Senior Security Analyst

Senior Security Analyst – Logicalis Asia Pacific Apply for the Senior Security Analyst role at Logicalis Asia Pacific. Posted 1 day ago. Be among the first 25 applicants. Why choose Logicalis? As Architects of Change, Logicalis focuses on designing, supporting, and executing clients' digital transformation by uniting their vision with technology expertise and industry insights. The company addresses customer priorities such as revenue growth, operational efficiency, innovation, risk and compliance, data governance, and sustainability. Job Responsibilities Detection Engineering Design, develop, and deploy high-fidelity detection rules in SIEM (Splunk, Microsoft Sentinel, Devo, QRadar, EDR, etc.). Create custom use cases to detect MITRE TTPs aligned with real-world threats and red team activities. Conduct detection gap analysis, tune alerting mechanisms, and eliminate false positives at the MSS customer environment. Perform regular fine‑tuning and optimization of detection rules, correlation logic, and alert thresholds across SIEM, EDR, and other security platforms. Continuously assess detection efficacy based on incident feedback and threat landscape evolution, implementing improvements accordingly. Collaborate with red/purple teams to validate detection logic and build threat‑informed defenses. Regularly review, update, and enhance detection logic to ensure alignment with the latest threat intelligence, adversary TTPs, and evolving attack techniques. Maintain relevancy and effectiveness of security detections by incorporating insights from threat hunts, incident response cases, red team exercises, and industry best practices. Threat Hunting and Threat Intel Proactively hunt for advanced threats across on‑prem and cloud environments using telemetry from SIEM, EDR, NDR, and threat intelligence. Develop hypotheses based on TTPs, threat intelligence feeds, and incident trends. Use frameworks such as MITRE ATT&CK and the Diamond Model to structure hunting campaigns. Document hunt procedures and outcomes to support knowledge sharing and continuous improvement. Map threat actor TTPs to frameworks such as MITRE ATT&CK to support proactive defense strategies and inform detection engineering efforts. Provide actionable threat intelligence to SOC, detection engineering, and IR teams to inform custom detection rule development, prioritization of hunts, and incident scoping. Contribute to the threat intelligence lifecycle, including direction, collection, processing, analysis, dissemination, and feedback. Ingest, analyze, and operationalize threat intelligence from internal sources, commercial feeds, and open‑source intelligence (OSINT) to enrich detection logic, hunting hypotheses, and incident investigations. Collaborate with internal and commercial threat intelligence teams to contextualize IOCs and TTPs for targeted and industry‑specific threats. Maintain up‑to‑date threat intelligence repositories and contribute to the continuous improvement of threat intel processes and playbooks. Incident Response Lead the incident response lifecycle (detection, triage, containment, eradication, recovery). Handle security incidents tickets escalated by Level II team, and draft security incident reports covering root cause, forensic evidence, and recommended mitigation plans. Conduct and support forensic analysis of endpoints, logs, and network traffic to determine root cause and impact. Coordinate with internal stakeholders and external partners during critical incidents. Develop and maintain playbooks, runbooks, and incident reports. Digital Forensics and Incident Response (DFIR) experience is a strong added advantage, enabling deeper investigations and root cause analysis. Collaboration & Mentorship Mentor and support L1/L2 SOC analysts in investigations, tool usage, and processes. Participate in tabletop exercises and red/purple team assessments. Lead and conduct regular customer meetings to review SOC activities, including security posture, key metrics, and ongoing initiatives. Prepare and deliver detailed briefings on priority incidents, RCA, ensuring timely communication of root cause, impact analysis, mitigation steps, and next actions. Act as a primary point of contact for incident escalations and maintain consistent, professional engagement with client stakeholders. Coordinate with cross‑functional teams including Engineering, Development, Red Team, and Risk/Compliance. Identify gaps in existing SOC process and work with team members or other departments to create, modify standard operating procedures, and automate any mundane daily operational activities, ensuring ops run efficiently. Requirements At least 8–10 years of working experience in SOC and MSS environments. Bachelor’s degree in computer engineering, computer science, cyber security, information security or equivalent. Excellent hands‑on experience in implementations and incident analysis of Splunk, IBM QRadar, Azure Sentinel SIEM and Devo technologies. Hands‑on experience with Endpoint Protection (EPP) or Endpoint Detection Response (EDR) technologies such as CrowdStrike or Microsoft Defender. Hands‑on experience with SOAR technologies. Experience in malware analysis for Windows and Linux/Mac. Exposure to firewall technologies such as Cisco, Palo Alto, Checkpoint, Fortinet. Good understanding of Windows, Linux environments and basic Linux commands and troubleshooting, with proven Unix (Solaris, Linux, BSD) experience. Knowledge of shell scripting and automation of operational tasks. Knowledge of current cyber threats, attack vectors, vulnerabilities and threat intelligence feeds. Ability to work effectively in a team environment, collaborate cross‑functionally, and mentor junior analysts. At least one SANS certification, preferred GCIH. Good understanding of basic network concepts and exposure to cloud technologies. Lateral thinking combined with excellent troubleshooting skills, preferably with experience following ITIL standards. Lead team of security analysts, develop SOC SOPs and develop Threat Intel feeds such as MISP. Interested applicants please submit your application with expected salary and notice period to be considered for the role. Only shortlisted candidates will be notified. As part of any recruitment process, we collect and process personal data relating to job applicants. By applying to this post and sending us your resume, you agree to the collection, use, and/or disclosure of your personal data as set out in our Data Protection Notice for Job Applicants. Logicalis is committed to protecting your privacy. #J-18808-Ljbffr