Centre for Strategic Infocomm Technologies (CSIT)

[LTA-ITCD] LEAD / PRINCIPAL / SENIOR CYBER THREAT INTEL ANALYST

Centre for Strategic Infocomm Technologies (CSIT)  •  Singapore, SG (Onsite)  •  28 days ago
Apply
Save Job
Mark Applied Mark Interviewed Mark Offered
Hide Job Report Job
AI can make mistakes so check important info. Chat history is never stored.

Job Description

[What the role is]

[LTA-ITCD] LEAD / PRINCIPAL / SENIOR CYBER THREAT INTEL ANALYST

[What you will be working on]

The Cyber Threat Intelligence Analyst will be responsible for identifying, tracking, and analysing emerging cyber threats, with a focus on protecting critical IT/OT systems in the land transportation sector. This role goes beyond passive news consumption and emphasises active threat research, transforming global threat data into localised, actionable monitoring strategies and detection logic.

Key Responsibilities

  • Intelligence Programme Development: Lead the development and continuous improvement of the Threat Intelligence (TI) function, including the implementation of of Standard Operating Procedures (SOPs) and CTI solution for intelligence collection, analysis, and dissemination.
  • Threat Research & Actor Tracking : Conduct proactive research into the Tactics, Techniques, and Procedures (TTPs) of threat actors, with particular focus on the Asia‑Pacific region and Industrial Control Systems (ICS).
  • Monitoring List Management : Curate, validate, and maintain high‑fidelity monitoring lists, including Indicators of Compromise (IOCs), for ingestion into SIEM, EDR, and Network Traffic Analysis tools.
  • Detection Engineering Support : Translate research findings into technical detection artefacts, such as YARA, Sigma, or Snort rules, to strengthen proactive threat hunting and detection capabilities.
  • Incident Response Integration : Act as the Tier- 3 intelligence lead during critical incidents, providing real‑time threat context, infrastructure pivoting, and attribution support to the CERT team.
  • Vulnerability Intelligence : Monitor and prioritise newly disclosed CVEs based on the organisation’s technology stack, providing actionable, risk‑based assessments to patching and infrastructure teams.
  • TTP Mapping : Map observed adversary behaviours to the MITRE ATT&CK framework to identify visibility gaps and areas for improvement in existing security controls.
  • Stakeholder Reporting : Produce high‑quality intelligence report/ update (including Flash Alerts) for emerging or imminent threats and monthly strategic summaries for management and public transport operators.

Technical Skills & Competencies

  • OSINT & Investigation - Strong capability in conducting open‑source investigations across surface, deep, and dark web sources, including forums, code repositories, and social media, to identify leaked credentials or planned threat campaigns.
  • Automation - Proficiency in scripting to build custom scrapers, automate Threat Intelligence Platform (TIP) workflows, and manage large‑scale intelligence datasets.
  • Log Analysis - Ability to correlate threat intelligence with internal telemetry (e.g. proxy, firewall, EDR logs) to validate malicious activity and identify early indicators of compromise.
  • Framework Knowledge - Strong understanding of MITRE ATT&CK, Diamond Model of Intrusion Analysis, and Cyber Kill Chain.

[What we are looking for]

  • Knowledge in Computer Science, Computer Engineering, Information Technology or related field.
  • At least 8 years of experience in cybersecurity, with at least 4 years in Threat Intelligence, Advanced SOC Operations, or Incident Response roles.
  • Education - Bachelor’s degree in Computer Science, Information Security, or a related discipline.
  • Professional Certifications - GIAC Cyber Threat Intelligence (GCTI) or Certified Information Systems Security Professional (CISSP)
  • Desired Technical Certifications - Relevant technical certifications such as GIAC Certified Incident Handler (GCIH), GIAC Certified Forensic Analyst (GCFA) or GIAC Reverse Engineering Malware (GREM) would be advantageous.
  • Demonstrated track record in mentoring junior analysts and uplifting SOC/CERT capabilities.
  • Strong technical writing and communication skills, with the ability to brief senior leadership and executive stakeholders on complex cyber risk matters.
  • Ability to operate effectively in a cross‑matrix environment, as well as independently and decisively in a fast‑paced, high‑impact operational setting.
Centre for Strategic Infocomm Technologies (CSIT)

About Centre for Strategic Infocomm Technologies (CSIT)

The Centre for Strategic Infocomm Technologies (CSIT) is a technical agency in the Ministry of Defence that harnesses advanced digital technologies to meet Singapore’s security needs.

We develop capabilities to support missions such as cyber defence, counter terrorism, and counter hostile information operations. Our technical focus includes cybersecurity, data analytics, software engineering, and cloud infrastructure and services.

CSIT was established in 2003 and is a member of the Defence Technology Community.

Visit www.csit.gov.sg for more info and find out about our career/ scholarship/internship opportunities!

Industry
IT & Software
Company Size
501-1,000 employees
Headquarters
Singapore, SG
Year Founded
2003
Website
gov.sg
Social Media