Senior Incident Response Lead (Elastic SIEM)

Job summary

A cybersecurity firm in Malaysia is seeking a Cybersecurity Incident Response SME. The role involves proactive monitoring, detecting cybersecurity incidents, and managing the entire incident lifecycle. Candidates should have 5–8 years of experience in SOC or similar roles, with proven success in SIEM administration and hands-on expertise in incident triage and log analysis. Relevant certifications are preferred. This position offers the chance to contribute to a robust cybersecurity framework within a dynamic team.

Qualifications

• 5–8 years of experience in Security Operations Center (SOC), Incident Response, or Detection Engineering roles.
• Proven success in SIEM administration, particularly Elastic Stack (ELK) environments.
• Hands-on expertise in incident triage, log analysis, and detection rule engineering.
• Demonstrated ability to design and operationalize MITRE ATT&CK-aligned use cases.
• Experience in cross-department collaboration and incident coordination with IT and business teams.
• Strong presentation and communication experience in stakeholder-level incident discussions.
• Relevant certifications such as CISSP, GCIH, GCIA, CEH, or Elastic Certified Engineer preferred.

Responsibilities

• End-to-end management of cybersecurity incidents, ensuring timely detection and resolution.
• Monitor, triage, and investigate alerts from multiple log sources.
• Create, refine, and manage SIEM detection rules.
• Drive use case ideation and improve threat detection coverage.
• Manage and maintain Elastic Stack components for operational efficiency.
• Collaborate with IT, Network, and Cloud teams for incident follow-up.