Key Accountabilities: Lead deployment, optimization, and lifecycle management of SIEM, EDR, and XDR platforms, ensuring effective detection coverage and alignment with MITRE ATT&CK Oversee threat monitoring activities, including L2 incident analysis, threat hunting, and purple-team validation to strengthen SOC detection maturity Provide technical oversight for endpoint, network, and cloud security implementations (EDR, firewalls, WAF, IDS/IPS), ensuring secure configurations and operational readiness. Support client-facing engagements by delivering technical advisory on detection engineering, SOC optimization, and incident readiness, including playbook development. Collaborate with the Principal Consultant to align detection controls with ISO 27001, NIST CSF, PDPA, and RMiT requirements, contributing to posture assessments and Phase 1-2 roadmap execution Lead and deliver technical POCs, solution designs, and workshops together with the sales teams, including presenting architectures and detection approaches to senior stakeholders Guide SOC analysts and junior engineers, develop internal detection engineering content for the Cyber Academy, and enhance engineering playbooks and deployment templates Job Summary : Deploy and configure cybersecurity technologies across endpoint, network, and cloud environments Conduct threat hunting, detection development, and analysis of suspicious behavior Perform incident support, including evidence gathering, timeline reconstruction, and recovery advisory Lead SIEM/SOC engineering tasks such as onboarding data sources, parser development, and log quality assurance Assist in security assessments and gap analyses aligned to ISO 27001, NIST CSF, and RMiT Coordinate with Principal Security Consultant to develop security controls that support governance and compliance outcomes Drive continuous improvement of MTTD, MTTR, and overall SOC maturity Job Requirements: Bachelor's Degree in Information Security, Computer Science, or related technical field 5-6 years of hands-on experience in cybersecurity engineering, SOC operations, detection engineering, or IR support Professional certifications are preferred but not mandatory. For example: EDR/XDR certifications (Trend Micro, CrowdStrike, SentinelOne) SIEM/XDR certifications (Splunk Power User / SIEM certifications) Relevant offensive security certifications (e.g., CEH, eJPT; OSCP is an advantage) Cloud security certifications (e.g., Google Cloud Security, AWS Security Specialty, or Azure Security) are an added advantage Network/security certifications (e.g Fortinet NSE4/5, CCNP Security, HCIP Security) Familiarity with cloud environments (e.g Google Cloud, AWS, Azure) and log integration workflows Desired Experience/Exposure: Experience deploying SIEM/XDR platforms in production environments Deep understanding of threat detection logic, log correlation, and alert tuning Exposure to VAPT workflows, basic offensive testing, or purple-team validation Experience with network defense technologies (firewalls, IPS/IDS, VPN, SWG) Good understanding of regulatory requirements (RMiT, PDPA, ISO 27001 controls) Ability to translate technical detections into risk-based reporting for CXO audiences