier 3 MSSP SOC Analyst (DSC/JH)

Company description:

Singapore Technologies Engineering Ltd

Job description:

The Tier 3 MSSP SOC Analyst is a senior-level role that provides leadership for SOC operations. The role includes advanced threat hunting, incident analysis, process optimization, and team mentorship, ensuring the highest level of security operations for MSSP clients.

Responsibilities:

• Lead Tier 1 and Tier 2 analysts by example and provide technical guidance.
• Conduct training sessions, provide coaching, and ensure continuous skill development for the team.
• Plan relevant certifications for Tier 1 and Tier 2 analysts, ensuring proper progression with certifications arranged yearly.

• Actively hunt for threats, identify unknown vulnerabilities, and close security gaps within networks.
• Identify all security attack vectors, classify incidents, and assess their impact.
• Review all escalations from Tier 1 and Tier 2 analysts, ensuring comprehensive analysis and daily updates to the SOC Manager and Head of SOC.
• Proactively update documentation, processes, workflows, and other operational aspects for continuous improvement.

• Oversee and optimize SIEM operations, ensuring effective log correlation and alert management.
• Manage SOAR platform implementations to automate incident response workflows and reduce manual intervention.
• Supervise ticketing systems to ensure proper incident tracking, escalation, and resolution documentation.
• Lead complex incident response activities, coordinating with internal teams and external stakeholders.

• Work closely with Tier 2 analysts to gather feedback and evidence on false positives.
• Collaborate with the Threat Detection Team to reduce false positives across all customers.
• Ensure consistent application of false positive reduction measures for all MSSP clients.

• Disseminate threat intelligence news and updates to all security analysts, ensuring the team remains informed about emerging threats and attack techniques.

• Maintain oversight of SOC processes to ensure compliance and operational effectiveness.
• Plan and implement improvements to SOC operations, focusing on proactive threat detection and response.
• Monitor and "police" SOC workflows, providing tracking and daily updates to SOC leadership.

Requirements:

• Extensive experience in SOC operations, including threat hunting and advanced incident analysis.
• Strong understanding of SIEMs, threat intelligence platforms, and security tools.
• Hands-on experience with SIEM/SOAR platforms and ticketing systems for incident response management.
• Leadership experience with a track record of mentoring and developing security teams.
• Excellent communication, documentation, and organizational skills.
• Ability to handle high-pressure situations and critical security incidents effectively.
• A collaborative mindset to work effectively with other SOC tiers and managers.
• Strong analytical and problem-solving skills to address complex security challenges.

• GoogleSecOps (Google Security Operations) platform experience highly preferred.
• Fortinet security solutions experience preferred.
• Cloudflare security services experience preferred.

• Minimum certification requirement: ECIH (EC-Council Certified Incident Handler) or GCIH (GIAC Certified Incident Handler) or equivalent incident handling certification.
• Additional preferred certifications: CISSP, CISM, GIAC, OSCP, GCFA.
• Commitment to continuous learning to stay updated with the latest security trends and technologies.
• Adherence to SOC playbooks, standard operating procedures, and compliance requirements.

• Primary schedule: Office hours (standard business hours).
• Must be willing to support shift operations during High Severity Incidents, which may include:
• Being activated to work on-shift during critical incidents, or
• Remaining on standby to provide operational support as needed.
• Willingness to support outside of regular hours during operational exigencies.

Work Location: Ang Mo Kio.