105 Soc Analyst jobs in Singapore

Roles and Responsibilities:

• Monitor network traffic, system logs, and security alerts to identify potential security incidents and unauthorized activities in a timely manner.

• esign, deploy, and manage threat detection rules and preventive security controls to safeguard critical systems and data in response to the latest threat landscape.

• P rform in-depth analysis of security events to determine the nature and scope of potential security incidents and recommend risk mitigation strategies. When necessary, carry out digital forensic for reporting and auditing purposes.

• C ntribute in threat hunting exercises or cyber projects to improve overall security posture. 

Qualifications & Experience:

• Tec nical know-how and experience in solutions such as but not limited to:

• N twork Security (F/W, IPS, VPN, NAC) - Fortigate, Palo Alto

• W b Security (WAF, Web isolation) - Cloudflare, Zscaler, Microsoft

• E dpoint Security (EDR, AV, DLP) - Crowdstrike, Microsoft

• T reat Monitoring - Qradar, GoogleSec Ops, Resilient, Claroty

• V lnerability Management – Tenable, Ivanti, Microsoft

• Clo d Security – Microsoft, Palo Alto

• Ide tity Management - Microsoft, CyberArk

• T reat Hunting and Simulation – Cymulate, Crowdstrike

• 3 y ars of relevant experience in SOC environment

We are looking for a Level 1 SOC Analyst to monitor and respond to security alerts. You will be the first point of contact for identifying potential security incidents and escalating them as needed. This is a great role for someone starting their career in cybersecurity.

• Monitor security alerts using tools like SIEM, firewalls, antivirus, etc.
• Do the first level of analysis and triage of alerts.
• Create and update incident tickets.
• Escalate critical alerts to senior analysts.
• Follow standard procedures (runbooks).
• Document all actions taken.

• Basic knowledge of cybersecurity and networking.
• Familiar with tools like SIEM or firewalls (training will be provided).
• Good communication and documentation skills.
• Willing to work in rotational shifts (24x7).
• Degree in IT/Cybersecurity or related field (or relevant certification like Security+).

• Knowledge of Windows/Linux systems.
• Basic scripting (Python, PowerShell)
• Any prior internship or hands-on lab work in cybersecurity.

EA License # 14C6941

Position: Junior SOC Analyst / Engineer

Experience: 3-5 years

Number of Positions: 2

Salary Range: 5k-7k

• Experience in cyber security as an analyst or incident responder (in a SOC/CSIRT setup, preferably)
• In-depth knowledge of current threat landscape, offensive tooling, and OWASP and MITRE ATT&CK techniques
• Technical writing skills to present complex topics to non-technical audiences
• Excellent oral and written communication skills (English)
• Malware and exploit analysis (or reverse engineering)
• Developing hypothesis-driven threat hunts
• Analyzing various events, including but not limited to web traffic, underlying network protocols, malware, lateral movement TTPs (techniques, tactics, and procedures), or Microsoft and Linux security events
• Logfile correlation and analysis, and/or system and memory analysis
• Major incident response or breach investigation management
• Chain of custody and forensic acquisitions is a bonus
• Experience with Amazon AWS is desirable

• Analyst would be part of 24x7 Cyber Security Operations function to perform security monitoring and incident response, data loss prevention, vulnerability management, threat intelligence and threat hunting.
• Perform monitoring, research, assessment and analysis on alerts from SIEM tools.
• Follow pre-defined actions to investigate possible security incidents or perform incident response actions, including escalating to other support groups.
• Maintains standard operating procedures (SOP), processes and guidelines.
• Ensure proper functioning of systems in the Security Operations Centre.
• Send out emails to L2 and other groups and follow up accordingly.

Requirements

- Strong analytical and problem-solving skills, with the ability to quickly identify and resolve security issues.

- Proven ability to work in a fast-paced environment, prioritize tasks, and meet deadlines.

- Ability to work in a team and each individual’s contribution is crucial to the team’s objectives.

- This is a 24/7 operational work. Able to commit to 12-hour shifts, weekends and public holidays.

- Excellent communication and interpersonal skills, with the ability to effectively collaborate with cross-functional teams and convey complex security concepts to non-technical stakeholders.

- Proven ability to work in a fast-paced environment, prioritize tasks, and meet deadlines.

We are seeking an L2 SOC Analyst Lead with active threat hunting, incident response, and team leadership experience to manage a 5-8 member SOC team serving government and critical infrastructure sectors.

Operating in 24/7 shifts, you will perform advanced triage, conduct forensic investigations, front client engagements, and maintain active cyber community involvement for real-time threat intelligence.

