Senior Analyst, Threat Detection and Response

Company description:

About Us

Headquartered in Singapore, SATS Ltd. is one of the world's largest providers of air cargo handling services and Asia's leading airline caterer. SATS Gateway Services provides airfreight and ground handling services including passenger services, ramp and baggage handling, aviation security services, aircraft cleaning and aviation laundry. SATS Food Solutions serves airlines and institutions, and operates central kitchens with large-scale food production and distribution capabilities for a wide range of cuisines.

SATS is present in the Asia-Pacific, the Americas, Europe, the Middle East and Africa, powering an interconnected world of trade, travel and taste. Following the acquisition of Worldwide Flight Services (WFS) in 2023, the combined SATS and WFS network operates over 215 stations in 27 countries. These cover trade routes responsible for more than 50% of global air cargo volume. SATS has been listed on the Singapore Exchange since May 2000. For more information, please visit

Why Join Us

At SATS, people are our greatest asset and we build our success on the knowledge, expertise and performance of every contributor, by embracing diversity and uniqueness. As part of our holistic approach and commitment to embracing FAM (Fulfilling, Appreciated, Meaningful) in the workplace, we offer the runway to develop Fulfilling careers that foster your career growth, recognising and Appreciating the strength of talent and capabilities that we continue to build internally; and inspiring and encouraging each other to make Meaningful contributions in the work we do at SATS.

Job description:

About Us

Headquartered in Singapore, SATS Ltd. is one of the world's largest providers of air cargo handling services and Asia's leading airline caterer. SATS Gateway Services provides airfreight and ground handling services including passenger services, ramp and baggage handling, aviation security services, aircraft cleaning and aviation laundry. SATS Food Solutions serves airlines and institutions, and operates central kitchens with large-scale food production and distribution capabilities for a wide range of cuisines.

SATS is present in the Asia-Pacific, the Americas, Europe, the Middle East and Africa, powering an interconnected world of trade, travel and taste. Following the acquisition of Worldwide Flight Services (WFS) in 2023, the combined SATS and WFS network operates over 215 stations in 27 countries. These cover trade routes responsible for more than 50% of global air cargo volume. SATS has been listed on the Singapore Exchange since May 2000. For more information, please visit

Why Join Us

At SATS, people are our greatest asset and we build our success on the knowledge, expertise and performance of every contributor, by embracing diversity and uniqueness. As part of our holistic approach and commitment to embracing FAM (Fulfilling, Appreciated, Meaningful) in the workplace, we offer the runway to develop Fulfilling careers that foster your career growth, recognising and Appreciating the strength of talent and capabilities that we continue to build internally; and inspiring and encouraging each other to make Meaningful contributions in the work we do at SATS.

Key Responsibilities

This position focuses on threat detection, incident response, event analysis, and proactive threat hunting across the organization's IT environments. The Threat Detection and Response Sr. Analyst monitors security systems, analyzes alerts, and investigates potential incidents to protect critical assets and data. Serving as an integral part of the global Security Operations Center (SOC) team, this analyst works closely with regional teams in Europe and Singapore to ensure timely identification and remediation of cyber threats.

The senior analyst will respond to security incidents in accordance with established procedures and industry best practices, collaborating with cross-functional IT and security teams. They leverage advanced security tools (SIEM, EDR, SOAR) and follow frameworks like MITRE ATT&CK to understand adversary techniques and continuously improve detection capabilities. The ideal candidate has 3+ years of experience in cybersecurity operations (Tier 2 / Tier 3 SOC analyst or incident responder), combining strong technical skills with effective communication.

