Responsibilities

• Owner of the Incident Response playbooks for diverse threat scenarios (Ransomware, Data Exfiltration, Cloud breaches).
• Direct guidance and technical oversight during High and Critical severity incidents, ensuring timely reporting and effective containment.
• Establish clear command structures and roles, empowering leaders to make difficult, high-stakes decisions during a crisis.
• Create and maintain high-quality Tabletop Exercises for stakeholders (system owners, SIROs, CISOs, CIOs).
• Evaluate external vendors to ensure exercises are realistic, comprehensive, and limits pushing.
• Adopt chaos testing to validate the adequacy of resiliency plans and identify hidden failure points in critical systems.
• Assess operational readiness to bridge identified gaps in incident management.
• Ensure all systems are effectively onboarded to central monitoring services.
• Collaborate with system owners on overcoming challenges encountered during onboarding.
• Maintain a robust and updated IT asset inventory.
• Guidance on unique threat use cases or specialised systems (OT/ICS) that fall outside standard monitoring coverage, and help to build bespoke detection capabilities.
• Develop Standard Operating Procedures for vulnerability management across on-premises, cloud (GCC), and OT environments.
• Ensure proper procedures for managing unpatched vulnerabilities.
• Deploy adequate internal and external scanning tools.
• Oversee workflow for finding prioritisation and validate patches are applied and effective.
• Educate stakeholders on the critical importance of Response and Business Continuity Planning (BCP).
• Ensure project owners and agency leaders understand their roles in threat monitoring and incident management.

Requirement

• 8 years of deep experience in Cybersecurity Operations, SOC Management, or Incident Response.
• Experience leading or providing technical oversight in high-pressure, high-severity security incidents.
• Experience managing security operations across complex hybrid environments (On-premise, Cloud, and OT).
• Expert in IR methodologies
• Skilled in SIEM, SOAR, XDR, and EDR technologies.
• Strong understanding of digital forensics and malware analysis.
• Deep knowledge of the threat landscape and the ability to map monitoring use cases to the MITRE ATT&CK framework.
• In-depth understanding of the CVE (Common Vulnerabilities and Exposures) system and CVSS scoring.
• Knowledge of exploitation techniques and the mechanics of how vulnerabilities are weaponised by threat actors.
• Able to assess the "exploitability" of a vulnerability within the specific context of the environment to prioritise remediation.
• Able to evaluate the relevancy of existing monitoring tools against evolving threats.
• Sound understanding of monitoring and responding to incidents within Government Commercial Cloud (GCC) and native cloud environments.
• Professional certifications such as GCIH (GIAC Certified Incident Handler), GCFA (GIAC Certified Forensic Analyst), CHFI, or CISSP advantageous.
• Able to remain calm and provide clear, authoritative guidance during high-stakes security crises.
• Skill in translating operational needs into strategic priorities for CIOs and CISOs.
• Strong interest in emerging security technologies and the ability to proactively adapt monitoring strategies to counter new actor TTPs.

Ethos Search Associates Pte. Ltd.

EA License No: 13C6655

EA Reg No: R1988580 Jacky Chong