JOB DETAILS

Senior Incident Responder

CompanyStarHub Ltd
LocationSingapore
Work ModeOn Site
PostedJune 7, 2026
About The Company
StarHub is a leading homegrown Singapore company that delivers world-class communications, entertainment, and digital services. With our extensive fibre and wireless infrastructure and global partnerships, we bring to people, homes and enterprises quality mobile and fixed services, a broad suite of premium content, and a diverse range of communication solutions. We develop and deliver solutions incorporating artificial intelligence, cybersecurity, data analytics, Internet of Things, and robotics for corporate and government clients. StarHub is committed to conducting our business sustainably and responsibly. StarHub is named among TIME’s World’s Most Sustainable Companies 2025 and ranked as the world’s most sustainable wireless telecommunication provider on the Corporate Knights Global 100 (2025). StarHub also ranks 187 on the FORTUNE Southeast Asia 500 in 2025. Listed on the Singapore Exchange mainboard, StarHub is a component stock of the SGX iEdge Singapore Low Carbon Index, iEdge-OCBC Singapore Low Carbon Select 50 Capped Index; as well as the FTSE4Good Index series. Visit www.starhub.com for more information.
About the Role

Job Description

Role Mission: The Senior Analyst – Cyber Security Incident Response is responsible for monitoring, detecting, and analysing cybersecurity incidents through the Security Operations Centre (SOC) platform. The role supports the end-to-end incident lifecycle — including triage, investigation, containment, and closure — ensuring timely response to security events and maintaining StarHub’s cyber resilience. This role acts as the Level 2 (L2) Incident Responder, bridging SOC analysts and Incident Response management by performing deep technical analysis and coordinating with internal teams for resolution.

Accountabilities: 

  1. Perform end-to-end incident triage and investigation of security alerts escalated from L1 SOC analysts.
  2. Ensure timely incident analysis, containment, and escalation aligned with MTTD and MTTR goals.
  3. Support the SIEM platform (Elastic Stack) by fine-tuning existing rules and suggesting new detections.
  4. Conduct log analysis and correlation across multiple data sources (network, endpoint, and cloud).
  5. Create and maintain incident documentation, reports, and lessons learned.
  6. Support incident response playbook execution during containment and recovery phases.
  7. Collaborate with IT, network, and application teams for incident remediation and root cause analysis.
  8. Provide insights for use case improvements and participate in use case validation and testing.
  9. Escalate confirmed incidents to CSIRT / Assistant Manager – Incident Response for further action.
  10. Participate in post-incident reviews, contributing to process and detection improvements.

Responsibilities: 

  1. Monitor alerts generated from the SOC/SIEM and perform initial to intermediate-level investigations.
  2. Review and validate security events from multiple log sources and identify legitimate threats.
  3. Perform deep-dive investigations for incidents involving malware, phishing, insider threats, and cloud breaches.
  4. Assist in detection rule creation and tuning under the guidance of senior incident responders.
  5. Use frameworks like MITRE ATT&CK for mapping and improving detection quality.
  6. Conduct threat hunting using Elastic Stack and related tools.
  7. Collaborate with MSSP, CSIRT, and IT infrastructure teams to ensure timely incident handling.
  8. Support incident response reporting, evidence collection, and documentation for compliance and audit.
  9. Contribute to automation opportunities in detection and response workflows.
  10. Participate in training sessions, simulations, and tabletop exercises to enhance readiness.
  11. Responsible for the log source onboarding and managing the continuous logs availability on the SIEM platform.

Qualifications

 

  1. 2–3 years of experience in a SOC or Incident Response (L2) environment.
  2. Intermediate hands-on experience with SIEM platforms (Elastic Stack preferred).
  3. Exposure to incident triage, malware analysis, phishing response, and log correlation.
  4. Strong understanding of use case creation and MITRE ATT&CK framework mapping.
  5. Demonstrated ability to analyze complex alerts and distinguish false positives from true incidents.
  6. Familiarity with security tools such as EDR, NDR, Cyber security tools and threat intelligence platforms.
  7. Good communication and documentation skills for stakeholder updates.
  8. Certifications such as CEH, CompTIA Security+, GCIA, or Elastic Certified Analyst preferred.
Key Skills
Incident ResponseCyber SecuritySOCTriageInvestigationContainmentElastic StackSIEMLog AnalysisMITRE ATT&CKThreat HuntingEDRNDRThreat IntelligenceAutomationMalware Analysis
Categories
Security & SafetyTechnologyData & Analytics
Job Information
📋Core Responsibilities
The Senior Analyst is responsible for monitoring, detecting, and analyzing cybersecurity incidents via the SOC platform, supporting the end-to-end incident lifecycle including triage, investigation, containment, and closure. This role acts as the Level 2 Incident Responder, performing deep technical analysis and coordinating resolution with internal teams.
📋Job Type
full time
📊Experience Level
2-5
💼Company Size
2821
📊Visa Sponsorship
No
💼Language
English
🏢Working Hours
40 hours
Apply Now →

You'll be redirected to
the company's application page