L1 Cyber Security Engineer (Hybrid – Onsite & Remote)

The L1 Security Engineer plays a critical role in the successful onboarding, maintenance, and operational health of our security technology stack. You will work closely with the SOC, Customer Success, and Implementation teams to ensure seamless deployment and performance of endpoint protection, firewalls, EDR, SIEM agents, and cloud security controls. This position is ideal for an early-career engineer who wants hands-on experience across multiple security technologies and a clear path into advanced roles such as Security Automation Engineer, DevSecOps, or Threat Response.

• Assist in the deployment and configuration of security tools (EDR, firewalls, SIEM forwarders, cloud sensors) across client environments (on-prem, cloud, hybrid).
• Perform initial health checks and connectivity validation for newly onboarded clients.
• Monitor system alerts and perform first-level troubleshooting of agent failures, log ingestion issues, policy misconfigurations, and connectivity problems.
• Follow standard operating procedures (SOPs) for routine tasks: patching, certificate renewals, log source onboarding, access provisioning.
• Escalate complex technical issues to L2/L3 Security Engineers with detailed diagnostics and logs.
• Maintain accurate documentation of configurations, client environments, and known issues.
• Support incident response readiness activities, including backup verification and failover testing.
• Collaborate with the SOC and Customer Success teams to resolve service-impacting events within SLA.
• Assist in vulnerability scan coordination and remediation tracking.
• Participate in change management processes and release deployments.

• Diploma or Bachelor’s degree in Cybersecurity, IT, Computer Science, or related field.
• 0–2 years of experience in IT support, systems administration, or entry-level security operations.
• Foundational knowledge of: networking fundamentals (IP addressing, DNS, DHCP, VLANs, routing); cloud platforms (AWS, Azure, or GCP) – basic understanding; security tools (EDR e.g., CrowdStrike, SentinelOne; firewalls e.g., Palo Alto, Fortinet; SIEM e.g., Splunk, Sentinel, Wazuh).
• Familiarity with: command-line interfaces (PowerShell, Bash); basic scripting (Python, PowerShell, or Bash) for automation; MITRE ATT&CK framework and common attack patterns.
• Strong problem-solving skills and ability to follow technical runbooks; excellent attention to detail and communication skills (written and verbal).

• Certifications such as CompTIA Security+, Network+, Microsoft SC-900, AZ-900, AWS Cloud Practitioner or Azure Fundamentals, GIAC GSAT or entry-level SANS certifications.
• Experience with remote monitoring and management (RMM) tools.
• Understanding of data privacy regulations in Singapore (PDPA) and regional compliance needs.
• Willingness to work occasional off-hours during client migrations or incident support windows.

• Competitive salary: RM50,000 – RM70,000/year (based on qualifications and potential)
• Access to enterprise-grade security labs and real-world client projects
• Structured training program in cloud security, automation, and incident response