About this role
<div><div style="padding:10.0px 0.0px;border:1.0px solid transparent"><div style="font-size:16.0px;word-wrap:break-word"><H2 style="font-size:1.0em;margin:0.0px"><b>Job Description</b></H2> </div><div><p><strong>Role Mission: </strong>The Senior Analyst – Cyber Security Incident Response is responsible for monitoring, detecting, and analysing cybersecurity incidents through the Security Operations Centre (SOC) platform. The role supports the end-to-end incident lifecycle — including triage, investigation, containment, and closure — ensuring timely response to security events and maintaining StarHub’s cyber resilience. This role acts as the Level 2 (L2) Incident Responder, bridging SOC analysts and Incident Response management by performing deep technical analysis and coordinating with internal teams for resolution.<br><br></p> <p><strong>Accountabilities: </strong></p> <ol> <li>Perform end-to-end incident triage and investigation of security alerts escalated from L1 SOC analysts.</li> <li>Ensure timely incident analysis, containment, and escalation aligned with MTTD and MTTR goals.</li> <li>Support the SIEM platform (Elastic Stack) by fine-tuning existing rules and suggesting new detections.</li> <li>Conduct log analysis and correlation across multiple data sources (network, endpoint, and cloud).</li> <li>Create and maintain incident documentation, reports, and lessons learned.</li> <li>Support incident response playbook execution during containment and recovery phases.</li> <li>Collaborate with IT, network, and application teams for incident remediation and root cause analysis.</li> <li>Provide insights for use case improvements and participate in use case validation and testing.</li> <li>Escalate confirmed incidents to CSIRT / Assistant Manager – Incident Response for further action.</li> <li>Participate in post-incident reviews, contributing to process and detection improvements.</li> </ol> <p><strong>Responsibilities: </strong></p> <ol> <li>Monitor alerts generated from the SOC/SIEM and perform initial to intermediate-level investigations.</li> <li>Review and validate security events from multiple log sources and identify legitimate threats.</li> <li>Perform deep-dive investigations for incidents involving malware, phishing, insider threats, and cloud breaches.</li> <li>Assist in detection rule creation and tuning under the guidance of senior incident responders.</li> <li>Use frameworks like MITRE ATT&CK for mapping and improving detection quality.</li> <li>Conduct threat hunting using Elastic Stack and related tools.</li> <li>Collaborate with MSSP, CSIRT, and IT infrastructure teams to ensure timely incident handling.</li> <li>Support incident response reporting, evidence collection, and documentation for compliance and audit.</li> <li>Contribute to automation opportunities in detection and response workflows.</li> <li>Participate in training sessions, simulations, and tabletop exercises to enhance readiness.</li> <li>Responsible for the log source onboarding and managing the continuous logs availability on the SIEM platform.</li> </ol></div></div><div style="padding:10.0px 0.0px;border:1.0px solid transparent"><div style="font-size:16.0px;word-wrap:break-word"><H2 style="font-size:1.0em;margin:0.0px"><b>Qualifications</b></H2> </div><div><p> </p> <ol> <li>2–3 years of experience in a SOC or Incident Response (L2) environment.</li> <li>Intermediate hands-on experience with SIEM platforms (Elastic Stack preferred).</li> <li>Exposure to incident triage, malware analysis, phishing response, and log correlation.</li> <li>Strong understanding of use case creation and MITRE ATT&CK framework mapping.</li> <li>Demonstrated ability to analyze complex alerts and distinguish false positives from true incidents.</li> <li>Familiarity with security tools such as EDR, NDR, Cyber security tools and threat intelligence platforms.</li> <li>Good communication and documentation skills for stakeholder updates.</li> <li>Certifications such as CEH, CompTIA Security+, GCIA, or Elastic Certified Analyst preferred.</li> </ol></div></div></div>