An exciting Senior Security Operations Center Analyst (SOC) role has become available at one of the world's trusted certification companies.
Location: Makati City (Temporary Remote)
This position is responsible for working in the company’s Security Operation Center (SOC) environment and investigating security alerts. The candidate is also responsible for building and automating SOC processes and procedures. Provides analysis and trending of security log data from a large number of heterogeneous security devices on the company’s network. Provides Incident Response (IR) support when analysis confirms the actionable incident. Owns the remediation of high priority complex issues while managing communications to key stakeholders. Primary escalation contact of the team members outside of office hours. Additional activities include Vulnerability Assessments / Pentest, SDE review, IAM, and participation in POCs.
What To Expect From The Role
- Responsible for working in a 24x7 Security Operation Center (SOC) environment in shifts.
- Responsible for 3 - 4 security technologies which will require expertise to perform complex activities and will act as the primary contact for projects, escalations, new updates, and changes from stakeholders.
- Engage new team members to learn and provide guidance in information security concepts, best practices, and standard procedures.
- Monitor, investigate, and respond to security alerts from SIEM / log management and various security controls/tools such as Firewall, secure email gateway, endpoint security, WAF, IDS/ IPS, and DLP, etc.
- Provide Incident Response (IR) support when analysis confirms an actional incident and build rules, dashboards, and reports in SIEM.
- Create automation /playbooks in SOAR platforms. Playbooks should automate the application of security hardening configurations on multiple infrastructure assets, and execute SOC responses and procedures.
- Support technical security assessments, self-phishing, and cybersecurity awareness activities.
- Provide threat and vulnerability analysis services, for example, analyze and respond to unknown or previously undisclosed software and hardware vulnerabilities.
- Ensure that service operations best practices are being observed and applied.
- Proficient with commonly used information security concepts, best practices, and standard procedures; Lead collaboration as necessary for changes to process and procedures.
- Support the development of SOC processes, documentation, metrics, and reporting.
- Develop and suggest new Operating Procedures or changes to existing ones as needed.
- Provide management reports with regards to Team KPI’s.
- Report to IT Management and stakeholders any major incident that could significantly impact the business
Think you are an ideal candidate? Apply now!
- Bachelor's degree in Computer Science, Computer Engineering, IT Security or a related field; alternatively, equivalent demonstrated knowledge
- Highly technical with at least 10 years of relevant experience in IT Security / IT Operations and at least 8 years’ experience as a Security Analyst with global companies.
- Professional certifications such as ITIL, CompTIA Security+, CompTIA CySA+, EC-Council Certified Ethical Hacker (CEH) or any equivalent product-specific / vendor-neutral certification is required.
- Experience with SIEM / SOAR platforms, firewalls, and intrusion detection/prevention systems and security operations.
- Experience performing analysis of log files from a variety of sources, including individual host logs, network traffic logs, firewall logs, secure email gateway logs, or intrusion prevention logs.
- Experience with packet analysis (Wireshark) and malware analysis preferred
- Strong understanding of security operations concepts: perimeter defense, endpoint management, data leak prevention, kill chain analysis, and security metrics.
- Knowledge of different classes of attacks (e.g., passive, active, insider, close-in, distribution).
- Knowledge of general attack stages (e.g. footprinting and scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, and covering tracks).
- Knowledge of system and application security threats and vulnerabilities (e.g. a buffer overflow, mobile code, cross-site scripting, Procedural and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code) Language/Structured Query Language.
- Knowledge of network protocols (e.g. Transmission Control Protocol and Internet Protocol, Dynamic Host Configuration Protocol) and directory services (e.g. Domain Name System).
- Knowledge of how traffic flows across the network (e.g. Transmission Control Protocol and Internet Protocol, Open System Interconnection model, Information Technology Infrastructure Library).
- Knowledge of common network tools (e.g., ping, traceroute, nslookup).
- Knowledge of cyber defense policies, procedures, and regulations.
- Knowledge of the common attack vectors on the network layer.
- Knowledge of host/network access controls (e.g. access control list)
- Skill in recognizing and categorizing the types of vulnerabilities and associated attacks.
- Attention to detail and strong communicator.
Lennor Metier is a leading executive search and recruitment/headhunting agency in the Philippines, with substantial experience in hiring top-caliber professionals for companies in the Consumer Goods, Healthcare, Technology, Finance, manufacturing, and engineering industries.