Respond to SOC Tier 1 cybersecurity events and incidents caused by internal and external threats, coordinate response activities with various stakeholders, and recommend mitigation strategies. Handle incidents as defined in standard operating procedures and work on remediation actions on SOC Tier
- Work with SOC Tier 3 in performing deep-dive incident analysis by correlating data from various sources and determining if a critical system or data set is affected and investigating major incidents.
- Responsibilities:
1) Provide Tier 2 response security incidents. Acts as the Tier 2/ Tier 3 SOC Incident responder.
2) Detect, Analyze, and classify cyber security incidents & threats via different logs sources across multiple security solutions
3) Triage validates and escalate of emerging threats following incident response protocols to protect assets and information of the company.
4) Acts as Tier 2 in remediations, solving, and patching the infrastructure and applications from the incidents. Participate in CyberSecurity Attack Crisis War Room and work with Tier 3 analyst for follow up remediations requirement during and after an attack.
5) Identify source, target of attack and block access to existing target, applications and infrastructure assets
6) Present reports and produce communications, e-blasts and other forms of communication to employees and vendors
7) Work with Tier 3 in drafting root cause analysis reports and recommendations after cybersecurity incidents. Identify source, target of attack and block access to existing target, applications and infrastructure assets.
8) Work with Tier 3 in Threat hunting, vulnerability scanning and Penetration Testing then apply patches and fixes to lessen security gaps.
9) Ensure a close coordination with various IT Security teams for projects/initiatives that will improve the security posture of the company.
10) Works with then Systems/Network Administrator in implementing and deploying security hardening concepts for workstation, servers and Network infrastructure. This includes but not limited to reviewing of logs and reports from various tools such as firewall, IDS/IPS, NGAV, SIEM, EDR and event log monitoring
11) Works closely with Level 2 & Level 3 team towards the continuous improvement of the service.
12) Build process workflows and create process documentations when necessary.
13) Stay current with Security technologies and make recommendations for use based on business value.
14) Perform other CyberSecurty related tasks assigned by the ICSM.
- Certifications are preferred but not required. CISSP, CISA, CompTIA Sec+, ISC2, CEH, OSCP etc.
- Graduate of 4-year Course related to Information Technology. - Minimum of 4 Years of relevant experience. 1-2 years as SOC Tier1 Analyst and 2 years as SOC Tier 2 Analyst.
- Strong CyberSecurity fundamentals e.g. OS Security, Network Security, Email Security API Security, RASP and Endpoint Security.
- Windows Operating Systems (Domain Controllers, Active Directory, Windows end user operating systems)
- Moderate knowledge of networking fundamentals (TCP/IP, Network Layers, Protocols, etc.)
- Knowledge on securing both OnPrem and Cloud Infrastructure.
- KnowledgePowershell and Command line tools with scripting.
- Experience with specific cybersecurity tools and technologies, such as Splunk, SIEM systems, and vulnerability scanners (Tenable)
- Experience in Checkpoint Security Technologies and CrowdStrike.
- Experience with specific threat-hunting methodologies, such as MITRE ATT&CK and Penetration Testing such as OWASP.
- Knowledge in using Kali Linux tools
- Experience with remediation of security findings, such as writing security procedures and incident response plans
- Ability to work independently with very minimum supervision.
Job Type: Contract
Contract length: 6 months
Pay: Php45,000.00 - Php65,000.00 per month
Benefits:
Schedule:
Expected Start Date: 07/01/2024
