Senior Analyst, Threat Detection and Response

Job Title: Senior Analyst, Threat Detection and Response
- Job Location: Inflight Catering Centre 1

**About Us**:
SATS is Asia's leading provider of food solutions and gateway services. Using innovative food technologies and resilient supply chains, we create tasty, quality food in sustainable ways for airlines, foodservice chains, retailers and institutions. With heartfelt service and advanced technology, we connect people, businesses and communities seamlessly through our comprehensive gateway services for customers such as airlines, cruise lines, freight forwarders, postal services and eCommerce companies.
- Job Description:
**About Us**:
Headquartered in Singapore, SATS Ltd. is one of the world’s largest providers of air cargo handling services and Asia’s leading airline caterer. SATS Gateway Services provides airfreight and ground handling services including passenger services, ramp and baggage handling, aviation security services, aircraft cleaning and aviation laundry. SATS Food Solutions serves airlines and institutions, and operates central kitchens with large-scale food production and distribution capabilities for a wide range of cuisines.

**Why Join Us**:
At SATS, people are our greatest asset and we build our success on the knowledge, expertise and performance of every contributor, by embracing diversity and uniqueness. As part of our holistic approach and commitment to embracing FAM (Fulfilling, Appreciated, Meaningful) in the workplace, we offer the runway to develop Fulfilling careers that foster your career growth, recognising and Appreciating the strength of talent and capabilities that we continue to build internally; and inspiring and encouraging each other to make Meaningful contributions in the work we do at SATS.

**Key Responsibilities**:
This position focuses on threat detection, incident response, event analysis, and proactive threat hunting across the organization’s IT environments. The Threat Detection and Response Sr. Analyst monitors security systems, analyzes alerts, and investigates potential incidents to protect critical assets and data. Serving as an integral part of the global Security Operations Center (SOC) team, this analyst works closely with regional teams in Europe and Singapore to ensure timely identification and remediation of cyber threats.
- Continuously monitor security consoles and dashboards (SIEM, EDR, etc.) for suspicious activity; triage alerts to identify valid security incidents versus false positives and prioritize response based on asset criticality and business risk.
- Investigate suspicious activities and security events, determine the scope and severity of incidents, and gather relevant evidence. Perform root cause analysis to identify attack vectors and affected systems.
- Proactively hunt for indicators of compromise and hidden threats in logs, network traffic, and endpoint telemetry, even without specific alerts. Use hypothesis-driven techniques and knowledge of attacker TTPs to uncover stealthy or emerging threats that evaded initial detection.
- Continuously tune SIEM/EDR detection rules, thresholds, and SOAR playbooks—automating repetitive response actions to reduce false positives and accelerate containment
- Leverage internal and external threat intelligence sources to enrich analysis and response. Stay updated on new vulnerabilities and adversary tactics; incorporate this knowledge to adjust monitoring rules and incident response strategies. Map observed malicious activities to frameworks like MITRE ATT&CK for reporting and analysis.
- Work closely with global SOC team members and escalate complex incidents to senior analysts or incident response leads when necessary. Collaborate with colleagues in other regions to ensure seamless coverage and knowledge sharing across the security team.
- Document investigation steps, findings, and actions taken for each incident in a clear and concise manner. Prepare incident reports and contribute to post-incident review meetings, highlighting what occurred, how it was resolved, and recommendations to prevent future occurrences.
- Assist in developing and updating incident response playbooks, standard operating procedures, and knowledge base documentation. Provide feedback and suggestions to improve security monitoring tools, analytics content (detection rules), and workflow automation (SOAR playbooks) for greater efficiency and effectiveness.
- Share insights from incidents and trending threats with the broader team to enhance overall awareness. Mentor and guide junior analysts (Tier 1 SOC analysts) by sharing analysis techniques and best practices, elevating the team’s collective skill level.

**Key Requirements**:

- Bachelor’s degree in Cybersecurity, Computer Science, Information Systems, or equivalent threat management & incident response experience
- Currently hold cybersecurity certifications such as GCIH, GCFA, GCIA, CEH, others
- With 3 years or more, progressive experience in at least two of th