[LTA-ITCD] LEAD / PRINCIPAL / SENIOR CYBER THREAT INTEL ANALYST at Public Service Division

, , Singapore -

Full Time

Start Date

Immediate

Expiry Date

31 Jul, 26

Salary

0.0

Posted On

02 May, 26

Experience

5 year(s) or above

Remote Job

Yes

Telecommute

Yes

Sponsor Visa

Skills

Cyber Threat Intelligence, Threat Research, Incident Response, Log Analysis, Detection Engineering, OSINT, Automation, MITRE ATT&CK, ICS Security, Vulnerability Management, SIEM, EDR, Network Traffic Analysis, Technical Writing, Stakeholder Management, Mentoring

Industry

IT Services and IT Consulting

Description

[What the role is] [LTA-ITCD] LEAD / PRINCIPAL / SENIOR CYBER THREAT INTEL ANALYST [What you will be working on] The Cyber Threat Intelligence Analyst will be responsible for identifying, tracking, and analysing emerging cyber threats, with a focus on protecting critical IT/OT systems in the land transportation sector. This role goes beyond passive news consumption and emphasises active threat research, transforming global threat data into localised, actionable monitoring strategies and detection logic. Key Responsibilities Intelligence Programme Development: Lead the development and continuous improvement of the Threat Intelligence (TI) function, including the implementation of of Standard Operating Procedures (SOPs) and CTI solution for intelligence collection, analysis, and dissemination. Threat Research & Actor Tracking : Conduct proactive research into the Tactics, Techniques, and Procedures (TTPs) of threat actors, with particular focus on the Asia‑Pacific region and Industrial Control Systems (ICS). Monitoring List Management : Curate, validate, and maintain high‑fidelity monitoring lists, including Indicators of Compromise (IOCs), for ingestion into SIEM, EDR, and Network Traffic Analysis tools. Detection Engineering Support : Translate research findings into technical detection artefacts, such as YARA, Sigma, or Snort rules, to strengthen proactive threat hunting and detection capabilities. Incident Response Integration : Act as the Tier- 3 intelligence lead during critical incidents, providing real‑time threat context, infrastructure pivoting, and attribution support to the CERT team. Vulnerability Intelligence : Monitor and prioritise newly disclosed CVEs based on the organisation’s technology stack, providing actionable, risk‑based assessments to patching and infrastructure teams. TTP Mapping : Map observed adversary behaviours to the MITRE ATT&CK framework to identify visibility gaps and areas for improvement in existing security controls. Stakeholder Reporting : Produce high‑quality intelligence report/ update (including Flash Alerts) for emerging or imminent threats and monthly strategic summaries for management and public transport operators. Technical Skills & Competencies OSINT & Investigation - Strong capability in conducting open‑source investigations across surface, deep, and dark web sources, including forums, code repositories, and social media, to identify leaked credentials or planned threat campaigns. Automation - Proficiency in scripting to build custom scrapers, automate Threat Intelligence Platform (TIP) workflows, and manage large‑scale intelligence datasets. Log Analysis - Ability to correlate threat intelligence with internal telemetry (e.g. proxy, firewall, EDR logs) to validate malicious activity and identify early indicators of compromise. Framework Knowledge - Strong understanding of MITRE ATT&CK, Diamond Model of Intrusion Analysis, and Cyber Kill Chain. [What we are looking for] Knowledge in Computer Science, Computer Engineering, Information Technology or related field. At least 8 years of experience in cybersecurity, with at least 4 years in Threat Intelligence, Advanced SOC Operations, or Incident Response roles. Education - Bachelor’s degree in Computer Science, Information Security, or a related discipline. Professional Certifications - GIAC Cyber Threat Intelligence (GCTI) or Certified Information Systems Security Professional (CISSP) Desired Technical Certifications - Relevant technical certifications such as GIAC Certified Incident Handler (GCIH), GIAC Certified Forensic Analyst (GCFA) or GIAC Reverse Engineering Malware (GREM) would be advantageous. Demonstrated track record in mentoring junior analysts and uplifting SOC/CERT capabilities. Strong technical writing and communication skills, with the ability to brief senior leadership and executive stakeholders on complex cyber risk matters. Ability to operate effectively in a cross‑matrix environment, as well as independently and decisively in a fast‑paced, high‑impact operational setting. http://jobs.careers.gov.sg The Singapore Public Service plays a key role in the economic growth, progress and stability of Singapore by formulating and implementing government policies, as well as providing key public services. Whether you are a fresh graduate joining the workforce or an experienced professional, the Singapore Public Service offers a great variety of job opportunities for you. The work in the Public Service can be broadly categorised into the following sectors: Economic, Social, Security & External Relations, and Administration & Corporate Development. Be part of the team that shapes the future of Singapore. Log on and take your first step towards a career that matters! Need help? Please click here for assistance. Our team will contact you shortly!

Responsibilities

The analyst will lead the development of threat intelligence functions, including tracking threat actors and developing detection logic for critical IT/OT systems. They will also provide real-time intelligence support during incidents and produce actionable reports for management and stakeholders.