Senior SOC Engineer (GTS - Command Centre)

As Singapore’s longest established bank, we have been dedicated to enabling individuals and businesses to achieve their aspirations since 1932. How? By taking the time to truly understand people. From there, we provide support, services, solutions, and career paths that meet their individual needs and desires.

 Today, we’re on a journey of transformation. Leveraging technology and creativity to become a future-ready learning organisation. But for all that change, our strategic ambition is consistently clear and bold, which is to be Asia’s leading financial services partner for a sustainable future.

 We invite you to build the bank of the future. Innovate the way we deliver financial services. Work in friendly, supportive teams. Build lasting value in your community. Help people grow their assets, business, and investments. Take your learning as far as you can. Or simply enjoy a vibrant, future-ready career.

Your Opportunity Starts Here.

Why Join
Protecting our customers' assets and data is at the heart of everything we do at OCBC. As a Cyber Engineering - Risk professional, you'll play a critical role in safeguarding our systems and networks from cyber threats. You'll be part of a team that's shaping the future of cybersecurity in the financial industry.
How you succeed
The candidate will be part of the Cyber Security Operations team and will be responsible for engineering and enhancing SOC capabilities across threat detection, automation, SOAR playbooks, AI-assisted workflows and SOC tooling. The candidate will support the development of scalable, repeatable and measurable capabilities to improve threat monitoring, investigation efficiency and response readiness.
What you do

• Develop and maintain SOAR playbooks, automation workflows and AI-assisted SOC processes to support alert triage, enrichment, correlation, investigation and response.

• Design automated enrichment and correlation workflows to improve investigation context and reduce manual analysis.

• Review detection effectiveness, false positives, coverage gaps and recurring alert patterns, and recommend improvements to prevention, detection and response capabilities.

• Lead development, validation and finetuning of detection use cases, SOAR playbooks and AI-assisted SOC workflows.

• Manage integration of SOC tools and data sources to improve alert enrichment, event correlation, investigation context, automation reliability and reporting.

• Drive troubleshooting of detection issues, broken playbooks, failed automations, data quality issues and platform-related constraints affecting SOC operations.

• Optimise usage of SOC tools and evaluate new technologies where required.

• Build repeatable and efficient engineering processes to support monitoring, detection, analysis, escalation and remediation of potential cyber security incidents.

• Track and report effectiveness of SOC engineering enhancements such as playbook adoption, automation rate and analyst effort reduction.

• Provide technical guidance to SOC analysts on effective use of SOC tools, detection logic, SOAR playbooks and AI-assisted investigation workflows.

• Identify opportunities where automation, AI-assisted triage or agentic workflows can safely reduce manual effort, improve investigation consistency and accelerate response.

• Identify opportunities for SOC improvements, including metrics definition, playbook enhancements, detection optimisation, workflow automation and analyst capability uplift.

• Prioritise tasks appropriately and formulate clear responses or recommendations to stakeholders in a fast-paced environment.

Who you are

• 5 or more years of experience in a SOC environment, security engineering, detection engineering, incident response or related cybersecurity field.

• Strong hands-on experience with SOC tools such as SIEM, SOAR, EDR, XDR or UEBA.

• Experience developing and maintaining SOAR playbooks or automation workflows.

• Experience designing, developing, deploying and finetuning security monitoring use cases based on frameworks such as MITRE ATT&CK.

• Experience developing threat detection content, SIEM correlation rules, EDR queries, dashboards and alert tuning recommendations.

• Strong proficiency in SIEM, network traffic, host event and security event log analysis.

• Good understanding of Windows, Linux, Active Directory, identity compromise, network protocols, cloud/SaaS logs, endpoint artefacts and common attacker techniques.

• Experience working with threat intelligence, IOCs and TTPs to support detection and response capability development.

• Experience with REST APIs, JSON, webhooks and other tool integration.

• Proficiency in Python, PowerShell, Bash or similar scripting is preferred.

• Ability to write clear technical documentation, workflow diagrams, implementation guides and analyst-facing procedures.

• Ability to prioritise effectively, manage competing operational demands and make sound technical recommendations.

• Familiarity with AI-assisted security operations, SOC copilots, automated enrichment, agentic workflows or machine-assisted triage is a plus.

• Experience in banking, financial services, critical infrastructure or highly regulated environments is a plus.

• Relevant certifications such as GCIH, GCIA, GCFA, GNFA, GREM, OSCP, CISSP, Splunk, Microsoft Sentinel, SOAR-related certifications or equivalent are preferred.

Who we are
As Singapore's longest established bank, we have been dedicated to enabling individuals and businesses to achieve their aspirations since 1932. How? By taking the time to truly understand people. From there, we provide support, services, solutions, and career paths that meet their individual needs and desires.
Today, we're on a journey of transformation. Leveraging technology and creativity to become a future-ready learning organisation.
But for all that change, our strategic ambition is consistently clear and bold, which is to be Asia's leading financial services partner for a sustainable future.
We invite you to build the bank of the future. Innovate the way we deliver financial services. Work in friendly, supportive teams. Build lasting value in your community. Help people grow their assets, business, and investments. Take your learning as far as you can. Or simply enjoy a vibrant, future-ready career. Your Opportunity Starts Here.

Competitive base salary. A suite of holistic, flexible benefits to suit every lifestyle. Community initiatives. Industry-leading learning and professional development opportunities. Your wellbeing, growth and aspirations are every bit as cared for as the needs of our customers.