Asst Manager-CyberSec Incident Response

Role Mission: Cybersecurity Incident Response SME proactively monitor detect and respond to cybersecurity incidents identified through the Security Operations Center (SOC) platform. The role involves ownership of the entire Cybersecurity incident lifecycle from Monitoring detection and triage to in-depth investigation containment and closure ensuring the security and resilience of StarHub IT assets.

Accountabilities:

1. End-to-end management of cybersecurity incidents ensuring timely detection triage investigation and resolution.

2. Achieving and maintaining target MTTD (Mean Time to Detect) and MTTR (Mean Time to Respond) benchmarks.

3. Effective administration and optimization of the Elastic SIEM platform including rule creation tuning and integrations.

4. Development of accurate and relevant detection use cases aligned with evolving threat patterns and organizational needs.

5. Ensuring timely escalation and coordination with internal and external stakeholders during major incidents.

6. Providing transparent and comprehensive incident reporting to leadership and relevant teams.

7. Drive operational excellence through monitoring alerting timely investigation and continuous fine tuning the alerts

8. Partner with Data Engineering Architecture Security Infrastructure & Tooling teams to ensure aligned technical cyber security discussions

Responsibilities:

1. Monitor triage and investigate alerts from multiple log sources (network endpoint cloud and application).

2. Create refine and manage SIEM detection rules to capture the latest attack patterns.

3. Conduct log analysis and event correlation to identify potential intrusions or malicious behavior.

4. Drive use case ideation and validation to improve threat detection coverage and accuracy.

5. Manage and maintain Elastic Stack components (Elasticsearch Logstash Kibana Beats) for operational efficiency.

6. Lead integration efforts with tools such as EDR firewalls cloud platforms and ticketing systems.

7. Collaborate with IT Network and Cloud teams for incident follow-up containment and recovery.

8. Present incident findings root cause analyses and remediation plans to key stakeholders (internal leadership and external partners).

9. Document and enhance incident response playbooks and standard operating procedures (SOPs).

10. Conduct post-incident reviews and implement lessons learned to strengthen the organizations security posture.

Areas of Impact:

1. Scope: Enterprise-wide responsibility for cybersecurity incident detection response and SIEM management (Elastic platform)..

2. Decision Rights: Authority to prioritize incidents modify detection rules integrate log sources and advise on response strategies.

3. Stakeholders: ISO Team CSIRT Team IT Infra Cloud Risk & Compliance teams plus external vendors and regulators.

4. Resources: MSSP Team IR teams IT teams Elastic Platform EDRNDR threat intel feeds and key security solutions

Requirements

1. 58 years of experience in Security Operations Center (SOC) Incident Response or Detection Engineering roles.

2. Proven success in SIEM administration particularly Elastic Stack (ELK) environments.

3. Hands-on expertise in incident triage log analysis and detection rule engineering.

4. Demonstrated ability to design and operationalize MITRE ATT&CK-aligned use cases.

5. Experience in cross-department collaboration and incident coordination with IT and business teams.

6. Strong presentation and communication experience in stakeholder-level incident discussions.

7. Relevant certifications such as CISSPGCIH GCIA CEH or Elastic Certified Engineer preferred.