Job Description
Ready to join Accenture's team of empowered people We're looking for candidates with the following skills and experience for this role. Do you fit the profile If you do, we'd love to hear from you!
In adherence to Accenture's process of Identity Verification, your resume or CV must include your photo to ensure the accuracy of your application.
Who we are:
Accenture in the Philippines is a pioneer in Accenture's global delivery network. Over the past 30 years, we have expanded our capabilities to become a powerhouse company providing end-to-end technology and business services. As part of Accenture's global footprint in over 120 countries, covering 40-plus industries, we have been working with the biggest companies in the country and around the globe.
Innovation, a constant at Accenture, enables us to find new ways to stay ahead of our clients challenges. Our inclusive, diverse, and strong culture of equality helps us constantly drive innovation in the workplace. By combining our industry expertise and the deep skills of our people with the latest technologies and our uncompromising high-performance standards, we help organizations grow their business and succeed in the digital age.
What's in it for you
At Accenture you will work on meaningful and innovative projects, powered by the latest technologies. You'll be immersed in industry best practices such as event-driven architectures and domain-driven designs. Accenture will continually invest in your learning and growth. You'll work with Accenture's certified practitioners, and Accenture will support you in growing your own tech stack and certifications.
SOC L3 Analyst
Job Summary:
The SOC Level 3 Analyst functions as a senior technical authority within the Security Operations Center, responsible for handling the most complex and high-priority security incidents. This role serves as the primary escalation point for L1 and L2 analysts, providing expert guidance, mentorship, and quality assurance. In addition to leading incident response efforts, the SOC L3 Analyst conducts advanced, periodic threat hunting using a variety of tools, techniques, and intelligence sources to proactively identify malicious activity. The role requires close collaboration with engineering teams, threat intelligence units, incident responders, and client stakeholders to continuously enhance detection, investigation, and response capabilities.
Key Responsibilities:
Lead investigations of complex security incidents and provide expert-level support to clients and junior SOC analysts
Conduct proactive, intelligence-driven threat hunting to detect advanced threats and stay ahead of the evolving threat landscape.
Develop, refine, and optimize detection use cases and correlation rules based on new log sources and threat insights.
Provide SIEM/SOAR tuning recommendations to improve detection accuracy and reduce false positives.
Maintain and enhance incident response playbooks and SOPs to ensure alignment with operational and client needs.
Mentor and train L1/L2 analysts on detection techniques, response procedures, and new SOC tools or workflows.
Act as a senior technical contact during major incidents and deliver clear, actionable incident reports and recommendations.
Drive enhancements in SOC operations by reviewing SLAs, refining workflows, and supporting log learning and detection capability development.
SOC Level 2 Analyst
Job Summary:
The SOC Level 2 Analyst is responsible for conducting in-depth investigations, root-cause analysis, and responding to complex security incidents escalated by Intrusion Analysts. This role includes validating and analyzing security logs, providing expert guidance and mentorship, and collaborating closely with IT, security teams, and Content Engineers to improve and fine-tune detection use-cases.
Key Responsibilities
Continuously monitor and analyze security alerts and events from SIEM, IDS/IPS, firewalls, and endpoint protection platforms, providing 9x5 support with on-call availability as needed.
Perform deep-dive investigations of escalated incidents, determining root cause, impact, and appropriate response. Own the end-to-end resolution process and escalate to Level 3 analysts when required.
For validated high or critical incidents, initiates the Major Incident Management process, engage CSIRT and/or external incident response teams, and act as the Singe Point of Contact (SPOC) during the initial response phase.
Conduct basic retroactive threat hunting using an Indicator of Compromise (IoC) driven approach to proactively identify potential threats.
Work closely with engineering teams to request case updates, whitelisting, and resolve parsing issues. Escalate complex or unresolved issues promptly.
Supervise and mentor Intrusion Analysts, conduct quality assurance (QA) reviews of incidents they handle, and guide them on best practices.
Maintain clear, concise documentation of incidents, findings, and response actions. Ensure accurate shift handovers and update playbooks, SOPs, and reaction plans regularly.
Provide recommendations for enhancing detection logic, SOC processes, and tools. Support the tuning and creation of detection rules and use cases in collaboration with Content Engineers.
Generate ad-hoc reports based on client or management requests and ensure effective communication with relevant stakeholders throughout the incident lifecycle.
Job Qualifications:
SOC L3 Job Requirements:
6-8 years of experience in cybersecurity, including a minimum of 2 years in a SOC Level 3 or equivalent senior incident response/threat detection role.
Advanced hands-on experience with SIEM platforms, EDR tools, and cloud-native security solutions.
Deep understanding of network protocols, intrusion detection/prevention systems (IDS/IPS), malware behavior, and packet-level traffic analysis.
Proficient in system administration and security for Unix/Linux, Windows, and mobile operating systems, with the ability to assess platform-specific threats and vulnerabilities.
Experience with scripting or programming languages for automation, threat detection logic, or custom tooling.
Must understand threat actor behaviors, TTPs, and indicators of compromise, and be able to apply frameworks like MITRE ATT&CK.
Should be familiar with common system and application vulnerabilities such as buffer overflows, injections, and XSS.
Experience in threat hunting, adversary simulation, and digital forensics is required to detect hidden or emerging threats.
Should have a working knowledge of malware behavior and basic reverse engineering techniques.
Demonstrated ability to stay up to date with the latest security threats, tools, and defensive techniques is expected.
Preferred certifications include CISSP, GCIH, CEH, CySA+, or Security+, validating industry-recognized skills.
SOC L2 Job Requirements:
Candidates should hold a degree in a relevant field and have at least 2 years of experience in a SOC or similar security environment
They must understand core network protocols and security technologies and be skilled in using SIEM tools for threat detection.
Proficiency in analyzing network traffic and logs to detect and investigate signs of compromise is required.
Understanding of authentication, authorization, and access control methods is essential.
Candidates should be able to identify, contain, and report malware related incidents.
Strong skills in conducting deep incident investigations and determining root cause are necessary.
Should be able to categorize incidents and respond effectively within defined timelines.
Ability to perform trend and behavioral analysis to detect emerging threats is a key requirement.
Understanding of attack techniques, threat vectors, and cryptography fundamentals is important.
They must work well with internal teams to coordinate responses and improve detection and response processes.
A sharp analytical mindset and the ability to remain calm under pressure are crucial for effective incident response.
Preferred Qualifications:
Certifications such as CEH, CompTIA Security+, or GIAC.
Experience with scripting languages like Python or PowerShell to automate tasks, analyze data, or support incident investigations.
Familiarity with cloud security principles and monitoring tools to detect and respond to threats in cloud environments.
Additional Requirements:
Must be willing to work on a shifting schedule at Cyberpark, Cubao with possible hybrid or daily RTO work set up.
