88 Incident Response jobs in Singapore

At Tetra Pak we commit to making food safe and available, everywhere; and we protect what's good – protecting food, protecting people, and protecting the planet. By doing so we touch millions of people's lives every day.

And we need people like you to make it happen.

We empower you to reach your potential with opportunities to make an impact to be proud of – for food, people and the planet.

As the face of information security to Cluster and Market Company management, responsible for:

managing information security risks; managing and leading significant information security incidents both globally and at the cluster level; Expertly advising on information security issues and questions within the cluster; driving information security and data privacy awareness and education for the cluster; ensuring compliance on information security and data privacy related matters for the cluster. Responsible for leadnig or managing informaiton security intiative on a global level.

Role and Responsibilities

In this role, you will be part of the ISIRT and Cyber Threat Intelligence team, which falls under the parent group named Security Operations. Working closely with the IR Manager and IR Leads in other time zones, you will be responsible for leading cybersecurity incident management efforts, ensuring quick, effective response and communication. You will guide teams, both internal and external (e.g. suppliers, customers, Managed Security Service Providers, other industry groups, etc) through containment, investigation, recovery, document incident details, and drive continuous improvement via training and tabletop exercises, as well as performing post-incident analysis. This role therefore requires strong coordination, communication, and stakeholder management skills.

Key Responsibilities

• Serving as a point of escalation and incident commander, manage a team of incident responders for ISIRT response and interact with cybersecurity leadership and business stakeholders
• Coordinate and ensure ISIRT incidents are prioritized at all hours of the day
• Implement a cross-functional team of analysts working closely with cybersecurity, IT and developers
• Review ISIRT incidents that may be related to ransomware, host compromise, account compromise, phishing, anomalous user behavior, third parties and data leakage
• Ensure the ISIRT response team is following processes embraced by leadership and adhering to best practices
• Measure and give feedback to the team to improve mean time to respond, key performance indicators (KPIs) and service-level objectives
• Proactively adjust to upcoming company changes affecting the operation to modify ISIRT response processes
• Possess advanced knowledge of attackers' methods of escalation; lateral movement; and tactics, techniques and procedures
• Present incident analysis and trend reporting to leadership, highlighting KPIs
• Review events and process effectiveness and make recommendations for change to leadership
• Require participation in ISIRT tabletop exercises designed to identify gaps, improve skills, enhance communication and engage with key stakeholders
• Oversee IR playbooks, policies, procedures and guidelines to ensure they align with industry best practices
• Collaborate with infrastructure, IT, vulnerability, threat intelligence and application security leads
• Participate in monitoring internal and external events and stay tightly aligned with infrastructure and third-party, hosted, on-premises and end-user systems
• Review and communicate ISIRT incident details from initial investigation through root cause analysis and post-mortem

Technical Skills

• Security Expertise: Over 2 years of experience in IT and/or OT security technologies.
• Security Operations: Hands-on experience in Security Operations Center (SOC) and Information Security Incident Response Team (ISIRT) processes, procedures, and tools.
• Tool Proficiency: Familiar with SIEM, SOAR, EDR, forensic tools, and ticketing platforms.

Non-Technical Skills

• Leadership: Proven ability to lead teams both onsite and remotely.
• Composure Under Pressure: Self-aware and able to remain calm, organized, and collaborative under high-pressure situations; skilled in prioritizing and responding within defined SLAs.
• Communication: Strong written and verbal communication skills across all organizational levels.
• Decision-Making: Excellent judgment and quick decision-making capabilities in complex scenarios.
• Security Knowledge: Solid understanding of threats, vulnerabilities, ISIRT incident response principles, and chain of custody.
• Compliance & Standards: Familiar with industry standards and frameworks including NIST, ISO 27001, NIS 2, and CRA.
• Professional Integrity: Demonstrated track record of integrity, pride in work, curiosity, flexibility, and professionalism.

We Offer You

• A variety of exciting challenges with ample opportunities for development and training in a truly global landscape
• A culture that pioneers a spirit of innovation where our industry experts drive visible results
• An equal opportunity employment experience that values diversity and inclusion
• Market competitive compensation and benefits with flexible working arrangements

Apply Now

If you are inspired to be part of our promise to protect what's good; for food, people, and the planet, apply through our careers page at

If you have any questions about your application, please contact Ephraim Kwa.

Diversity, equity, and inclusion is an everyday part of how we work. We give people a place to belong and support to thrive, an environment where everyone can be comfortable being themselves and has equal opportunities to grow and succeed. We embrace difference, celebrate people for who they are, and for the diversity they bring that helps us better understand and connect with our customers and communities worldwide.

