SOC Security Analyst at Gruve

SingaporeFull-timeManaged Services, CybersecurityPosted about 1 month ago

About the Role

<div class="content-intro">About Gruve Gruve is an innovative software services startup dedicated to transforming enterprises to AI powerhouses. We specialize in cybersecurity, customer experience, cloud infrastructure, and advanced technologies such as Large Language Models (LLMs). Our mission is to assist our customers in their business strategies utilizing their data to make more intelligent decisions. As a well-funded early-stage startup, Gruve offers a dynamic environment with strong customer and partner networks.</div>About the role We are seeking a highly skilled Security Analyst to join our Security Operations Center (SOC) team. The ideal candidate should have a strong foundation in SIEM monitoring & XDR or EDR solutions, and security analysis, with hands-on experience in investigating and responding to security alerts. This role requires expertise in reviewing and analyzing L1 alerts, providing detailed recommendations, and engaging with customers for incident handling. The candidate should also have a basic SIEM administration background and Python scripting skills for troubleshooting and playbook development.     Key Roles & Responsibilities:    Incident Detection and Response <ul> <li data-leveltext="" data-font="Symbol" data-listid="35" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"multilevel"}" data-aria-posinset="1" data-aria-level="1">Analyze and Respond to Security Alerts: Review and investigate security alerts escalated from L1 analysts or generated by security monitoring tools (SIEM, IDS/IPS, EDR). </li> </ul> <ul> <li data-leveltext="" data-font="Symbol" data-listid="35" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"multilevel"}" data-aria-posinset="2" data-aria-level="1">Incident Triage: Conduct initial analysis of potential security incidents to determine severity, impact, and scope, including identifying false positives. </li> </ul> <ul> <li data-leveltext="" data-font="Symbol" data-listid="35" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"multilevel"}" data-aria-posinset="3" data-aria-level="1">Incident Escalation: If necessary, escalate incidents to L3 SOC analysts for deeper investigation and remediation. </li> </ul> <ul> <li data-leveltext="" data-font="Symbol" data-listid="35" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"multilevel"}" data-aria-posinset="4" data-aria-level="1">Containment: Take appropriate containment actions to limit the impact of ongoing security incidents (e.g., isolating affected systems, blocking malicious IP addresses). </li> </ul> <ul> <li data-leveltext="" data-font="Symbol" data-listid="35" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"multilevel"}" data-aria-posinset="5" data-aria-level="1">Incident Documentation: Accurately document and report security incidents in a clear and comprehensive manner for later analysis and compliance requirements. </li> </ul>  Threat Hunting and Monitoring <ul> <li data-leveltext="" data-font="Symbol" data-listid="36" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"multilevel"}" data-aria-posinset="1" data-aria-level="1">Proactive Threat Hunting: Identify potential threats and vulnerabilities by analyzing logs, network traffic, and other security data to find hidden threats or weaknesses. </li> </ul> <ul> <li data-leveltext="" data-font="Symbol" data-listid="36" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"multilevel"}" data-aria-posinset="2" data-aria-level="1">Monitor Security Systems: Regularly monitor and assess security infrastructure, including firewalls, intrusion detection systems, and endpoint protection tools, to detect anomalies and potential attacks. </li> </ul> <ul> <li data-leveltext="" data-font="Symbol" data-listid="36" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"multilevel"}" data-aria-posinset="3" data-aria-level="1">Alert Tuning: Adjust and refine alerts within security tools (SIEM, XDR) to improve detection and reduce false positives. </li> </ul>  Security Tool Management <ul> <li data-leveltext="" data-font="Symbol" data-listid="37" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"multilevel"}" data-aria-posinset="1" data-aria-level="1">Security Systems and Tools Management: Assist in the configuration, management, and maintenance of security tools (e.g., SIEM & XDR tools) to ensure effective threat detection. </li> </ul> <ul> <li data-leveltext="" data-font="Symbol" data-listid="37" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"multilevel"}" data-aria-posinset="2" data-aria-level="1">Log Review: Review logs from various sources such as network devices, servers, and applications to identify security events or irregular activities. </li> </ul> <ul> <li data-leveltext="" data-font="Symbol" data-listid="37" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"multilevel"}" data-aria-posinset="3" data-aria-level="1">SIEM & XDR Management: Ensure SIEM & XDR tools are operating properly, fine-tune them for better accuracy, and perform searches on security data. </li> </ul>   Collaboration and Escalation  <ul> <li data-leveltext="" data-font="Symbol" data-listid="38" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"multilevel"}" data-aria-posinset="1" data-aria-level="1">Work with L1 Analysts: Provide guidance and mentorship to L1 analysts on how to identify and escalate security incidents appropriately. </li> </ul> <ul> <li data-leveltext="" data-font="Symbol" data-listid="38" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"multilevel"}" data-aria-posinset="2" data-aria-level="1">Collaborate with Other Teams: Coordinate with internal teams (network security, IT operations, application security, etc.) to address vulnerabilities, incidents, and other security concerns. </li> </ul> <ul> <li