Cybersecurity Lead – SOC & Incident Response - Perm - S$Nego

The Cybersecurity Lead – SOC & Incident Response is responsible for leading day-to-day security operations and a small team of SOC Analysts, overseeing monitoring, incident response, and continuous improvement of detection and response capabilities. This role is hands-on and leadership-focused, working closely with IT, Cloud, and Risk teams to protect the organisation from cyber threats while strengthening operational resilience.

• Lead and manage security monitoring, triage, and response to cybersecurity incidents across endpoint, network, cloud, and identity environments.
• Act as escalation point for high-severity incidents, coordinating containment, eradication, recovery, and post-incident reviews.
• Perform or oversee root cause analysis, forensic investigations, and impact assessments.
• Maintain and continuously improve incident response playbooks, runbooks, and escalation procedures.
• Lead, mentor, and develop a small team of SOC Analysts, including task prioritisation, quality assurance, and performance coaching.
• Establish shift coverage, on-call support, and incident escalation models.
• Drive skills development through training, simulations, and tabletop exercises.
• Support regulatory, audit, and compliance requirements related to security incidents.
• Provide clear incident reporting and metrics to management.
• Improve detection and response by tuning SIEM/EDR alerts, identifying coverage gaps, and recommending security control enhancements.
• Partner with Threat Intelligence, Vulnerability Management, and Infrastructure teams to reduce attack surface and improve resilience.

• 5–10 years of experience in cybersecurity operations, SOC, or incident response roles.
• Proven experience leading or mentoring a small SOC or security operations team.
• Strong hands-on experience with SIEM, EDR/XDR, SOAR, and security monitoring tools.
• Solid understanding of modern attack techniques, malware, phishing, ransomware, and insider threats.
• Experience responding to incidents across Windows, Linux, cloud (Azure/AWS/GCP), and identity platforms.
• Strong communication skills with the ability to brief management during incidents.
• Experience in financial services, regulated environments, or large enterprises.
• Hands-on experience with Microsoft Sentinel, Defender, CrowdStrike, Palo Alto, or similar tools.
• Exposure to threat hunting or digital forensics.
• Certifications such as GCIH, GCED, GCIA, CISSP, or equivalent.

If you are interested, please apply through the application system or email to pekoh@morganmckinely.com. Shortlisted candidates will be notified.

By sending us your personal data and CV, you are deemed to consent to Morgan McKinley Pte Ltd and its affiliates to collect, use and disclose your personal data for the purposes set out in the Privacy Policy available at https://www.morganmckinley.com/sg/privacy-policy. You acknowledge that you have read, understood, and agree with the Privacy Policy.

Morgan McKinley Pte Ltd
Koh Boon Sien
EA Licence No: 11C5502
EA Registration No. R1110345