• Continuously monitor security consoles and dashboards (SIEM, EDR, etc.) for suspicious activity; triage alerts to identify valid security incidents versus false positives and prioritize response based on asset criticality and business risk.
• Investigate suspicious activities and security events, determine the scope and severity of incidents, and gather relevant evidence. Perform root cause analysis to identify attack vectors and affected systems.
• Execute incident response actions end-to-end - including timely containment of threats, eradication of malicious artifacts, and system recovery - following the organization's incident response plan. Coordinate with IT infrastructure, application owners, and other stakeholders to ensure effective remediation of incidents.
• Proactively hunt for indicators of compromise and hidden threats in logs, network traffic, and endpoint telemetry, even without specific alerts. Use hypothesis-driven techniques and knowledge of attacker TTPs to uncover stealthy or emerging threats that evaded initial detection.
• Continuously tune SIEM/EDR detection rules, thresholds, and SOAR playbooks—automating repetitive response actions to reduce false positives and accelerate containment
• Leverage internal and external threat intelligence sources to enrich analysis and response. Stay updated on new vulnerabilities and adversary tactics; incorporate this knowledge to adjust monitoring rules and incident response strategies. Map observed malicious activities to frameworks like MITRE ATT&CK for reporting and analysis.
• Work closely with global SOC team members and escalate complex incidents to senior analysts or incident response leads when necessary. Collaborate with colleagues in other regions to ensure seamless coverage and knowledge sharing across the security team.
• Document investigation steps, findings, and actions taken for each incident in a clear and concise manner. Prepare incident reports and contribute to post-incident review meetings, highlighting what occurred, how it was resolved, and recommendations to prevent future occurrences.
• Assist in developing and updating incident response playbooks, standard operating procedures, and knowledge base documentation. Provide feedback and suggestions to improve security monitoring tools, analytics content (detection rules), and workflow automation (SOAR playbooks) for greater efficiency and effectiveness.
• Share insights from incidents and trending threats with the broader team to enhance overall awareness. Mentor and guide junior analysts (Tier 1 SOC analysts) by sharing analysis techniques and best practices, elevating the team's collective skill level.

Key Requirements

• Bachelor's degree in Cybersecurity, Computer Science, Information Systems, or equivalent threat management & incident response experience
• Currently hold cybersecurity certifications such as GCIH, GCFA, GCIA, CEH, others
• With 3 years or more, progressive experience in at least two of the following disciplines:
• Threat Detection & Analysis (leveraging SIEM tools, IDS/IPS, endpoint detection, log analysis, etc.)
• Incident Response & Management (developing response plans, executing playbooks, forensic investigations, root cause analysis)
• Threat Hunting (identifying undetected threats through proactive analysis and hypothesis-driven investigation)
• Cyber Threat Intelligence (gathering and analyzing threat intelligence to inform detection capabilities and preventive measures)
• Network Security (TCP/IP protocols, firewalls, intrusion prevention systems, and network traffic analysis)
• Securing and monitoring operating system and cloud environments (AWS, Azure, GCP), including analyzing cloud service logs and configurations for suspicious activities, and understanding cloud-native security controls and best practices
• Demonstrated ability to:
• Function as a Level 2 or 3 SOC Analyst (analyzing and responding to cybersecurity incidents)
• Preferred Experience:
• Experience with SOAR tools and some proficiency in scripting languages (e.g., Python, PowerShell) to automate repetitive tasks and streamline incident response workflows
• Advanced understanding of emerging threats, zero-day vulnerabilities, and common attack vectors (phishing, malware, ransomware, lateral movement) with the ability to ensure rapid detection and response
• Hands-on experience using SIEM and EDR platforms for centralized log analysis, real-time threat monitoring, and in-depth incident investigations
• In-depth knowledge of the incident response lifecycle
• Proven ability to conduct proactive threat hunting operations, leveraging the MITRE ATT&CK framework to map adversary tactics, techniques, and procedures (TTPs), uncover stealthy threats, and close gaps in detection coverage
• Familiarity with cyber threat intelligence feeds and standards (e.g., STIX, TAXII), incorporating IOCs (Indicators of Compromise) and threat intel data into monitoring and investigations to enrich context and anticipate emerging threats
• Understanding of key security frameworks and regulations (e.g., NIST CSF, ISO 27001, GDPR) and the ability to align threat detection and incident response processes with organizational policies and compliance requirements
• Effective at coordinating with cross-functional teams (IT, DevOps, Business, etc.) during high-impact incidents and translating complex technical findings into clear, actionable insights for executive and non-technical stakeholders