Position: SOC Analyst Tier 1
Location: TGU Tower, Cebu IT Park
Job Type: Full-time (Onsite/Office)
Your Role
In this role, the SOC Analyst will respond to and actively monitor for security events. The analyst will perform tasks including monitoring, research, classification, and analysis of security events that occur on the network or endpoint. This may require working extra hours on an as needed basis.
You will be expected to detect and respond to information security incidents, develop, maintain, and follow procedures for security event alerting, and participate in security investigations. You need to have hands-on experience with email, endpoint, network threat detection, remediation, and threat hunting.
You should have familiarity with the principles of network and endpoint security, current threat and attack trends, a basic understanding of the OSI model, and have a working knowledge of defense in depth strategies.
You will be responsible for various activities within the security incident response lifecycle including detection, analysis, containment, eradication, recovery, and incident post-mortem reviews. You will be expected to thoroughly document their investigations and response actions within the SIEM and ticketing platform.
You will assist with development of new security alerts and tuning existing alerts for improving detection accuracy. will also be responsible for performing proactive threat hunting, vulnerability, and threat intelligence research as well as reviewing threat intelligence reports from our security partners.
Roles and Responsibilities
- Monitor SIEM, SOAR, EDR, and other security tools for detection and identification of security events.
- Document security investigations in a clear and consistent manner.
- Develop new use cases for security alerts.
- Tune existing use cases to improve accuracy.
- Tune endpoint and network security tools as needed.
- Perform threat hunting to identify potential security threats.
- Perform vulnerability and threat intelligence research.
- Review threat intelligence reports.
- Ability to work after hours if needed.
Security Event Response
- Perform security anomaly and event detection.
- Investigate, contain, and resolve security anomalies and events.
- Perform threat attribution.
- Identification of likely threat vector for security events and incidents.
Minimum Qualifications
- Experience working with multiple SIEM, EDR, Log Aggregators, and Incident Response Management solutions.
- Moderate knowledge of current threat landscape (threat actors, APT, cyber-crime, etc.)
- Moderate knowledge of security related technologies and their functions (IDS, IPS, EDR, IRP, FW, WAF, SIEM, etc.)
- Basic knowledge of audit requirements (PCI, HIPPA, SOX, etc.)
- Strong technical knowledge of Networking, Operating Systems, and enterprise integrations.
- Firm understanding of the security incident lifecycle.
- Thorough understanding of TCP/IP.
- Understand IDS / IPS rules to identify and/or prevent malicious activity.
- Basic knowledge of forensic methodologies and best practices to investigate intrusions, preserve evidence and coordinate a unified security response.
- Ability to proactively perform threat hunting to identify undetected security events.
- Basic knowledge of malware analysis.
- Basic understanding of SQL.
- Understanding of Packet Analysis (PCAP) and Packet Analysist software.
Preferred Qualifications
- Bachelor's degree in Cybersecurity, Computer Engineering, Information Technology, or related field.
- Candidate will possess ability to be a successful self-starter.
- Understanding of Advanced Persistent Threats
- Experience with Python, PowerShell, and API programming is a plus.
- Understanding of the VERIS and MITRE ATT&CK frameworks is a plus.
- Experience in handling SIEM and SOAR is a plus.
