SOC ANALYST LEAD (GOVERNMENT SECURITY CLEARANCE PREFFERED)

Job Overview

We seek an L2 SOC Lead with active threat hunting, incident response, and team leadership experience to manage a 5-8 member SOC team serving government and critical infrastructure sectors. Operating in 24/7 shifts, you will perform advanced triage, conduct forensic investigations, front client engagements, and maintain active cyber community involvement for real-time threat intelligence. This role requires SC clearance and deep expertise in GovTech IM8/CSA requirements.

Duties and Responsibilities

Threat Operations Leadership:

1. Lead daily shift operations with accountability for incident SLA adherence (MTTR < 15 mins for P1 cases).

2. Mentor L1 analysts in alert validation, triage techniques, and playbook execution.

3. Conduct purple team exercises quarterly to validate detection capabilities.

Advanced Security Operations:

1. Perform deep-dive investigations (memory/disk forensics, malware analysis) using tools:

2. EDR (CrowdStrike/SentinelOne)

3. SIEM (Splunk ES/QRadar with SOAR integration)

4. Network analysis (Wireshark, Corelight)

5. Lead proactive threat hunts using MITRE ATT&CK frameworks and threat intelligence.

6. Develop custom detection rules (YARA, Sigma) for APT groups targeting SEA.

Client & Governance:

1. Front incident response briefings for customers & stakeholders

2. Present monthly SOC reports to clients (threat trends, gap analysis, KPIs).

3. Ensure compliance with IM8, NIST 800-53, and CSA Cybersecurity Act.

Threat Intelligence Integration:

Maintain participation in:

1. ASEAN CERT communities

2. Threat intel platforms (MISP, ThreatConnect)

3. Industry groups (ISC2 Singapore, ACSC Partnership Program)

4. Disseminate actionable IOCs to team during shifts.

Requirements

Technical Competencies

Must-Have Tools Expertise:

1. Incident Response - Velociraptor, Autopsy, SIFT Workstation

2. Threat Hunting - Atomic Red Team, Kestrel analytics, ELK stack

3. Forensics - Volatility, Rekall, FTK Imager

4. CTI Management - MISP taxonomies, STIX/TAXII feeds, OpenCTI

Certifications:

1. Required: CISSP, GCIH/GCFA, SC Security Clearance

Leadership & Experience

1. 5+ years in SOC roles with 2+ years leading teams in 24/7 environments.

2. Proven track record:

3. Managed ≥200 critical incidents annually

4. Reduced false positives by ≥40% through detection engineering

5. Led threat hunts uncovering ≥3 advanced persistent threats

6. Government project experience (IM8, CSA Cyber Essentials, or equivalent).

Shift & Engagement Requirements

1. Willingness for 12-hour rotational shifts (including nights/weekends).

2. Monthly presentation of SOC reports to client CISOs.

3. Quarterly threat briefings at events (e.g., GovWare, Cyber Security ASEAN).