This role requires SC clearance and deep expertise in GovTech IM8/CSA requirements.

Threat Operations Leadership:

1. Lead daily shift operations with accountability for incident SLA adherence (MTTR <15 mins for P1 cases).
2. Mentor L1 analysts in alert validation, triage techniques, and playbook execution.
3. Conduct purple team exercises quarterly to validate detection capabilities.

Advanced Security Operations:

1. Perform deep-dive investigations (memory/disk forensics, malware analysis) using tools:
2. EDR (CrowdStrike/SentinelOne)
3. SIEM (Splunk ES/QRadar with SOAR integration)
4. Network analysis (Wireshark, Corelight)
5. Lead proactive threat hunts using MITRE ATT&CK frameworks and threat intelligence.
6. Develop custom detection rules (YARA, Sigma) for APT groups targeting SEA.

Client & Governance:

1. Front incident response briefings for customers & stakeholders.
2. Present monthly SOC reports to clients (threat trends, gap analysis, KPIs).
3. Ensure compliance with IM8, NIST 800-53, and CSA Cybersecurity Act.

Threat Intelligence Integration

Maintain participation in:

1. ASEAN CERT communities
2. Threat intel platforms (MISP, ThreatConnect)
3. Industry groups (ISC2 Singapore, ACSC Partnership Program)
4. Disseminate actionable IOCs to team during shifts.

Technical Competencies

Must-Have Tools Expertise:

1. Incident Response - Velociraptor, Autopsy, SIFT Workstation
2. Threat Hunting - Atomic Red Team, Kestrel analytics, ELK stack
3. Forensics - Volatility, Rekall, FTK Imager
4. CTI Management - MISP taxonomies, STIX/TAXII feeds, OpenCTI

Certifications:

1. Required: CISSP, GCIH/GCFA, SC Security Clearance

Leadership & Experience:

1. 5+ years in SOC roles with 2+ years leading teams in 24/7 environments.
2. Proven track record.
3. Managed ≥200 critical incidents annually
4. Reduced false positives by ≥40% through detection engineering
5. Led threat hunts uncovering ≥3 advanced persistent threats
6. Government project experience (IM8, CSA Cyber Essentials, or equivalent).

Shift & Engagement Requirements

1. Willingness for 12-hour rotational shifts (including nights/weekends).
2. Monthly presentation of SOC reports to client CISOs.
3. Quarterly threat briefings at events (e.g., GovWare, Cyber Security ASEAN).

We are seeking an L2 SOC Analyst Lead with active threat hunting, incident response, and team leadership experience to manage a 5-8 member SOC team serving government and critical infrastructure sectors.

Operating in 24/7 shifts, you will perform advanced triage, conduct forensic investigations, front client engagements, and maintain active cyber community involvement for real-time threat intelligence.

This role requires SC clearance and deep expertise in GovTech IM8/CSA requirements.

Threat Operations Leadership:

1. Lead daily shift operations with accountability for incident SLA adherence (MTTR <15 mins for P1 cases).
2. Mentor L1 analysts in alert validation, triage techniques, and playbook execution.
3. Conduct purple team exercises quarterly to validate detection capabilities.

Advanced Security Operations:

1. Perform deep-dive investigations (memory/disk forensics, malware analysis) using tools:
2. EDR (CrowdStrike/SentinelOne)
3. SIEM (Splunk ES/QRadar with SOAR integration)
4. Network analysis (Wireshark, Corelight)
5. Lead proactive threat hunts using MITRE ATT&CK frameworks and threat intelligence.
6. Develop custom detection rules (YARA, Sigma) for APT groups targeting SEA.

Client & Governance:

1. Front incident response briefings for customers & stakeholders.
2. Present monthly SOC reports to clients (threat trends, gap analysis, KPIs).
3. Ensure compliance with IM8, NIST 800-53, and CSA Cybersecurity Act.

Threat Intelligence Integration

Maintain participation in:

1. ASEAN CERT communities
2. Threat intel platforms (MISP, ThreatConnect)
3. Industry groups (ISC2 Singapore, ACSC Partnership Program)
4. Disseminate actionable IOCs to team during shifts.

Technical Competencies

Must-Have Tools Expertise:

1. Incident Response - Velociraptor, Autopsy, SIFT Workstation
2. Threat Hunting - Atomic Red Team, Kestrel analytics, ELK stack
3. Forensics - Volatility, Rekall, FTK Imager
4. CTI Management - MISP taxonomies, STIX/TAXII feeds, OpenCTI

Certifications:

1. Required: CISSP, GCIH/GCFA, SC Security Clearance

Leadership & Experience:

1. 5+ years in SOC roles with 2+ years leading teams in 24/7 environments.
2. Proven track record.
3. Managed ≥200 critical incidents annually
4. Reduced false positives by ≥40% through detection engineering
5. Led threat hunts uncovering ≥3 advanced persistent threats
6. Government project experience (IM8, CSA Cyber Essentials, or equivalent).

