Skip to main content
Back to jobs

SOC Tier 3 Analyst (GTS - Command Centre)

External
ocbc logoOcbc · Ocbc, Singapore
Full-timeOn-site6d ago
DocumentationIncident ResponseLinuxSIEM
Cover LetterConnect

Prepare for this interview

Elite

AI-generated questions, company research, and talking points tailored to this role

About the role

As Singapore's longest established bank, we have been dedicated to enabling individuals and businesses to achieve their aspirations since 1932. How? By taking the time to truly understand people. From there, we provide support, services, solutions, and career paths that meet their individual needs and desires. Today, we're on a journey of transformation. Leveraging technology and creativity to become a future-ready learning organisation. But for all that change, our strategic ambition is consistently clear and bold, which is to be Asia's leading financial services partner for a sustainable future. We invite you to build the bank of the future. Innovate the way we deliver financial services. Work in friendly, supportive teams. Build lasting value in your community. Help people grow their assets, business, and investments. Take your learning as far as you can. Or simply enjoy a vibrant, future-ready career. Your Opportunity Starts Here. As Singapore's longest established bank, we have been dedicated to enabling

Requirements

  • 8 or more years of experience in a SOC environment or related cybersecurity field.
  • At least 3 years of experience as a senior SOC analyst, Tier 3 analyst, cyber incident responder, threat hunter, or equivalent escalation role.
  • Strong hands-on experience with SOC tools such as SIEM, SOAR, EDR, XDR or UEBA.
  • Strong proficiency in SIEM, network traffic, host event, and security event log analysis.
  • Strong understanding of Windows, Linux, Active Directory, identity compromise, network protocols, cloud/SaaS logs, endpoint artefacts, and common attacker techniques.
  • Experience investigating cyber threats and managing cyber security incidents, including hands-on log analysis and host/network forensic analysis in support of incident response.
  • Experience designing, developing, deploying, and finetuning security monitoring use cases based on frameworks such as MITRE ATT&CK.
  • Experience developing threat detection content and SIEM/SOAR use cases or playbooks.
  • Ability to write clear technical and management-facing reports.
  • Ability to prioritise effectively, manage competing operational demands, and make sound escalation decisions.
  • Familiarity with AI-assisted security operations, SOC copilots, automated enrichment, agentic workflows or machine-assisted triage is a plus.
  • Experience in banking, financial services, critical infrastructure, or highly regulated environments is a plus.
  • Relevant certifications such as GCIH, GCIA, GCFA, GNFA, GREM, OSCP or equivalent are preferred.

Benefits

How you succeedThe candidate will be part of the Cyber Security Operations team and will be responsible for threat monitoring, threat response, operational enhancements and operational guidance to SOC analysts. The candidate will also act as a senior escalation point for complex and high-severity cyber threats.What you doProvide guidance to Tier 1 and Tier 2 SOC analysts.Assist in managing daily SOC operations.Collaborate with other stakeholders to support the overall cyber defence strategy.Prioritise tasks appropriately and formulate clear responses or recommendations to stakeholders in a fast-paced environment.Lead investigation of cyber security incidents and support coordinated response activities.Prepare incident summaries, technical timelines, post-incident reports and lessons-learnt documentation for technical and non-technical audiences.Develop repeatable and efficient processes, runbooks and analyst guides to monitor, detect, analyse and remediate potential cyber security incidents.Review detection effectiveness, false positives, coverage gaps and recurring alert patterns, and recommend improvements to prevention, detection and response capabilities.Support development, validation and finetuning of detection use cases, SOAR playbooks and AI-assisted SOC workflows.Optimise usage of SOC tools, including SIEM, SOAR, EDR/XDR and AI-enabled SOC platforms, and evaluate new technologies where required.Support threat hunting across security-relevant data sets based on threat intelligence, MITRE ATT&CK techniques, emerging attacker behaviours and identified control gaps.Identify opportunities where AI-assisted triage, automation or agentic workflows can safely reduce analyst effort, improve investigation consistency or accelerate response.Participate in tabletop exercises, purple team activities, detection reviews, operating reviews and post-incident retrospectives.Identify opportunities for SOC improvements, including metrics definition, after-action reviews, playbook enhancements, AI-assisted workflow improvements and analyst capability uplift.

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at ocbc? Share your experience

Interested in this role?

Apply on the company's website.

Cover LetterConnect