Senior Incident Response Specialist (Platform)

(This role is based in Malaysia, Petaling Jaya )
The Senior Analyst – Cyber Security Incident Response is responsible for monitoring, detecting, and analysing cybersecurity incidents through the Security Operations Centre (SOC) platform. The role supports the end-to-end incident lifecycle — including triage, investigation, containment, and closure — ensuring timely response to security events and maintaining StarHub’s cyber resilience. This role acts as the Level 2 (L2) Incident Responder, bridging SOC analysts and Incident Response management by performing deep technical analysis and coordinating with internal teams for resolution.

1. Monitor alerts generated from the SOC/SIEM and perform initial to intermediate-level investigations.
2. Review and validate security events from multiple log sources and identify legitimate threats.
3. Perform deep-dive investigations for incidents involving malware, phishing, insider threats, and cloud breaches.
4. Assist in detection rule creation and tuning under the guidance of senior incident responders.
5. Use frameworks like MITRE ATT&CK for mapping and improving detection quality.
6. Conduct threat hunting using Elastic Stack and related tools.
7. Collaborate with MSSP, CSIRT, and IT infrastructure teams to ensure timely incident handling.
8. Support incident response reporting, evidence collection, and documentation for compliance and audit.
9. Contribute to automation opportunities in detection and response workflows.
10. Participate in training sessions, simulations, and tabletop exercises to enhance readiness.
11. Responsible for the log source onboarding and managing the continuous logs availability on the SIEM platform.

1. 2–3 years of experience in a SOC or Incident Response (L2) environment.
2. Intermediate hands‑on experience with SIEM platforms (Elastic Stack preferred).
3. Exposure to incident triage, malware analysis, phishing response, and log correlation.
4. Strong understanding of use case creation and MITRE ATT&CK framework mapping.
5. Demonstrated ability to analyze complex alerts and distinguish false positives from true incidents.
6. Familiarity with security tools such as EDR, NDR, Cyber security tools and threat intelligence platforms.
7. Good communication and documentation skills for stakeholder updates.
8. Certifications such as CEH, CompTIA Security+, GCIA, or Elastic Certified Analyst preferred.