Cyber Security Engineer (SOC Threat Analyst) || Prem Role ||South west
LINKTRIX CONSULTANTS PTE. LTD.
Cyber Security Engineer We are seeking a SOC, Threat Hunting & (IR) Expert with deep expertise in playbook development, validation, and automation to contribute to the development of a next-generation cybersecurity product. This role requires a hands-on security professional who can bridge SOC operations, threat intelligence, and automation with product innovation. You will work closely with engineering teams to build intelligent SOC workflows, IR automation, and AI-powered detection mechanisms that enhance incident response efficiency.
Key Responsibilities:
1. Playbook Development & Validation
• Design, develop, and validate security playbooks for automated and manual incident response workflows.
• Ensure playbooks align with MITRE ATT&CK, Cyber Kill Chain, NIST CSF, and SOC best practices. • Continuously improve playbooks based on real-world attack simulations, threat intelligence, and emerging TTPs.
• Work with SOAR engineers to codify playbooks into automation workflows (Splunk SOAR, XSOAR, or other SOAR solutions).
2. SOC & IR Expertise in Product Development
• Collaborate with engineering and product teams to design SOC & IR features within the product.
• Define incident detection, alerting logic, triage workflows, and response actions to be built into the platform.
• Integrate SIEM, EDR, and SOAR functionalities into the product with actionable response capabilities.
• Ensure the product supports log ingestion, correlation, and threat detection frameworks used in SOCs.
3. Threat Hunting & Detection Engineering
• Develop custom detection rules, YARA, Sigma, and Splunk queries to improve threat detection accuracy.
• Implement AI/ML-driven security analytics to enhance anomaly detection and response.
• Conduct proactive threat-hunting to identify stealthy adversaries and insider threats.
• Work with data science teams to fine-tune AI/ML models for security analytics.
4. Incident Response & Security Automation
• Design end-to-end automated incident response workflows for common attack scenarios.
• Define decision trees for SOC analysts to handle alerts effectively.
• Contribute to forensic data collection, log correlation, and adversary profiling within the product.
• Define incident classification models to help SOC teams prioritize alerts and remediation.
5. Security Intelligence & Adversary Simulation
• Integrate threat intelligence (CTI) feeds, OSINT, and attack surface monitoring into the product.
• Define adversary emulation scenarios and ensure the product supports Red & Blue team exercises.
• Work with SOC teams and threat researchers to track emerging cyber threats, malware trends, and APT activities.
6. SIEM, EDR & Cloud Security Product Integration
• Define log source requirements, correlation rules, and alert enrichment for SIEM/EDR integration.
• Ensure the product supports multi-cloud security monitoring (AWS, Azure, GCP, OCI). • Collaborate with cloud security teams to implement Kubernetes and container security monitoring.
7. Compliance & Security Framework Alignment
• Align product security capabilities with SOC 2, ISO 27001, NIST, MITRE ATT&CK, and CIS benchmarks.
• Ensure audit logging, incident reporting, and compliance monitoring are built into the product.
Required Skills & Experience:
• 6-10 years of experience in SOC, Incident Response, Threat Hunting, or Security Automation.
• Strong expertise in SIEM, SOAR, EDR, and forensic analysis tools.
• Hands-on experience in developing and validating IR playbooks and automating SOC workflows.
• Proficiency in Python, Bash, PowerShell for SOC automation & playbook scripting.
• Experience with SOAR platforms (Splunk SOAR, Cortex XSOAR, IBM Resilient, etc.).
• Deep knowledge of MITRE ATT&CK, TTP-based detection, and threat intelligence.
• Strong understanding of AI/ML-based security detection, anomaly detection, and automation.
• Familiarity with SIEM solutions (Splunk, Sentinel, Elastic, QRadar, etc.) and cloud-native security tools.
• Expertise in log analysis, detection engineering, and threat-hunting methodologies.
• Experience in adversary simulation, Purple Teaming, and security control validation.
• Knowledge of cloud security monitoring (AWS, Azure, GCP, OCI) and container security (Kubernetes, Docker, CSPM, CWPP).
• Strong analytical skills to correlate security events across multiple platforms.
• Ability to work with engineering teams to define security automation requirements.
