Job Description

About the Role: Manager of Detection and Response will play a key role in leading our SOC efforts, coordinating with external SOC vendors, and internal stakeholders to ensure a robust and timely response to security incidents. This role requires hands-on experience with AWS incident response and a deep understanding of modern threat landscapes, detection techniques, and response processes. You will not focus on basic security analysis but will rather bring strategic leadership in responding to and managing security incidents. Key Responsibilities: Lead and manage SOC operations in collaboration with external vendors and internal teams. Drive the incident detection and response lifecycle, including monitoring, triage, containment, eradication, recovery, and post-incident analysis. Serve as the primary point of contact for SOC incident response activities, leveraging your expertise to mitigate risks and resolve threats. Ensure that all incidents are thoroughly documented, analyzed, and communicated to stakeholders with actionable recommendations. Develop, refine, and enforce incident response playbooks, procedures, and reporting structures. Collaborate with security engineering, DevOps, and cloud teams to continuously improve detection capabilities and incident response readiness. Conduct regular threat hunting and ensure visibility into emerging threat vectors, particularly in the cloud environment. Stay up-to-date on the latest attack vectors, vulnerabilities, and incident response technologies. Foster a culture of continuous improvement in incident response by providing feedback, conducting post-incident reviews, and implementing lessons learned. Manage and communicate with executive stakeholders during high-severity incidents. Key Qualifications: Bachelors degree in Cybersecurity, Information Technology, or a related field; advanced certifications (such as CISSP, AWS Certified Security - Specialty, GCIH, GCIA) are a plus. 7+ years of experience in information security, with at least 3 years in a leadership role Strong experience in incident detection and response, particularly in AWS environments In-depth knowledge of leading incident response efforts for cloud-based infrastructures. Proven ability to manage relationships with external vendors and coordinate joint efforts for SOC operations. In-depth knowledge of detection technologies, including SIEM, IDS/IPS, and EDR solutions. Familiarity with common security frameworks (e.g., NIST, ISO 27001, CIS) Excellent communication and stakeholder management skills, particularly in high-pressure situations. Ability to work collaboratively with cross-functional teams including engineering, DevOps, and product teams in a fast-paced environment. Experience with SIEM tools, log analysis, and security automation Experience in managing and improving SOC processes and ensuring continuous monitoring of advanced threats. Strong analytical and problem-solving skills Excellent communication and leadership abilities Required Skills: Proven experience in managing threat detection and response operations and vendor relationships Expert-level knowledge of AWS security services and incident response procedures Proficiency in scripting languages (e.g., Python, PowerShell) for security automation Experience with threat hunting and advanced persistent threat (APT) detection Strong knowledge of the MITRE framework In-depth knowledge of cyber kill chain and their stages to identify early indicators of compromise Strong understanding of network protocols and common attack vectors Has experience in Datadog Preferred Qualifications: Relevant security certifications (e.g., CISSP, CISM, GCIA, GCIH) Experience in cloud security beyond basic security concepts in AWS Knowledge of DevSecOps practices and tools Experience in a multi-cloud or hybrid-cloud environment About Liminal: Liminal is a compliant and insured digital asset custody and wallet infrastructure provider. Launched in April 2021, Liminal Custody is a CCSS Level 3, SOC Type 2, and ISO 27001 27701 certified organization. Based in Singapore, Liminal has operations spread across APAC, MENA, and Europe, along with offices in Singapore, India, and UAE. The company has received an FSP license from FSRA in ADGM and initial approval from VARA. Liminal takes pride in supporting businesses with its qualified and insured custody (self and institutional) that enables stress-free safekeeping of digital assets for institutions. It also provides a cutting-edge wallet infrastructure platform that is secure, compliant, and automated and comes with a plug-and-play architecture for faster onboarding of developers, business partners, and government agencies. Our website - https://www.liminalcustody.com/