Senior Analyst, Threat Detection and Response

Senior Analyst, Threat Detection and Response Headquartered in Singapore, SATS Ltd. is one of the world's largest air cargo handling and airline catering services. SATS Gateway Services delivers airfreight, ground handling, security, aircraft cleaning and laundry. SATS Food Solutions supplies airlines and institutions with central kitchens for large‐scale food production and distribution. Key Responsibilities Continuously monitor SIEM, EDR and other consoles for suspicious activity; triage alerts and prioritize response based on asset criticality. Investigate suspicious events, determine incident scope, gather evidence and perform root‐cause analysis to identify attack vectors. Execute end‐to‐end incident response, including containment, eradication, recovery and coordination with IT infrastructure and application owners. Proactively hunt for indicators of compromise and hidden threats in logs, network traffic and endpoint telemetry, employing hypothesis‐driven techniques. Continuously tune SIEM/EDR rules, thresholds and SOAR playbooks to automate response actions, reduce false positives and accelerate containment. Leverage threat intelligence sources to enrich analysis and response; stay updated on new vulnerabilities and adversary tactics; adjust monitoring rules accordingly. Work closely with global SOC team members and escalating complex incidents to senior analysts or incident response leads when necessary. Document investigation steps, findings, and actions taken; prepare incident reports and contribute to post‐incident reviews. Assist in developing and updating incident response playbooks, SOPs and knowledge base documentation; provide feedback to improve monitoring tools and workflow automation. Share insights from incidents and trending threats with the broader team; mentor junior analysts (Tier 1 SOC analysts) by elevating the team's collective skill level. Key Requirements Bachelor's degree in Cybersecurity, Computer Science, Information Systems or equivalent threat management & incident response experience. Currently hold cybersecurity certifications such as GCIH, GCFA, GCIA, CEH or others. With 3 years or more, progressive experience in at least two of the following disciplines: Threat Detection & Analysis (leveraging SIEM tools, IDS/IPS, endpoint detection, log analysis). Incident Response & Management (developing response plans, executing playbooks, forensic investigations, root cause analysis). Threat Hunting (identifying undetected threats through proactive analysis and hypothesis‐driven investigation). Cyber Threat Intelligence (gathering and analyzing threat intelligence to inform detection capabilities and preventive measures). Network Security (TCP/IP protocols, firewalls, intrusion prevention systems, and network traffic analysis). Securing and monitoring operating system and cloud environments (AWS, Azure, GCP), including analyzing cloud service logs and configurations for suspicious activities. Demonstrated ability to function as a Level 2 or 3 SOC Analyst (analyzing and responding to cybersecurity incidents). Preferred Experience: Experience with SOAR tools and some proficiency in scripting languages (e.g., Python, PowerShell) to automate repetitive tasks. Advanced understanding of emerging threats, zero‐day vulnerabilities, and common attack vectors (phishing, malware, ransomware, lateral movement). Hands‐on experience using SIEM and EDR platforms for centralized log analysis and real‐time threat monitoring. In‐depth knowledge of the incident response lifecycle. Proven ability to conduct proactive threat hunting operations, leveraging the MITRE ATT&CK framework. Familiarity with cyber threat intelligence feeds and standards (STIX, TAXII) and incorporating IOCs into monitoring and investigations. Understanding of key security frameworks and regulations (NIST CSF, ISO 27001, GDPR) and the ability to align threat detection and incident response processes with organizational policies. Effective at coordinating with cross‐functional teams during high‐impact incidents and translating complex technical findings into actionable insights for executive and non‐technical stakeholders. #J-18808-Ljbffr