POSITION SUMMARY

• Lead the Security Operations Center (SOC) in monitoring, handling and responding to incident alerts.
• Lead incident response activities for cybersecurity threats including malware, data breaches, insider threats, and advanced persistent threats.
• Develop and implement automated workflows to enhance the efficiency of Cyber incident response processes.
• Monitor, analyze, and respond to escalated security incidents and coordinate efforts with the SOC .
• Ensure incident documentation and reporting are comprehensive and timely, for both operational review and compliance purposes.
• Design and maintain incident response plans and playbooks in alignment with NIST and other relevant frameworks.
• Conduct proactive threat hunting to identify unknown and emerging threats within the enterprise environment.
• Perform forensic analysis and post-incident investigations to determine root causes and recommend remediations.
• Develop, tune and maintain SIEM / SOAR use cases, detection rules and logic; onboard new and analyse log sources.
• Continuously improve detection rules for alerting cyber threats and malicious activities across the corporate environment.
• Analyze logs from firewalls, endpoints, networks, cloud, and other systems to identify threats.
• Collaborate with IS&T, Legal, and Compliance teams to ensure cohesive incident response and reporting.
• Recommend and implement security controls and preventive measures based on incident learnings.
• Provide leadership and mentorship to junior analysts and coordinate with external partners.
• Coordinate the security incident management process accross IS&T teams and business units.
• Build and maintain sustainable relationships with IS&T teams to ensure effective implementation and understanding of security controls.
• Assist in leading the team to achieve defined goals and deliverables.
• Assist in building and promoting the Information Security Awareness Programme.
• Drive continuous improvements on information security controls and practices.
• Lead and coordinate internal and external security reviews activities (e.g. Audit, Penetration Test) and follow up on identified deficiencies and ensure remediation steps have been taken.

• Bachelor's degree in computer science, computer engineering, systems analysis, or a related study, or equivalent experience
• 4+ years’ experience in cybersecurity, with at least 2 years focused on incident response and threat hunting and or in Security Operations Center management.
• Knowledge of threat intelligence, malware analysis, network and cloud security, MITRE ATT&CK, and cyber kill chain methodologies.
• Hands-on proficiency with forensic tools, endpoint detection & response (EDR), intrusion detection/prevention systems (IDS/IPS), and vulnerability management solutions.
• Familiarity with cloud security (AWS, Azure, GCP), container security, WAFs, and proxies, is an advantage.
• Demonstrated experience in managing response and remediation for high-impact incidents, ideally in a multi-location and/or hybrid cloud environment, would be an advantage.
• Excellent written and verbal communication skills, with strong incident reporting capabilities in English and Chinese. Cantonese and/or Mandarin proficiency is an advantage.
• Strong scripting and automation capabilities (Python, PowerShell, Bash) is an advantage.
• Good leadership skills, and strong planning and organizational skills.
• Strong interpersonal skills, including teamwork, facilitation and negotiation.
• Strong analytical and technical skills, and ability to translate business needs into technical requirements.
• Good ability to tactfully and positively manage and maintain business relationships.
• Advanced experience and skills on administration of SIEM in terms of log collection, detection rules optimization, threat hunting, incident case reporting and dashboards creation. Including developing detection use cases and managing escalated incidents.
• CISSP or CISM or GCIH or CEH is required; CRISC or CISA certifications is a plus.
• Ability to work under pressure and react quickly to critical cybersecurity incidents.
• Commitment to continuous learning in threat detection, offensive/defensive tactics, and evolving incident response methodologies.
• Experience in collaborating with SOC or third-party security vendors.