Title:  SOC Analyst

Job Summary

The Cyber Security Analyst serves as the first line of analytical defense in a Managed Security Services Provider (MSSP) environment.
This role focuses on continuous monitoring, structured investigation, and high-quality documentation of security alerts and incidents.

The Cyber Security Analyst is expected to think analytically, form clear assessments, and provide meaningful context during escalation not merely route alerts. The role requires prior SOC or security operations experience and a strong ability to articulate findings clearly in written form.

Key Responsibilities

1. Security Monitoring & Detection

• Perform continuous monitoring of logs, alerts, link utilization, and system availability across multiple SIEM platforms and security tools.
• Identify potential security incidents using predefined detection logic, correlation rules, and threat indicators.
• Validate alerts for relevance and accuracy before proceeding with investigation.

2. Incident Analysis & Triage

• Conduct structured triage and investigation of security alerts to determine:
• Nature of the activity
• Potential impact
• Urgency and escalation requirement
• Perform contextual checks (e.g. asset relevance, timing, recurrence, known behaviour patterns).
• Clearly differentiate between false positives, informational events, and actionable incidents.

3. Documentation & Assessment (Core Expectation)

• Produce clear, structured, and defensible incident assessments within incident tickets.
• Documentation must explain:
• What happened
• What was observed
• What checks were performed
• Why escalation is or is not required
• Avoid generic or copy-pasted content; each assessment must reflect the current investigation and context.
• Maintain accurate timelines, evidence references, and analyst reasoning to support downstream analysis.

4. Escalation & Communication

• Escalate incidents to Senior Cyber Security Analyst with sufficient technical and analytical context, enabling efficient handover.
• Use standard escalation templates as a base, but customise content based on findings, rather than reusing past emails.
• Handle customer calls and incident notifications professionally, calmly, and accurately.

5. Collaboration & Continuous Improvement

• Work closely with Senior Cyber Security Analyst, SOC Leads, and SOC Managers to support effective incident handling.
• Provide feedback on alert quality, false positives, and investigation gaps to support detection improvement.
• Participate in reviews and discussions to improve analyst workflows and investigation quality.

Role Boundaries (Important)

• Cyber security analysts are responsible for escalating, and assisting to facilitate of remediation or system configuration changes.
• All actions must follow defined SOC playbooks, escalation paths, and approval processes.

Requirements

Mandatory

• Prior experience in a SOC, MSSP, or security operations environment (minimum 1–2 years preferred).
• Strong ability to document investigations clearly and logically.
• Demonstrated analytical thinking — able to explain why something matters, not just what triggered.
• Familiarity with security technologies such as SIEMs, IDS/IPS, firewalls, endpoint protection, and antivirus tools.
• Comfortable handling multiple alerts and tasks in a fast-paced 24/7 SOC environment.
• Willingness to work rotating shifts.

Preferred

• Experience working across multiple customer environments or SIEM platforms.
• Exposure to MSSP-style operations, ticketing systems, and customer communications.
• Ability to challenge unclear alerts and seek clarification instead of blindly escalating.

Personal Attributes

• Detail-oriented and disciplined in documentation.
• Calm and methodical under pressure.
• Collaborative and open to feedback.
• Curious mindset with a commitment to continuous learning.

Location

• Ang Mo Kio
• 24/7 rotating shift environment