Senior Incident Response Specialist, Cyber Security-Malaysia

Cygnify
Kuala Lumpur, MY
On-site

Who this role is best for

Aimed at senior cybersecurity professionals who specialize in incident response and threat hunting using Elastic Stack in a SOC environment.

Best fit for

  • Experienced SOC analysts ready to transition into a Level 2 incident responder role.
    — “bridging SOC analysts and Incident Response management
  • Cybersecurity specialists with hands-on SIEM platform tuning and log analysis skills.
    — “fine-tuning existing rules and suggesting new detections
  • Incident responders adept at using MITRE ATT&CK for threat detection improvements.
    — “Use frameworks like MITRE ATT&CK for mapping

Things to consider

  • Requires participation in training sessions and simulations to maintain readiness.
    — “Participate in training sessions, simulations, and tabletop exercises
  • Involves collaboration with multiple teams including IT, network, and MSSP.
    — “Collaborate with MSSP, CSIRT, and IT infrastructure teams

How to stand out

  • Highlight specific instances where you improved detection quality using MITRE ATT&CK.
    — “improving detection quality
  • Demonstrate experience in automating detection and response workflows.
    — “Contribute to automation opportunities in detection and response workflows
  • Showcase your role in post-incident reviews and process improvements.
    — “Participate in post-incident reviews, contributing to process and detection improvements
Pace · Fast PacedCollaboration · HighAutonomy · MediumDecision Impact · TeamLevel · Senior

Derived from job-description analysis by Serendipath's career intelligence engine.

What success looks like

  • timely incident resolution
  • improved detection quality
Typical background
cybersecurity experiencesecurity operations

Skills & requirements

Required

Incident ResponseSIEMLog AnalysisThreat HuntingMitre Att&ck

Preferred

AutomationCloud Security

Stack & domain

Elastic StackMitre Att&ckSiem PlatformLog AnalysisCorrelationIncident Response PlaybookRoot Cause AnalysisAutomation OpportunitiesThreat HuntingCybersecurity

About the role

Original posting from Cygnify via Ashby

Role Mission

The Senior Analyst - Cyber Security Incident Response is responsible for monitoring, detecting, and analyzing cybersecurity incidents through the Security Operations Centre (SOC) platform. The role supports the end-to-end incident lifecycle — including triage, investigation, containment, and closure — ensuring timely response to security events and maintaining cyber resilience. This role acts as the Level 2 (L2) Incident Responder, bridging SOC analysts and Incident Response management by performing deep technical analysis and coordinating with internal teams for resolution.

Accountabilities:

  • Perform end-to-end incident triage and investigation of security alerts escalated from L1 SOC analysts.
  • Ensure timely incident analysis, containment, and escalation aligned with MTTD and MTTR goals.
  • Support the SIEM platform (Elastic Stack) by fine-tuning existing rules and suggesting new detections.
  • Conduct log analysis and correlation across multiple data sources (network, endpoint, and cloud).
  • Create and maintain incident documentation, reports, and lessons learned.
  • Support incident response playbook execution during containment and recovery phases.
  • Collaborate with IT, network, and application teams for incident remediation and root cause analysis.
  • Provide insights for use case improvements and participate in use case validation and testing.
  • Escalate confirmed incidents to CSIRT / Assistant Manager - Incident Response for further action.
  • Participate in post-incident reviews, contributing to process and detection improvements.
  • Monitor alerts generated from the SOC/SIEM and perform initial to intermediate-level investigations.
  • Review and validate security events from multiple log sources and identify legitimate threats.
  • Perform deep-dive investigations for incidents involving malware, phishing, insider threats, and cloud breaches.
  • Assist in detection rule creation and tuning under the guidance of senior incident responders.
  • Use frameworks like MITRE ATT&CK for mapping and improving detection quality.
  • Conduct threat hunting using Elastic Stack and related tools.
  • Collaborate with MSSP, CSIRT, and IT infrastructure teams to ensure timely incident handling.
  • Support incident response reporting, evidence collection, and documentation for compliance and audit.
  • Contribute to automation opportunities in detection and response workflows.
  • Participate in training sessions, simulations, and tabletop exercises to enhance readiness.
  • Responsible for the log source onboarding and managing the continuous logs availability on the SIEM platform.

Requirements

  • Monitor alerts generated from the SOC/SIEM and perform initial to intermediate-level investigations.
  • Review and validate security events from multiple log sources and identify legitimate threats.
  • Perform deep-dive investigations for incidents involving malware, phishing, insider threats, and cloud breaches.
  • Assist in detection rule creation and tuning under the guidance of senior incident responders.
  • Use frameworks like MITRE ATT&CK for mapping and improving detection quality.
  • Conduct threat hunting using Elastic Stack and related tools.
  • Collaborate with MSSP, CSIRT, and IT infrastructure teams to ensure timely incident handling.
  • Support incident response reporting, evidence collection, and documentation for compliance and audit.
  • Contribute to automation opportunities in detection and response workflows.
  • Participate in training sessions, simulations, and tabletop exercises to enhance readiness.
  • Responsible for the log source onboarding and managing the continuous logs availability on the SIEM platform.

Source: Cygnify careers (Ashby)

Similar roles