Shift & Engagement Requirements

1. Willingness for 12-hour rotational shifts (including nights/weekends).
2. Monthly presentation of SOC reports to client CISOs.
3. Quarterly threat briefings at events (e.g., GovWare, Cyber Security ASEAN).

Job Overview

We are seeking for a vigilant L1 Security Operations Center (SOC) Analyst to join our 24/7 cybersecurity team.

Operating on 12-hour rotational shifts, you will perform real-time monitoring, threat detection, and initial incident response using SIEM/XDR platforms.

The role requires foundational knowledge of network security, log analysis, and attack vectors to defend against threats while escalating complex incidents to senior analysts.

This position is critical for maintaining our security posture across global digital assets.

Duties and Responsibilities

Continuous Monitoring & Detection:

1. Monitor SIEM/XDR tools (e.g., Splunk, Sentinel, QRadar) for security alerts across networks, endpoints, and cloud environments.
2. Analyze logs from firewalls, IDS/IPS, EDR, and other security tools to identify malicious activity.

Incident Triage & Response:

1. Perform initial investigation and classification of security events (malware, phishing, DDoS).
2. Execute predefined playbooks for containment (e.g., isolate hosts, block IPs).
3. Escalate confirmed incidents to L2/L3 analysts with detailed documentation.

Threat Intelligence Utilization:

1. Apply threat intelligence feeds (e.g., MITRE ATT&CK) to contextualize alerts.
2. Monitor dark web/IoC sources for emerging threats relevant to the organization.

Reporting & Documentation:

1. Document incidents in ticketing systems (e.g., Jira, ServiceNow) with timelines, actions taken, and evidence.
2. Generate daily shift reports highlighting threat trends, false positives, and system health.

Tool Maintenance & Optimization:

1. Tune SIEM rules to reduce false positives and improve detection accuracy.
2. Validate security tool configurations (e.g., firewall policies, EDR rules).

Requirements

Education:

• Diploma/Bachelor’s in Cybersecurity, IT, Computer Science, or related field.

Experience & Skills:

• More than one year in security monitoring or more than 2 years in IT support/networking with security exposure.

Hands-on experience with:

1. SIEM/XDR platforms (Splunk, Azure Sentinel, etc.)
2. Security tools (EDR, firewalls, IDS/IPS, email security)
3. OS security (Windows/Linux log analysis)

Understanding of:

1. Networking (TCP/IP, DNS, VPN, HTTP/S)
2. Common attack vectors (phishing, malware, brute force)
3. Cloud security fundamentals (AWS/Azure/GCP)

Technical Certifications (Preferred):

1. CompTIA Security+, CySA+, CEH, or equivalent entry-level security certs
2. Vendor certifications (e.g., Splunk Core User, Microsoft SC-200)

Shift Requirements:

1. Willingness to work 12-hour rotational shifts (day/night), including weekends/public holidays.
2. Ability to maintain focus during high-pressure overnight shifts.

Soft Skills:

1. Strong analytical thinking and attention to detail.
2. Effective communication for cross-team escalation.
3. Adaptability in fast-paced threat environments.
4. Basic knowledge of ITIL/incident management processes.

Job Overview

We are seeking for a vigilant L1 Security Operations Center (SOC) Analyst to join our 24/7 cybersecurity team.

Operating on 12-hour rotational shifts, you will perform real-time monitoring, threat detection, and initial incident response using SIEM/XDR platforms.

The role requires foundational knowledge of network security, log analysis, and attack vectors to defend against threats while escalating complex incidents to senior analysts.

This position is critical for maintaining our security posture across global digital assets.

Duties and Responsibilities

Continuous Monitoring & Detection:

1. Monitor SIEM/XDR tools (e.g., Splunk, Sentinel, QRadar) for security alerts across networks, endpoints, and cloud environments.
2. Analyze logs from firewalls, IDS/IPS, EDR, and other security tools to identify malicious activity.

Incident Triage & Response:

1. Perform initial investigation and classification of security events (malware, phishing, DDoS).
2. Execute predefined playbooks for containment (e.g., isolate hosts, block IPs).
3. Escalate confirmed incidents to L2/L3 analysts with detailed documentation.

Threat Intelligence Utilization:

1. Apply threat intelligence feeds (e.g., MITRE ATT&CK) to contextualize alerts.
2. Monitor dark web/IoC sources for emerging threats relevant to the organization.

