Apply now »

We are now ONE! #CelcomDigi                                                                                                                                                                                                                                                                  Celcom and Digi have merged with the aim to create Malaysia’s most inspiring telco-tech company, building on two well-loved brands with over six decades of combined strengths in innovation and connecting Malaysians.

Cyber Threat & Incident Specialist

Date:  28 Apr 2026
Custom Field 2:  14776
Employment Type:  Permanent
City:  CelcomDigi Hub, Subang Jaya
Description: 

Job Description

The focus of the Cyber Threat Response is to distinguish, interrupt and suppress threats actors on enterprise networks. To execute this mission, the Cyber Threat Response will use data analysis, threat intelligence, and cutting-edge security technologies. Working in the Cyber Threat and Incident Management team, the Cyber Threat Response is responsible for detecting and assessing cyber security events and incidents across the enterprise environment. Cyber Threat Response will also lead and execute annual cyber security compliance calendar such as Cyber Drills / Tabletop Exercises / Wargames, use cases review on security controls (AV, EDR, firewall, network sensors, SIEM) based on latest threats, DDoS simulation etc. The candidate must have a curious investigative mind, an interest in information security, and the ability to communicate complex ideas to varied audiences.

Responsibilities

  • Keep up to date with information security news, attacker techniques (TTPs), campaigns, emerging threats, and industry trends by leveraging internal telemetry, open‑source intelligence (OSINT), commercial Threat Intelligence feeds, ISACs, and vendor advisories; proactively assess relevance and impact to CelcomDigi.
  • Analyze and correlate security dashboards, alerts, logs, and intelligence reports to identify indicators of compromise (IOCs), threat actor behavior, and potential attack patterns affecting the organization.
  • Facilitate Cyber Incident Remediation for any incident or change request by incorporating threat intelligence context (threat actors, tactics, infrastructure, historical trends) to prioritize and remediate potential cyber threats within the CelcomDigi environment.
  • Assist with tickets relating to whitelisting, blocking, and reputation management by validating IPs, domains, URLs, hashes, and certificates against threat intelligence sources; liaise with users for additional details and coordinate implementation within security controls.
  • Examine alerts from various security monitoring tools (SIEM, EDR, NDR, SOAR, Threat Intelligence Platforms), perform triage and scoping using intelligence‑driven analysis; execute in‑depth intrusion analysis, cyber forensics, malware analysis, and basic reverse engineering, escalating high‑risk or campaign‑level threats as necessary.
  • Perform proactive threat hunting activities by leveraging threat intelligence hypotheses, MITRE ATT&CK mapping, historical incident data, and adversary emulation techniques to uncover stealthy or previously undetected threats.
  • Produce actionable threat intelligence outputs such as tactical alerts, operational intelligence reports, and strategic threat briefings for SOC, IT, management, and executive stakeholders.
  • Provide technical Tier 2 and Tier 3 support, including intelligence‑led advisory support to internal stakeholders such as Security Operations, IT, Fraud, and Network teams.
  • Participate in annual cybersecurity compliance and resilience activities including Cyber Drills, Tabletop Exercises, and Wargames by contributing real‑world threat scenarios, adversary playbooks, and intelligence‑based attack simulations.
  • Establish and maintain clear protocols for threat intelligence sharing and communication within the organization and with external entities including regulators, law enforcement, industry partners, and inter‑OpCos, ensuring timely and appropriate information exchange.
  • Maintain and continuously improve threat intelligence lifecycle processes including collection, processing, analysis, dissemination, and feedback to enhance detection, response, and prevention capabilities.
  • Demonstrate hands‑on implementation and operational use of Threat Intelligence and Threat Hunting via platforms and tools (e.g., TIPs, SIEM, SOAR, EDR, sandboxing, malware analysis tools), ensuring intelligence is effectively operationalized across security functions.

Requirements

  • Bachelors degree in a related field such as Computer Science, IT or a Cyber-Security related field.
  • 2–3 years of hands‑on experience in Cyber Security Operations, Threat Intelligence, SOC, Incident Response, or a related cybersecurity role.
  • Proven experience independently triaging, investigating, and escalating security alerts and incidents using SIEM, EDR, NDR, or equivalent security monitoring tools.
  • Solid understanding of threat intelligence fundamentals, including threat actors, malware families, attack vectors, adversary TTPs, and IOC lifecycle management.
  • Practical experience supporting incident remediation and containment activities, including coordination across SOC, IT, Network, or Fraud teams.
  • Working exposure to threat hunting activities, using intelligence‑driven hypotheses and frameworks such as MITRE ATT&CK.
  • Ability to perform moderate‑level malware, intrusion, or forensic analysis, with guidance for advanced or highly complex cases.
  • Hands‑on experience with whitelisting, blocking, and reputation management, including validation against threat intelligence sources.
  • Ability to translate threat intelligence into actionable insights for operational teams and contribute to reports or briefings for stakeholders.
  • Experience participating in cyber drills, tabletop exercises, or simulations, with the ability to apply real‑world threat scenarios.
  • Strong analytical, documentation, and communication skills; able to collaborate effectively and support or guide junior analysts when required.
  • Relevant professional certifications (e.g. CEH, GCIH, GCIA, Threat Intelligence certifications) are preferred but not mandatory.
Business Unit:  TECHNOLOGY

Job Description

The focus of the Cyber Threat Response is to distinguish, interrupt and suppress threats actors on enterprise networks. To execute this mission, the Cyber Threat Response will use data analysis, threat intelligence, and cutting-edge security technologies. Working in the Cyber Threat and Incident Management team, the Cyber Threat Response is responsible for detecting and assessing cyber security events and incidents across the enterprise environment. Cyber Threat Response will also lead and execute annual cyber security compliance calendar such as Cyber Drills / Tabletop Exercises / Wargames, use cases review on security controls (AV, EDR, firewall, network sensors, SIEM) based on latest threats, DDoS simulation etc. The candidate must have a curious investigative mind, an interest in information security, and the ability to communicate complex ideas to varied audiences.

