Threat Detection Manager

Overall direction and control of Singapore Content operations and Global Threat Intelligence
- Hire, develop, train and mentor our Singapore Content team and our Threat Intelligence Analysts
- Sets standards and KPIs that align with corporate goals for service delivery and report on agreed metrics
- Drive continuous improvement in productivity and output of our team
- Be a source of innovative ideas and improvements to our technology platform and processes
- Create and maintain a cohesive approach to our global execution of Use Case Development
- Assist when needed on development projects, including but not limited to developing and creating new use cases for our base library including documentation, maintain existing base library, and modify alerts in library as required by the current threat landscape
- Act as Product Owner of our Use Case Libraries following an Agile methodology
- Manage projects in Jira, ServiceNow, and GitLab and ensure timely delivery of results
- Delegate work, and monitor completion timelines
- Continuously evaluate and improve upon our Use Case Development processes
- Support junior members on content development and operational tasks such as SIEM health, SIEM onboarding tasks, use case modifications, report modifications, and dashboard modifications
- Assume high level projects at the request of our Product Management team in areas such as migration of new technology and/or automation and scripting tasks
- Build dashboards and other tools for metrics and organizational purposes
- Identify technical issues and provide immediate and effective resolutions
- Act as technical coach for questions regarding content development (best practices, approaches, tools, languages, other technologies)
- Operate both independently and as part of a geographically dispersed team, while maintaining situational awareness and keeping the team informed.
- Keep abreast of the latest developments in the cybersecurity threat landscape
- Support regular and ad-hoc threat landscape reporting on relevant threat events and trends
- Actively participate in coordinated structured threat hunting campaigns
- Actively participate in team-based distributed deep-dive investigations of intrusion sets and campaigns
- Investigate, classify and track threat groups
- Participate in continual training and education for advanced in-depth investigations
- Support threat intelligence projects and initiatives to improve data collection, data processing, and structured analysis and interpretation. Ensure security, availability, and confidentiality of all sensitive data collected, processed, or stored by this position
- Any other ad hoc duties assigned
**Requirements**:

- At least 2 years of supervisory experience working in Security Operations Centers
- At least 5 years experience with a SIEM product (Splunk, Sentinel, and Elastic are most valuable)
- Certifications to support knowledge base in Splunk, Sentinel, and/or Elastic
- Strong understanding of security operations, threat hunting methodologies, incident response and architectural dependencies of security technologies
- Experience in developing frameworks for knowledge transfer, training and education
- Successful track record as a leader, people manager, communicator and motivator
- Ability to excel in a fast-paced environment and work under pressure
- Experience in data ingestion and knowledge of SIGMA and MITRE framework
- Basic understanding of the current threat landscape including knowledge of different threat actor profiles and attack methods
- Demonstrated knowledge of general networking principles including full knowledge of TCP/IP communication, the OSI model, common network ports, and basic network defense
- Basic Unix or Linux system administration and command line experience
- Solid understanding of the threats reported by various data sources such as IDS/IPS, AV, HIDS/HIPS, WAFs, firewalls, and web proxies
- Experience with Regular Expressions
- Ability to manage and assign a large daily task flow; experience mentoring and training staff; ability to create a cohesive global team environment
- Ability to effectively provide updates to stakeholders
- Confidence in independently delivering technical solutions
- Good problem-solving skills and the ability to visualize a problem/situation and think abstractly to solve it
- Solid knowledge of standard change management practices and procedures and ability to adhere to these even when there are critical production environment issues
- Highly organized in work product, research, and processes
- Able to balance multiple daily tasks of varying complexities and timelines

Lim Shen Chee (Reg No. R1660557)
EA License No. 07C5771

Schedule:

- Monday to Friday