Reporting & Documentation:

1. Document incidents in ticketing systems (e.g., Jira, ServiceNow) with timelines, actions taken, and evidence.
2. Generate daily shift reports highlighting threat trends, false positives, and system health.

Tool Maintenance & Optimization:

1. Tune SIEM rules to reduce false positives and improve detection accuracy.
2. Validate security tool configurations (e.g., firewall policies, EDR rules).

Requirements

Education:

• Diploma/Bachelor’s in Cybersecurity, IT, Computer Science, or related field.

Experience & Skills:

• More than one year in security monitoring or more than 2 years in IT support/networking with security exposure.

Hands-on experience with:

1. SIEM/XDR platforms (Splunk, Azure Sentinel, etc.)
2. Security tools (EDR, firewalls, IDS/IPS, email security)
3. OS security (Windows/Linux log analysis)

Understanding of:

1. Networking (TCP/IP, DNS, VPN, HTTP/S)
2. Common attack vectors (phishing, malware, brute force)
3. Cloud security fundamentals (AWS/Azure/GCP)

Technical Certifications (Preferred):

1. CompTIA Security+, CySA+, CEH, or equivalent entry-level security certs
2. Vendor certifications (e.g., Splunk Core User, Microsoft SC-200)

Shift Requirements:

1. Willingness to work 12-hour rotational shifts (day/night), including weekends/public holidays.
2. Ability to maintain focus during high-pressure overnight shifts.

Soft Skills:

1. Strong analytical thinking and attention to detail.
2. Effective communication for cross-team escalation.
3. Adaptability in fast-paced threat environments.
4. Basic knowledge of ITIL/incident management processes.

Job Overview

We are seeking for a vigilant L1 Security Operations Center (SOC) Analyst to join our 24/7 cybersecurity team.

Operating on 12-hour rotational shifts, you will perform real-time monitoring, threat detection, and initial incident response using SIEM/XDR platforms.

The role requires foundational knowledge of network security, log analysis, and attack vectors to defend against threats while escalating complex incidents to senior analysts.

This position is critical for maintaining our security posture across global digital assets.

Duties and Responsibilities

Continuous Monitoring & Detection:

1. Monitor SIEM/XDR tools (e.g., Splunk, Sentinel, QRadar) for security alerts across networks, endpoints, and cloud environments.
2. Analyze logs from firewalls, IDS/IPS, EDR, and other security tools to identify malicious activity.

Incident Triage & Response:

1. Perform initial investigation and classification of security events (malware, phishing, DDoS).
2. Execute predefined playbooks for containment (e.g., isolate hosts, block IPs).
3. Escalate confirmed incidents to L2/L3 analysts with detailed documentation.

Threat Intelligence Utilization:

1. Apply threat intelligence feeds (e.g., MITRE ATT&CK) to contextualize alerts.
2. Monitor dark web/IoC sources for emerging threats relevant to the organization.

Reporting & Documentation:

1. Document incidents in ticketing systems (e.g., Jira, ServiceNow) with timelines, actions taken, and evidence.
2. Generate daily shift reports highlighting threat trends, false positives, and system health.

Tool Maintenance & Optimization:

1. Tune SIEM rules to reduce false positives and improve detection accuracy.
2. Validate security tool configurations (e.g., firewall policies, EDR rules).

Requirements

Education:

• Diploma/Bachelor’s in Cybersecurity, IT, Computer Science, or related field.

Experience & Skills:

• More than one year in security monitoring or more than 2 years in IT support/networking with security exposure.

Hands-on experience with:

1. SIEM/XDR platforms (Splunk, Azure Sentinel, etc.)
2. Security tools (EDR, firewalls, IDS/IPS, email security)
3. OS security (Windows/Linux log analysis)

Understanding of:

1. Networking (TCP/IP, DNS, VPN, HTTP/S)
2. Common attack vectors (phishing, malware, brute force)
3. Cloud security fundamentals (AWS/Azure/GCP)

Technical Certifications (Preferred):

1. CompTIA Security+, CySA+, CEH, or equivalent entry-level security certs
2. Vendor certifications (e.g., Splunk Core User, Microsoft SC-200)

Shift Requirements:

1. Willingness to work 12-hour rotational shifts (day/night), including weekends/public holidays.
2. Ability to maintain focus during high-pressure overnight shifts.

Soft Skills:

1. Strong analytical thinking and attention to detail.
2. Effective communication for cross-team escalation.
3. Adaptability in fast-paced threat environments.
4. Basic knowledge of ITIL/incident management processes.