Asst Manager-CyberSec Incident Response

Role Mission: Cybersecurity Incident Response SME proactively monitor, detect, and respond to cybersecurity incidents identified through the Security Operations Center (SOC) platform. The role involves ownership of the entire Cybersecurity incident lifecycle — from Monitoring, detection and triage to in-depth investigation, containment, and closure — ensuring the security and resilience of StarHub IT assets.

1. End-to-end management of cybersecurity incidents, ensuring timely detection, triage, investigation, and resolution.
2. Achieving and maintaining target MTTD (Mean Time to Detect) and MTTR (Mean Time to Respond) benchmarks.
3. Effective administration and optimization of the Elastic SIEM platform, including rule creation, tuning, and integrations.
4. Development of accurate and relevant detection use cases aligned with evolving threat patterns and organizational needs.
5. Ensuring timely escalation and coordination with internal and external stakeholders during major incidents.
6. Providing transparent and comprehensive incident reporting to leadership and relevant teams.
7. Drive operational excellence through monitoring, alerting, timely investigation and continuous fine tuning the alerts.
8. Partner with Data Engineering, Architecture, Security, Infrastructure & Tooling teams to ensure aligned technical cyber security discussions.

1. Monitor, triage, and investigate alerts from multiple log sources (network, endpoint, cloud, and application).
2. Create, refine, and manage SIEM detection rules to capture the latest attack patterns.
3. Conduct log analysis and event correlation to identify potential intrusions or malicious behavior.
4. Drive use case ideation and validation to improve threat detection coverage and accuracy.
5. Manage and maintain Elastic Stack components (Elasticsearch, Logstash, Kibana, Beats) for operational efficiency.
6. Lead integration efforts with tools such as EDR, firewalls, cloud platforms, and ticketing systems.
7. Collaborate with IT, Network, and Cloud teams for incident follow-up, containment, and recovery.
8. Present incident findings, root cause analyses, and remediation plans to key stakeholders (internal leadership and external partners).
9. Document and enhance incident response playbooks and standard operating procedures (SOPs).
10. Conduct post-incident reviews and implement lessons learned to strengthen the organization’s security posture.

1. Scope: Enterprise-wide responsibility for cybersecurity incident detection, response, and SIEM management (Elastic platform).
2. Decision Rights: Authority to prioritize incidents, modify detection rules, integrate log sources, and advise on response strategies.
3. Stakeholders: ISO Team, CSIRT Team, IT Infra, Cloud, Risk & Compliance teams, plus external vendors and regulators.
4. Resources: MSSP Team, IR teams, IT teams, Elastic Platform, EDR, NDR, threat intel feeds and key security solutions.

1. 5–8 years of experience in Security Operations Center (SOC), Incident Response, or Detection Engineering roles.
2. Proven success in SIEM administration, particularly Elastic Stack (ELK) environments.
3. Hands-on expertise in incident triage, log analysis, and detection rule engineering.
4. Demonstrated ability to design and operationalize MITRE ATT&CK-aligned use cases.
5. Experience in cross-department collaboration and incident coordination with IT and business teams.
6. Strong presentation and communication experience in stakeholder-level incident discussions.
7. Relevant certifications such as CISSP, GCIH, GCIA, CEH, or Elastic Certified Engineer preferred.