Lead, Incident Response (Platform)

Job Description

(This role is based in Malaysia, Petaling Jaya)
Cybersecurity Incident Response SMEproactively monitor, detect, and respond to cybersecurity incidents identified through the Security Operations Center (SOC) platform. The role involves ownership of the entire Cybersecurity incident lifecycle from Monitoring, detection and triage to in-depth investigation, containment, and closure ensuring the security and resilience of StarHub IT assets

Job Responsibilities

1. Monitor, triage, and investigate alerts from multiple log sources (network, endpoint, cloud, and application).
2. Create, refine, and manageSIEM detection rulesto capture the latest attack patterns.
3. Conductlog analysis and event correlationto identify potential intrusions or malicious behavior.
4. Driveuse case ideationand validation to improve threat detection coverage and accuracy.
5. Manage and maintainElastic Stack components(Elasticsearch, Logstash, Kibana, Beats) for operational efficiency.
6. Leadintegration effortswith tools such as EDR, firewalls, cloud platforms, and ticketing systems.
7. Collaborate with IT, Network, and Cloud teams for incident follow-up, containment, and recovery.
8. Present incident findings, root cause analyses, and remediation plans tokey stakeholders(internal leadership and external partners).
9. Document and enhance incident responseplaybooks and standard operating procedures (SOPs).
10. Conductpost-incident reviewsand implement lessons learned to strengthen the organizations security posture.

Accountablities

1. End-to-endmanagement of cybersecurity incidents, ensuring timely detection, triage, investigation, and resolution.
2. Achieving and maintainingtarget MTTD (Mean Time to Detect)andMTTR (Mean Time to Respond)benchmarks.
3. Effectiveadministration and optimization of the Elastic SIEM platform, including rule creation, tuning, and integrations.
4. Development ofaccurate and relevant detection use casesaligned with evolving threat patterns and organizational needs.
5. Ensuringtimely escalation and coordinationwith internal and external stakeholders during major incidents.
6. Providingtransparent and comprehensive incident reportingto leadership and relevant teams.
7. Drive operational excellence through monitoring, alerting, timely investigation and continuous fine tuning the alerts
8. Partner with Data Engineering, Architecture, Security, Infrastructure & Tooling teams to ensure aligned technical cyber security discussions

Qualifications

1. 58 yearsof experience inSecurity Operations Center (SOC),Incident Response, orDetection Engineeringroles.
2. Proven success inSIEM administration, particularlyElastic Stack (ELK)environments.
3. Hands-on expertise inincident triage, log analysis, and detection rule engineering.
4. Demonstrated ability to design and operationalizeMITRE ATT&CK-aligned use cases.
5. Experience incross-department collaborationandincident coordinationwith IT and business teams.
6. Strong presentation and communication experience instakeholder-level incident discussions.
7. Relevant certifications such asCISSP,GCIH, GCIA, CEH, or Elastic Certified Engineerpreferred.