• Incident Handling & Response: Lead the full incident response lifecycle - detection, triage, containment, eradication, recovery, and lessons learned.
• Threat Hunting: Conduct proactive threat hunting and identify potential indicators of compromise (IOCs).
• Forensics & Analysis: Perform root cause analysis, malware reverse engineering (where required), and log correlation to determine attack vectors.
• Playbook Development: Design, implement, and enhance IR playbooks, workflows, and standard operating procedures.
• Advisory & Consulting: Act as a trusted advisor to clients, providing recommendations to improve security posture and reduce dwell time.
• Collaboration: Work closely with SOC analysts, threat intelligence teams, and IT stakeholders to coordinate effective response actions.
• Reporting & Communication: Prepare detailed incident reports and deliver executive-level presentations for stakeholders and regulators.
• Continuous Improvement: Stay up to date with emerging threats, TTPs (Tactics, Techniques, Procedures), and security technologies.

• Experience: Minimum 7 years of experience in Cybersecurity with a focus on Incident Response, Digital Forensics, or SOC operations.
• Technical Skills:
  • Strong knowledge of SIEM tools (e.g., Splunk, QRadar, Sentinel) and EDR solutions (e.g., CrowdStrike, Carbon Black).
  • Hands-on experience with incident response tools (Volatility, Mandiant Redline, Wireshark, etc.).
  • Understanding of MITRE ATT&CK framework, threat intelligence feeds, and adversary simulation.
  • Proficiency in analyzing logs, network traffic, and system artifacts.
• Certifications: CISSP, GCIH, GCFA, GCIA, or equivalent industry certifications preferred.
• Soft Skills: Excellent communication, documentation, and stakeholder management skills. Ability to remain calm under pressure.
• Location: Must be based in Singapore and willing to support on-call/after-hours incident escalations if needed.

Cyber Security Specialist

Job Description:

We are seeking an experienced Cyber Security Specialist to join our global team. The successful candidate will be responsible for responding to cyber security incidents, conducting forensic analysis, and collaborating with various teams to ensure effective incident handling.

Key Responsibilities:

• Respond to cyber security incidents, including identification, containment, and eradication
• Conduct forensic-level analysis of systems, accounts, and networks
• Act as an engagement point for wider technology teams within Major Incident Management framework
• SUPPORT AND MAINTAIN RESPONSE STRATEGY TO SEVERE INCIDENTS AND KEY ATTACK SCENARIOS
• Maintain coordination and communication streams horizontally and vertically as part of major cyber-related incident handling
• Perform technical analysis and triaging as part of incident investigation
• Actively collaborate with Cyber Intelligence teams to ensure response capabilities are adequate to the threat
• Mentor and train junior analysts in advanced incident response techniques, tactics, and procedures

Requirements:

• 5+ years of experience in incident response operations or security operations positions in a large enterprise environment
• Experience in investigating and handling data breaches and leading investigations to resolution
• Ability to design and write runbooks for frequently occurring incidents
• Natural ability to take the lead and drive the investigation of complex technical issues, with strong analytical and problem-solving skills
• Extensive experience performing cyber incident response and root-cause-analysis
• Technical understanding of enterprise networks, protocols, their various components, and designs
• Strong forensics skills, and an understanding of chain of custody requirements
• Experience with one or more programming/scripting languages such as Python, JavaScript, Java, or C#, deep understanding of the cyber kill-chain and MITRE ATT&K frameworks

Benefits:

Join a global team distributed across Switzerland, USA, and Singapore, focusing on proactive defense capabilities supported by active intelligence consumption.

Continuous learning possibilities while tracking recent techniques, tactics, and procedures of various adversaries.

Job Description:

We are seeking a highly skilled Incident Response Analyst to join our team. As an Incident Response Analyst, you will play a crucial role in delivering data centre operations support across multiple data centres.

Your Key Responsibilities Will Include:

">
• Respond to all alarms/alerts set in Data Center Infrastructure Management (DCIM), Server Automation Operations System (SAOS), CCTV, Access Control Systems (ACS), and other functions (EHS, Security, etc).
">
• Provide deep understanding and intelligence of the criticality and impact of the incidents to the resolver groups.
">
• Ensure detailed records of alarm handling activities, including actions taken, resolutions in ticketing tools and file incident reports.
">
• Be available to coordinate as an incident commander in event of an issue.
">
• Support program managers and facilitate project deliverables, improve overall operational and engineering initiatives.
">
• Conduct root cause analysis (RCA) to determine recurring problems to their source.
">
• Employ in-depth questioning and analysis techniques such as five whys to determine the underlying cause of the incident or problem.
">
• Handle ticketing system
">
• Perform duties in compliance with SOP.
">

Requirements:

