L2 SOC ANALYST LEAD

We are seeking an L2 SOC Analyst Lead with active threat hunting, incident response, and team leadership experience to manage a 5-8 member SOC team serving government and critical infrastructure sectors.

Operating in 24/7 shifts, you will perform advanced triage, conduct forensic investigations, front client engagements, and maintain active cyber community involvement for real-time threat intelligence.

This role requires SC clearance and deep expertise in GovTech IM8/CSA requirements.

Threat Operations Leadership:

1. Lead daily shift operations with accountability for incident SLA adherence (MTTR < 15 mins for P1 cases).
2. Mentor L1 analysts in alert validation, triage techniques, and playbook execution.
3. Conduct purple team exercises quarterly to validate detection capabilities.

Advanced Security Operations:

1. Perform deep-dive investigations (memory/disk forensics, malware analysis) using tools:
2. EDR (CrowdStrike/SentinelOne)
3. SIEM (Splunk ES/QRadar with SOAR integration)
4. Network analysis (Wireshark, Corelight)
5. Lead proactive threat hunts using MITRE ATT&CK frameworks and threat intelligence.
6. Develop custom detection rules (YARA, Sigma) for APT groups targeting SEA.

Client & Governance:

1. Front incident response briefings for customers & stakeholders.
2. Present monthly SOC reports to clients (threat trends, gap analysis, KPIs).
3. Ensure compliance with IM8, NIST 800-53, and CSA Cybersecurity Act.

Threat Intelligence Integration

Maintain participation in:

1. ASEAN CERT communities
2. Threat intel platforms (MISP, ThreatConnect)
3. Industry groups (ISC2 Singapore, ACSC Partnership Program)
4. Disseminate actionable IOCs to team during shifts.

Technical Competencies

Must-Have Tools Expertise:

1. Incident Response - Velociraptor, Autopsy, SIFT Workstation
2. Threat Hunting - Atomic Red Team, Kestrel analytics, ELK stack
3. Forensics - Volatility, Rekall, FTK Imager
4. CTI Management - MISP taxonomies, STIX/TAXII feeds, OpenCTI

Certifications:

1. Required: CISSP, GCIH/GCFA, SC Security Clearance

Leadership & Experience:

1. 5+ years in SOC roles with 2+ years leading teams in 24/7 environments.
2. Proven track record.
3. Managed ≥200 critical incidents annually
4. Reduced false positives by ≥40% through detection engineering
5. Led threat hunts uncovering ≥3 advanced persistent threats
6. Government project experience (IM8, CSA Cyber Essentials, or equivalent).

Shift & Engagement Requirements

1. Willingness for 12-hour rotational shifts (including nights/weekends).
2. Monthly presentation of SOC reports to client CISOs.
3. Quarterly threat briefings at events (e.g., GovWare, Cyber Security ASEAN).