- Perform expert-level security monitoring, detection, and analysis of complex events across SIEM (Splunk, Microsoft Sentinel), EDR, and NDR platforms, ensuring proactive defense.
- Act as a primary escalation point for L1 analysts, leading the investigation, containment, and resolution of critical security incidents. Coordinate swift response efforts with regional (Asia, EU) and Group-level Operations teams.
- Drive proactive threat hunting initiatives, identifying hidden threats and developing custom detection rules (IOC/IOA) to enhance our security posture.
- Execute and oversee containment actions (e.g., device isolation, application restriction, session revocation). Collaborate directly with BU IT and Infrastructure teams to ensure effective network-level threat containment and remediation.
- Initiate and contribute significantly to the continuous improvement of technical procedures, incident handling guidelines, and security playbooks.
skills & experiences required.
- Minimum 3 years of dedicated experience in a Security Operations Center or Incident Response role within an enterprise environment.
- Proficient with SIEM platforms (e.g., Splunk, Microsoft Sentinel) for advanced querying, correlation rule creation, and dashboarding.
- Demonstrable hands-on experience with Endpoint Detection and Response (EDR) and Network Detection and Response (NDR) technologies.
- Proven track record of leading security investigations, root cause analysis, and implementing effective countermeasures.
- Excellent analytical, critical thinking, and problem-solving skills with meticulous attention to detail.
- Exceptional communication and collaboration skills, capable of articulating complex security issues to technical and non-technical stakeholders.
If you're interested in this exciting opportunity please don’t delay and click 'APPLY NOW' or for more information, reach out to Russell Regalado on russell.regalado@randstad.com.hk