">
• Diploma/Degree in Information Technology.
">
• 2 years+ experience in command center, service center, or similar 24x7 operations center environment
">
• Ability to quickly triage multiple incidents and assign the right priority based on risk and confidence levels
">
• Knowledge of technical elements associated with systems such as IP Networks, DC Environment and Server Health.
">
• Outstanding verbal and written communication skills required, work with minimal direction, meeting goals, attention to details and an eye for continuous improvements
">
• Ability to successfully interact at all levels of the organization, including with clients, while functioning as a team player required.
">
• Basic working knowledge of data protection policies such as GDPR and the need to keep sensitive information secure.
">

Tell Employers What Skills You Have:

You may be interested in:

">
• Switches
">
• Troubleshooting
">
• Incident Response
">
• Hardware
">
• Ticketing
">
• Data Center
">
• Root Cause Analysis
">
• Information Technology
">
• Access Control
">
• CCTV
">
• IP
">
• Networking
">
• Attention to Details
">
• Network Servers
">
• Routers
">
• Cabling
">
• Security Incident Response
">

Built a Strong Foundation:

We offer the opportunity to build a strong foundation in IT and operations, with a focus on developing your skills in incident response, data centre operations, and technical troubleshooting.

Key Skills:

">
• System administration
">
• Troubleshooting
">
• Incident response
">
• Data centre operations
">
• Technical writing
">

About Us:

We are a forward-thinking organisation that values innovation and collaboration. We believe in creating a positive work environment where our employees can grow and thrive.

Contact Us:

To learn more about this exciting opportunity, please contact us.

About the Role

We are seeking an experienced Cybersecurity Incident Response (IR) Consultant with a proven track record of leading complex incident investigations and managing cyber threats in enterprise environments. The ideal candidate will have at least 7 years of experience in incident detection, containment, eradication, and post-incident reporting, with a deep understanding of threat intelligence, malware analysis, and digital forensics.

This role will be key in helping clients strengthen their cyber resilience, minimize risk exposure, and respond effectively to advanced cyber threats.

Key Responsibilities

• Incident Handling & Response: Lead the full incident response lifecycle - detection, triage, containment, eradication, recovery, and lessons learned.
• Threat Hunting: Conduct proactive threat hunting and identify potential indicators of compromise (IOCs).
• Forensics & Analysis: Perform root cause analysis, malware reverse engineering (where required), and log correlation to determine attack vectors.
• Playbook Development: Design, implement, and enhance IR playbooks, workflows, and standard operating procedures.
• Advisory & Consulting: Act as a trusted advisor to clients, providing recommendations to improve security posture and reduce dwell time.
• Collaboration: Work closely with SOC analysts, threat intelligence teams, and IT stakeholders to coordinate effective response actions.
• Reporting & Communication: Prepare detailed incident reports and deliver executive-level presentations for stakeholders and regulators.
• Continuous Improvement: Stay up to date with emerging threats, TTPs (Tactics, Techniques, Procedures), and security technologies.

Key Requirements

• Experience: Minimum 7 years of experience in Cybersecurity with a focus on Incident Response, Digital Forensics, or SOC operations.
• Technical Skills:
  • Strong knowledge of SIEM tools (e.g., Splunk, QRadar, Sentinel) and EDR solutions (e.g., CrowdStrike, Carbon Black).
  • Hands-on experience with incident response tools (Volatility, Mandiant Redline, Wireshark, etc.).
  • Understanding of MITRE ATT&CK framework, threat intelligence feeds, and adversary simulation.
  • Proficiency in analyzing logs, network traffic, and system artifacts.
• Certifications: CISSP, GCIH, GCFA, GCIA, or equivalent industry certifications preferred.
• Soft Skills: Excellent communication, documentation, and stakeholder management skills. Ability to remain calm under pressure.
• Location: Must be based in Singapore and willing to support on-call/after-hours incident escalations if needed.

Cybersecurity Incident Response Job Description

We are seeking a skilled Cybersecurity Incident Response Engineer to join our team. As a key member of the cybersecurity team, you will be responsible for leading incident response efforts and contributing to the development and maintenance of incident response plans.

• Lead incident response efforts with the team, contribute to the development and maintenance of incident response plans, and coordinate effectively with relevant stakeholders.
• Evaluate current cybersecurity incident response processes to identify opportunities for AI integration and automation.
• Assess, investigate, and manage security incidents throughout their lifecycle, determining root cause and impact.
• Conduct comprehensive analysis of security logs and data to identify and correlate malicious activity.
• Conduct thorough Proof of Concept (PoC) and Proof of Value (PoV) assessments of prospective security tools to determine their efficacy and suitability.
• Apply project management principles to plan, execute, and monitor the implementation of security tools and strategic initiatives.
• Articulate complex technical information clearly and concisely to both technical and non-technical audiences.
• Collaborate effectively with diverse teams to facilitate incident resolution and the implementation of security solutions.
• Conduct post-incident reviews to identify lessons learned and recommend enhancements to prevent future occurrences.
• Utilize security tools such as EDR and SIEM for in-depth investigations and analysis.
• Respond to security incidents on a 24x7 basis during escalations and participate in a rotational on-call schedule.