Responsibilities

  • Keep up to date with information security news, attacker techniques (TTPs), campaigns, emerging threats, and industry trends by leveraging internal telemetry, open‑source intelligence (OSINT), commercial Threat Intelligence feeds, ISACs, and vendor advisories; proactively assess relevance and impact to CelcomDigi.
  • Analyze and correlate security dashboards, alerts, logs, and intelligence reports to identify indicators of compromise (IOCs), threat actor behavior, and potential attack patterns affecting the organization.
  • Facilitate Cyber Incident Remediation for any incident or change request by incorporating threat intelligence context (threat actors, tactics, infrastructure, historical trends) to prioritize and remediate potential cyber threats within the CelcomDigi environment.
  • Assist with tickets relating to whitelisting, blocking, and reputation management by validating IPs, domains, URLs, hashes, and certificates against threat intelligence sources; liaise with users for additional details and coordinate implementation within security controls.
  • Examine alerts from various security monitoring tools (SIEM, EDR, NDR, SOAR, Threat Intelligence Platforms), perform triage and scoping using intelligence‑driven analysis; execute in‑depth intrusion analysis, cyber forensics, malware analysis, and basic reverse engineering, escalating high‑risk or campaign‑level threats as necessary.
  • Perform proactive threat hunting activities by leveraging threat intelligence hypotheses, MITRE ATT&CK mapping, historical incident data, and adversary emulation techniques to uncover stealthy or previously undetected threats.
  • Produce actionable threat intelligence outputs such as tactical alerts, operational intelligence reports, and strategic threat briefings for SOC, IT, management, and executive stakeholders.
  • Provide technical Tier 2 and Tier 3 support, including intelligence‑led advisory support to internal stakeholders such as Security Operations, IT, Fraud, and Network teams.
  • Participate in annual cybersecurity compliance and resilience activities including Cyber Drills, Tabletop Exercises, and Wargames by contributing real‑world threat scenarios, adversary playbooks, and intelligence‑based attack simulations.
  • Establish and maintain clear protocols for threat intelligence sharing and communication within the organization and with external entities including regulators, law enforcement, industry partners, and inter‑OpCos, ensuring timely and appropriate information exchange.
  • Maintain and continuously improve threat intelligence lifecycle processes including collection, processing, analysis, dissemination, and feedback to enhance detection, response, and prevention capabilities.
  • Demonstrate hands‑on implementation and operational use of Threat Intelligence and Threat Hunting via platforms and tools (e.g., TIPs, SIEM, SOAR, EDR, sandboxing, malware analysis tools), ensuring intelligence is effectively operationalized across security functions.

Requirements

  • Bachelors degree in a related field such as Computer Science, IT or a Cyber-Security related field.
  • 2–3 years of hands‑on experience in Cyber Security Operations, Threat Intelligence, SOC, Incident Response, or a related cybersecurity role.
  • Proven experience independently triaging, investigating, and escalating security alerts and incidents using SIEM, EDR, NDR, or equivalent security monitoring tools.
  • Solid understanding of threat intelligence fundamentals, including threat actors, malware families, attack vectors, adversary TTPs, and IOC lifecycle management.
  • Practical experience supporting incident remediation and containment activities, including coordination across SOC, IT, Network, or Fraud teams.
  • Working exposure to threat hunting activities, using intelligence‑driven hypotheses and frameworks such as MITRE ATT&CK.
  • Ability to perform moderate‑level malware, intrusion, or forensic analysis, with guidance for advanced or highly complex cases.
  • Hands‑on experience with whitelisting, blocking, and reputation management, including validation against threat intelligence sources.
  • Ability to translate threat intelligence into actionable insights for operational teams and contribute to reports or briefings for stakeholders.
  • Experience participating in cyber drills, tabletop exercises, or simulations, with the ability to apply real‑world threat scenarios.
  • Strong analytical, documentation, and communication skills; able to collaborate effectively and support or guide junior analysts when required.
  • Relevant professional certifications (e.g. CEH, GCIH, GCIA, Threat Intelligence certifications) are preferred but not mandatory.

Next Steps

Next Steps

Thank you for taking the first step towards joining our team at CelcomDigi! After submitting your application, our Talent Acquisition team will review your CV and reach out to shortlisted candidates to guide you through the next steps, including a pre-screening conversation, interviews and or assessments.

At CelcomDigi, we aspire to be Malaysia’s leading telco-tech company — the nation’s digital growth engine — powering transformation through 5G, AI, and innovation that impacts over 20 million customers. Here, your role goes beyond work. It’s about enabling businesses to thrive, connecting communities, and advancing society, as we build a brand rooted in trust, reliability and customer excellence. Aligned with our employer value proposition, Grow with Purpose. Build with Trust, you’ll have the opportunity to innovate responsibly and create digital solutions that truly make a difference. If you're driven, future focused, and ready to be part of something bigger, we want you on our team. 

Let’s advance and inspire Malaysia together! #WeAreCelcomDigi

Follow CelcomDigi on LinkedIn and vote for us as Malaysia’s Most Preferred Employer at the GRADUAN Brand Awards

CelcomDigi is an equal opportunity employer, and committed to promote employment practices that are transparent, objective and fair. 


Job Segment: Cyber Security, Information Security, Compliance, Computer Forensics, Data Analyst, Security, Technology, Legal, Data

Apply now »