• Preferred certifications: GCIH, GCFA, GCIA, OSCP, CEH, CISSP, AWS Security, Splunk Certified Analyst.
Shortlisted candidate will be notified.
Key Responsibilities:
1. Playbook Development & Validation
• Design, develop, and validate security playbooks for automated and manual incident response workflows.
• Ensure playbooks align with MITRE ATT&CK, Cyber Kill Chain, NIST CSF, and SOC best practices. • Continuously improve playbooks based on real-world attack simulations, threat intelligence, and emerging TTPs.
• Work with SOAR engineers to codify playbooks into automation workflows (Splunk SOAR, XSOAR, or other SOAR solutions).
2. SOC & IR Expertise in Product Development
• Collaborate with engineering and product teams to design SOC & IR features within the product.
• Define incident detection, alerting logic, triage workflows, and response actions to be built into the platform.
• Integrate SIEM, EDR, and SOAR functionalities into the product with actionable response capabilities.
• Ensure the product supports log ingestion, correlation, and threat detection frameworks used in SOCs.
3. Threat Hunting & Detection Engineering
• Develop custom detection rules, YARA, Sigma, and Splunk queries to improve threat detection accuracy.
• Implement AI/ML-driven security analytics to enhance anomaly detection and response.
• Conduct proactive threat-hunting to identify stealthy adversaries and insider threats.
• Work with data science teams to fine-tune AI/ML models for security analytics.
4. Incident Response & Security Automation
• Design end-to-end automated incident response workflows for common attack scenarios.
• Define decision trees for SOC analysts to handle alerts effectively.
• Contribute to forensic data collection, log correlation, and adversary profiling within the product.
• Define incident classification models to help SOC teams prioritize alerts and remediation.
5. Security Intelligence & Adversary Simulation
• Integrate threat intelligence (CTI) feeds, OSINT, and attack surface monitoring into the product.
• Define adversary emulation scenarios and ensure the product supports Red & Blue team exercises.
• Work with SOC teams and threat researchers to track emerging cyber threats, malware trends, and APT activities.
6. SIEM, EDR & Cloud Security Product Integration
• Define log source requirements, correlation rules, and alert enrichment for SIEM/EDR integration.
• Ensure the product supports multi-cloud security monitoring (AWS, Azure, GCP, OCI). • Collaborate with cloud security teams to implement Kubernetes and container security monitoring.
7. Compliance & Security Framework Alignment
• Align product security capabilities with SOC 2, ISO 27001, NIST, MITRE ATT&CK, and CIS benchmarks.
• Ensure audit logging, incident reporting, and compliance monitoring are built into the product.
Required Skills & Experience:
• 6-10 years of experience in SOC, Incident Response, Threat Hunting, or Security Automation.
• Strong expertise in SIEM, SOAR, EDR, and forensic analysis tools.
• Hands-on experience in developing and validating IR playbooks and automating SOC workflows.
• Proficiency in Python, Bash, PowerShell for SOC automation & playbook scripting.
• Experience with SOAR platforms (Splunk SOAR, Cortex XSOAR, IBM Resilient, etc.).
• Deep knowledge of MITRE ATT&CK, TTP-based detection, and threat intelligence.
• Strong understanding of AI/ML-based security detection, anomaly detection, and automation.
• Familiarity with SIEM solutions (Splunk, Sentinel, Elastic, QRadar, etc.) and cloud-native security tools.
• Expertise in log analysis, detection engineering, and threat-hunting methodologies.
• Experience in adversary simulation, Purple Teaming, and security control validation.
• Knowledge of cloud security monitoring (AWS, Azure, GCP, OCI) and container security (Kubernetes, Docker, CSPM, CWPP).
• Strong analytical skills to correlate security events across multiple platforms.
• Ability to work with engineering teams to define security automation requirements.
• Preferred certifications: GCIH, GCFA, GCIA, OSCP, CEH, CISSP, AWS Security, Splunk Certified Analyst.
Shortlisted candidate will be notified.
JOB SUMMARY
Cyber Security Engineer (SOC Threat Analyst) || Prem Role ||South west
LINKTRIX CONSULTANTS PTE. LTD.
Singapore
8 days ago
N/A
Full-time
Cyber Security Engineer (SOC Threat Analyst) || Prem Role ||South west