Requirements

• Bachelor's degree in Computer Science, Information Security, or a related discipline, or equivalent professional experience.
• 8 years of demonstrable experience in cybersecurity incident response.
• Comprehensive understanding of network protocols, operating systems, and fundamental security principles.
• Proven ability to analyze security logs and network traffic effectively.
• Exceptional problem-solving, analytical, and communication skills (both written and verbal).
• Experience in conducting Proof of Concept (PoC) or Proof of Value (PoV) evaluations of security technologies.
• Demonstrated knowledge and application of project management principles.
• Familiarity with security tools and technologies, including CrowdStrike EDR and Splunk.
• Relevant professional certifications, such as CISSP, GCIH, or CEH, are highly desirable.

We are seeking an experienced cybersecurity professional with a proven track record of leading complex incident investigations and managing cyber threats in enterprise environments. The ideal candidate will have at least 7 years of experience in incident detection, containment, eradication, and post-incident reporting, with a deep understanding of threat intelligence, malware analysis, and digital forensics.

• Incident Handling & Response: Lead the full incident response lifecycle - detection, triage, containment, eradication, recovery, and lessons learned.
• Threat Hunting: Conduct proactive threat hunting and identify potential indicators of compromise (IOCs).
• Forensics & Analysis: Perform root cause analysis, malware reverse engineering (where required), and log correlation to determine attack vectors.
• Playbook Development: Design, implement, and enhance IR playbooks, workflows, and standard operating procedures.
• Advisory & Consulting: Act as a trusted advisor to clients, providing recommendations to improve security posture and reduce dwell time.
• Collaboration: Work closely with SOC analysts, threat intelligence teams, and IT stakeholders to coordinate effective response actions.
• Reporting & Communication: Prepare detailed incident reports and deliver executive-level presentations for stakeholders and regulators.

• Experience: Minimum 7 years of experience in Cybersecurity with a focus on Incident Response, Digital Forensics, or SOC operations.
• Technical Skills:
  • Strong knowledge of SIEM tools (e.g., Splunk, QRadar, Sentinel) and EDR solutions (e.g., CrowdStrike, Carbon Black).
  • Hands-on experience with incident response tools (Volatility, Mandiant Redline, Wireshark, etc.).
  • Understanding of MITRE ATT&CK framework, threat intelligence feeds, and adversary simulation.
  • Proficiency in analyzing logs, network traffic, and system artifacts.
• Certifications: CISSP, GCIH, GCFA, GCIA, or equivalent industry certifications preferred.
• Soft Skills: Excellent communication, documentation, and stakeholder management skills. Ability to remain calm under pressure.
• Location: Must be based in Singapore and willing to support on-call/after-hours incident escalations if needed.

Responsibilities:

• Deliver data centre operations support across multiple data centres

• Respond to all alarms/alerts set in Data Center Infrastructure Management (DCIM), Server Automation Operations System (SAOS), CCTV, Access Control Systems (ACS), and other functions (EHS, Security, etc),

• Provide deep understanding and intelligence of the criticality and impact of the incidents to the resolver groups.

• Ensure detailed records of alarm handling activities, including actions taken, resolutions in ticketing tools and file incident reports.

• Be available to coordinate as an incident commander in event of an issue.

• Support program managers and facilitate project deliverables, improve overall operational and engineering initiatives.

• Conduct root cause analysis (RCA) to determine recurring problems to their source.

• Employ in-depth questioning and analysis techniques such as five whys to determine the underlying cause of the incident or problem.

• Handle ticketing system

• Perform duties in compliance with SOP.

Requirements:

• Diploma/Degree in Information Technology.

• 2 years+ experience in command center, service center, or similar 24x7 operations center environment

• Ability to quickly triage multiple incidents and assign the right priority based on risk and confidence levels

• Knowledge of technical elements associated with systems such as IP Networks, DC Environment and Server Health.

• Outstanding verbal and written communication skills required, work with minimal direction, meeting goals, attention to details and an eye for continuous improvements

• Ability to successfully interact at all levels of the organization, including with clients, while functioning as a team player required.

• Basic working knowledge of data protection policies such as GDPR and the need to keep sensitive information secure.