The Government Technology Agency (GovTech) aims to transform the delivery of Government digital services by taking an "outside-in" view, putting citizens and businesses at the heart of everything we do. We also develop the Smart Nation infrastructure and applications and facilitate collaboration with citizens and businesses to co-develop technologies.
Join us as we support Singapore’s vision of building a Smart Nation - a nation of possibilities empowered through info-communications technology and related engineering.
You will play a key role in the Government Cyber Defence (GCD) of Cyber Security Group (CSG) as a SOC Content Management Specialist.
The SOC Content Management Specialist is responsible for the overall Use Case and playbook management for the SIEM and SOAR within the SOC. This includes the development of new Use Cases as well as assessment and finetuning of existing Use Cases in the SIEM. The role is also responsible for the development and maintenance of playbooks in the SOAR.
What you will be working on:
- Oversee and partner with other functions within the SOC to execute the day-to-day Use Case Management from developing detection content and playbooks in the SIEM and SOAR.
- Perform regular assessments on the detection coverage and efficacy of the Use Cases to identify gaps and root causes, recommend changes to the detection logic to improve detection efficacy, and develop new Use Cases to improve overall detection coverage.
- Perform regular assessments on the SOC operations, recommend changes to the existing playbooks, and develop new SOAR playbooks for continuous improvements to the overall SOC operations
- Develop, maintain and execute the SOC detection capability roadmap.
What we are looking for:
- Bachelor’s Degree in Computer Science/Information Security or equivalent
- Professional certifications, including GMON, CISSP, or other relevant certifications
- Preferably 3 years or more experience with developing Use Cases in SIEM and playbooks in SOAR technologies
- Knowledge of cyber kill-chain, MITRE Att&ck framework
- Understanding of operating systems and platforms (e.g. Windows, Linux)
- Knowledge of networking concepts (e.g. LAN/WAN routing, TCP/IP)
- Understanding of current vulnerabilities, attack TTP, and countermeasures
- Knowledge of incident response is a plus
- Good working knowledge of Cloud and Container technologies is a plus
- Experience with vendor management is a plus
- Familiarity with good security practices
Other Requirements:
- Ability to multitask, prioritize, and solid attention to details
- Demonstrate a high degree of integrity, initiative, energy, and endurance
- Ability to learn
- Possess good communication and interpersonal skills
- Able to work effectively as an individual contributor as well as in a team environment
- Singapore Citizen only
We are an equal opportunity employer and value diversity at our company as we believe that diversity is meaningful to innovation. Our employee benefits are based on a total rewards approach, offering a holistic and market-competitive suite of perks. This includes generous leave benefits to meet your work-life needs. We trust that you will get the job done wherever you are, and whatever works best for you – so work from home or take a break to exercise if you need to*. We also believe it’s important for you to keep honing your craft in the constantly-evolving tech landscape, so we provide and support a plethora of in-house and external learning and development opportunities all year round.
Subject to the nature of your job role that might require you to be onsite during fixed hours
GovTech