data-leveltext="" data-font="Symbol" data-listid="38" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"multilevel"}" data-aria-posinset="3" data-aria-level="1">Incident Escalation to L3: For complex or advanced incidents, escalate issues to L3 analysts for deeper investigation and remediation. </li> </ul> Customer Communication & Incident Handling  <ul> <li data-leveltext="" data-font="Symbol" data-listid="31" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"multilevel"}" data-aria-posinset="1" data-aria-level="1">Engage with customers during security incidents and provide expert guidance. </li> </ul> <ul> <li data-leveltext="" data-font="Symbol" data-listid="31" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"multilevel"}" data-aria-posinset="2" data-aria-level="1">Conduct technical discussions to explain security threats and mitigation steps. </li> </ul> <ul> <li data-leveltext="" data-font="Symbol" data-listid="31" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"multilevel"}" data-aria-posinset="3" data-aria-level="1">Collaborate with internal and external teams for incident resolution. </li> </ul> Playbook Management & Troubleshooting  <ul> <li data-leveltext="" data-font="Symbol" data-listid="33" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"multilevel"}" data-aria-posinset="1" data-aria-level="1">Understand and modify XDR playbooks to automate security operations. </li> </ul> <ul> <li data-leveltext="" data-font="Symbol" data-listid="33" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"multilevel"}" data-aria-posinset="2" data-aria-level="1">Troubleshoot playbook errors and optimize automation workflows. </li> </ul> <ul> <li data-leveltext="" data-font="Symbol" data-listid="33" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"multilevel"}" data-aria-posinset="3" data-aria-level="1">Identify gaps in existing security automation and recommend enhancements </li> </ul>  Security Reporting and Documentation <ul> <li data-leveltext="" data-font="Symbol" data-listid="39" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"multilevel"}" data-aria-posinset="1" data-aria-level="1">Prepare Incident Reports: Document detailed incident reports and provide analysis on the severity and impact of security events for management and other stakeholders. </li> </ul> <ul> <li data-leveltext="" data-font="Symbol" data-listid="39" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"multilevel"}" data-aria-posinset="2" data-aria-level="1">Generate Logs and Metrics: Provide regular reports and metrics on security operations, highlighting trends, incidents, and areas of improvement. </li> </ul> <ul> <li data-leveltext="" data-font="Symbol" data-listid="39" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"multilevel"}" data-aria-posinset="3" data-aria-level="1">Compliance Reporting: Ensure that incident records meet internal and external compliance and regulatory requirements (e.g., GDPR, HIPAA, PCI DSS). </li> </ul> Continuous Improvement <ul> <li data-leveltext="" data-font="Symbol" data-listid="40" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"multilevel"}" data-aria-posinset="1" data-aria-level="1">Contribute to the development and improvement of SOC procedures, workflows, and tools to enhance the efficiency of security monitoring and incident response. </li> </ul> <ul> <li data-leveltext="" data-font="Symbol" data-listid="40" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"multilevel"}" data-aria-posinset="2" data-aria-level="1">Stay Current with Threats: Continuously update knowledge on emerging cybersecurity threats, trends, tools, and techniques to improve threat detection and response. </li> </ul> <ul> <li data-leveltext="" data-font="Symbol" data-listid="40" data-list-defn-props="{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"multilevel"}" data-aria-posinset="3" data-aria-level="1">Contribute to Training: Assist in training and developing junior staff (L1 analysts), ensuring the team’s overall readiness to handle incidents. </li> </ul>    Basic Qualifications:  <ul> <li data-start="67" data-end="167">Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or a related field</li> <li data-start="168" data-end="273">3+ years of experience in security operations, SIEM, or IT security with solid foundational knowledge</li> <li data-start="274" data-end="380">Hands-on experience with SIEM tools (e.g., Splunk, ArcSight, QRadar), endpoint protection, and IDS/IPS</li> <li data-start="381" data-end="473">Strong understanding of IT infrastructure, networking, and core cybersecurity principles</li> <li data-start="474" data-end="550">Excellent communication, problem-solving skills, and attention to detail</li> </ul>   Preferred Qualifications:  <ul> <li data-start="591" data-end="674">Relevant security certifications such as CISSP, CISM, GCIA, GCIH, or equivalent</li> <li data-start="675" data-end="774">Experience with modern SIEM platforms (e.g., Palo Alto XSIAM, Google SecOps, FortiSIEM, Splunk)</li> <li data-start="775" data-end="839">Exposure to SOAR platforms and security automation workflows</li> <li data-start="840" data-end="910">Knowledge of cloud security across AWS, Azure, or GCP environments</li> <li data-start="911" data-end="975">Experience working in hybrid or cloud-based SOC environments</li> </ul> <div class="content-conclusion">Why Gruve At Gruve, we foster a culture of innovation, collaboration, and continuous learning. We are committed to building a diverse and inclusive workplace where everyone can thrive and contribute their best work. If you’re passionate about technology and eager to make an impact, we’d love to hear from you. Gruve is an equal opportunity employer. We welcome applicants from all backgrounds and thank all who apply; however, only those selected for an interview will be contacted.</div>

Gruve

SOC Security Analyst at Gruve

SingaporeFull-timeManaged Services, CybersecurityPosted about 1 month ago

Apply with Pipeline

About the Role

Related Roles

About the Role

Related Roles