jobs in Sea Limited

全职 Lead Security Engineer, IT Security Operations 工作, 薪水, Sea Limited 公司招聘中 - Ricebowl

Lead Security Engineer, IT Security Operations

Sea Limited

Undisclosed

Singapore

分享
保存

工作地点

  • Singapore

职位描述

岗位职责

About Team

The Corporate IT Security Operations team plays an important role in securing our business operations globally, supporting Corporate IT’s mission of helping Sea develop competitive advantages to achieve strategic goals and meet operational requirements.
The Lead Security Engineer will be a key member of the team, supporting the IT Security Operations Manager in the engineering, operation, and continuous improvement of enterprise security platforms. This includes SIEM modernisation, EDR/XDR operations, security automation/orchestration, security data pipelines, process automation, and AI-assisted SecOps capabilities.
The ideal candidate will bring hands-on experience in security engineering, investigations, SIEM/EDR operations, automation, and data-driven SecOps improvements, helping the team strengthen how it detects, investigates, and responds to cybersecurity threats. This includes improving security data pipelines, alert quality, workflow automation, and AI-assisted capabilities such as alert enrichment, anomaly detection, and investigation support. The candidate should also provide coaching and technical guidance to uplift the team’s engineering, automation, and operational capabilities.

Job Description

  • Support the IT Security Operations Manager in IT security engineering, security platform operations, SIEM modernisation, and SecOps process automation.
  • Engineer, operate, and continuously improve enterprise security platforms, including SIEM, EDR/XDR, security automation/orchestration tools, and security data pipelines.
  • Support the migration and modernisation of the SIEM environment to Elastic on GCP, including log ingestion, pipeline development, dashboards, alerting, rule tuning, and platform optimisation.
  • Build and maintain security data pipelines for logs from corporate IT systems, networks, endpoints, identity platforms, cloud services, applications, and security tools.
  • Improve alert enrichment, investigation workflows, case routing, ticketing integration, operational dashboards, and reporting.
  • Support security monitoring, alert triage, threat investigation, incident response, detection tuning, and mitigation activities where required.
  • Translate investigation experience and SecOps pain points into practical engineering improvements, including better detections, false-positive reduction, automation playbooks, and runbooks.
  • Explore and support AI-enabled SecOps use cases, including anomaly detection, alert enrichment, investigation assistance, behavioural analytics, and automation of repetitive SOC workflows.
  • Partner with infrastructure, network, cloud, endpoint, identity, application, and cybersecurity teams to improve security visibility and operational effectiveness.
Provide coaching, technical guidance, solution review, and knowledge sharing to team members.
Maintain technical documentation, operational runbooks, security playbooks, platform standards, and handover materials.

Requirements

  • Bachelor’s degree in Computer Science, Cybersecurity, Information Security, Engineering, Information Technology, or a related discipline.
  • Relevant certifications in cybersecurity, cloud, SIEM, incident response, or security engineering, such as CISSP, GCIH, GCIA, Security+, Elastic, GCP, CrowdStrike, or similar, would be an advantage.
  • Minimum 5+ years of hands-on experience in Security Engineering, SecOps Engineering, SIEM Engineering, Detection Engineering, Incident Response, or related cybersecurity roles, including at least 2 years of exposure to investigation, alert triage, detection tuning, incident response, threat hunting, or SOC operations.
  • Good understanding of corporate IT and security logs, including firewall, proxy, VPN, DNS, DHCP, Active Directory, endpoint, identity, cloud, application, and infrastructure logs.
  • Hands-on experience with intrusion analysis, email analysis, malware analysis, incident response, or security engineering.
  • Hands-on experience with at least one major SIEM or security analytics platform, such as Elastic Security, Splunk, or similar.
  • Hands-on Experience with EDR/XDR platforms, preferably CrowdStrike or similar endpoint detection and response tools.
  • Experience with security automation using scripting, APIs, SOAR tools, n8n, Python, PowerShell, Bash, or similar technologies.
  • Experience with AI-assisted SecOps, including alert enrichment, anomaly detection, investigation support, SOC workflow automation, or LLM-enabled triage and reporting, would be an advantage
  • Strong interpersonal, leadership, and problem-solving skills, with ability to play both leading and supporting roles.
  • Initiative, resourceful, enthusiastic, and eager to learn in a fluid and fast-paced environment.

重要安全守则

申请工作时,切勿提供您的银行或信用卡详细资料。不要转账或完成无关的在线调查问卷。如果您发现可疑内容,请举报此招聘广告。

了解更多