17 Incident Response jobs in the Philippines

Description:
We believe technology should help you achieve more. And we help businesses do exactly that almost daily — co-creating innovative connected products, rapidly and securely deploying apps in the cloud, managing employee-owned devices on a global scale, and deflecting sophisticated hacker attacks. In support of our world leading position in Cyber Security, we have recently launched a new service, the Computer Security Incident Response Team ( CSIRT ) br>
Our newly offered service will include a designated CSIRT Consultant full time or as a shared resource, who will work as a contact and communications point between our security services team and customers’ security and IT staff as well as users and other important partners. You will also be responsible for operating the incident management process in accordance with the procedures designed in cooperation with customers. < r>
On a day to day basis, you will assist with, identify and respond to incidents as well as proactively propose improvements for how to reduce risk and potential future incidents.

Receiving and monitoring incident information from our managed security services and other sources.

Reviewing the collected incident data and confirming or rejecting incidents based on the analysis.

Classifying and prioritizing incidents based on established criteria.

Facilitating communication between stakeholders of the incident status.

Coordinating the containment effort based on the available information and established processes.

Performing vulnerability management using the Qualys tool.

Making containment decisions and facilitating decision making by other parties using established escalation processes.

Communicating with affected users and partners to organize the containment effort.

Verifying the effectiveness of containment actions taken.

Identifying the attack vector used by incident and taking actions to confirm that similar incidents are prevented in the future.

Validating the effectiveness of the eradication actions.

Coordinating forensics and law enforcement activities with officials as necessary.

Analyzing the incident response effort, with feedback from the customer and third parties.

Conducting proactive management of the Monitoring and Analytics solution.

You'll need to have:

Bachelor's degree or 3 or more years of work experience.

3 or more years of relevant work experience in Security

Knowledge of Network and Web Application vulnerability assessments.

Even better if you have one or more of the following:

2 or more years of work experience in Security incident detection or Security incident management.

Demonstrated strong communication skills and the capability to engage with customers at both technical and executive levels.

Strong problem-solving and security analytics skills and the ability to identify gaps in processes and recommend improvements for mitigation.

Four or more years of experience in security operations, risk management, operational management, and/or consultant management.

CSIRT experience.

Experience structuring and operating an efficient Incident Response process.

Knowledge of common types of malware, their infection vectors, how to identify them using network and host based tools, and how to eradicate them and verify the success of eradication efforts.

Knowledge of current security threats and vulnerabilities and how to detect and mitigate them, and the ability to understand their possible consequences on the customer’s environment. < r>
Understanding of modern technologies used to detect malware and vulnerabilities and protect assets.

SIEM (SPLUNK) and log analytics skills.

SANS or other Security certifications, such as GCIA, GCIH, GREM, GPEN, CEH.

CISSP certification and/or CISM certification.

ITIL Foundations training/certification.

Knowledge of ISO 27001 requirements.

**Job Highlights**
- Temporary work-from-home/Hybrid
- HMO on Day 1 & Life Insurance
- Company provided equipment plus Internet Allowance

**What you will do**:

- As a SOC Analyst L1 (Threat Detection Analyst)
- Responsible for responding to security events within the SIEM, as well as, providing the customer prompt and pertinent reports.
- Responsible for providing the Threat Surface Management and Threat Intelligence services.
- Continuously monitoring the alert queue for multiple-sized clients, from small business to large organizations using multiple tools, such as IDS, SIEM and custom-built network monitoring tools.
- Conducting initial triage of alerts to identify potential, false positives, policy violations, intrusion attempts and compromises.
- Escalating triaged alerts for deeper analysis and review.
- Performing Threat Hunting Activities on customer networks.
- Writing customer facing incident and threat intelligence reports.
- Interfacing with customers to remediate security issues.

**Who you are**:

- 1 to 2 years of related professional experience or training in information technology and/or information security is required.
- Exposure to a multitude of security tools (SIEM, IDS, AV, etc.).
- Experience in Incident Response
- Experience in Threat Hunting, and/or Threat Intelligence is preferred.
- Holding or working toward an industry standard network and/or security certification is preferred but not required.

Preferred:

- Some desired certifications include, but are not limited to:

- CompTIA Network+, Security+ and Linux+
- SANs GSEC, GCIH, GCIA, GCFA, GPEN, GWAPT, GCFE, GSNA, GPPA, GCWN, GISF, GCED, GAWN, GXPN, GSSP, GWEB and GNFA.
- Offensive Security OSCP, OSCE, OSWP, OSEE.
- ISC2 CCFP, CCSP, CISSP, CSSLP, SSCP.
- Cisco CCNA, CCNP, CCNA Security.

**Job Types**: Full-time, Permanent

**Salary**: Up to Php35,000.00 per month

**Benefits**:

- Health insurance
- Life insurance

Schedule:

- 8 hour shift

Supplemental Pay:

- 13th month salary
- Overtime pay

**Summary**:
The Network Security Analyst is responsible for a broad range of responsibilities with a primary emphasis on undertakes the task of designing, maintaining, and implementing computer and information security systems. The job description entails monitoring networks and detecting hostile activities and taking measures to defend such systems attacks

**Duties and Responsibilities**:

- To act as back-up for the Nexusguard (NXG) Network Security Analyst (NSA) and participate in the 24/7 operation and ensure a smooth and efficient operation.
- Support in carrying out Managed NOC-as-Service project system implementations for customers using the IT service management framework, which involves the whole ITSM and ITIL Framework.
- To constantly follow the policies, procedures, and technologies in order to maximize the effectiveness and efficiency of network security operations.
- Monitors alert, health of security sensors and network from NXG platform.
- To monitor and analyze internet traffic for network security breaches and denial-of-service attacks.
- To ensure and enhance customer satisfaction through effective handling of security events and mitigation via promptly and professional communication with customers.
- Creates tickets and ensure regular update to tickets is being performed
- To support customers by diagnosing the occurrence of incidents, facilitating, provisioning, and fulfilling customers' requests.
- Perform other duties and functions deemed necessary for TIM MNOC Unit & NXG Network Security Operations.

**Qualifications**:

- **Education**
- Must be a graduate of Computer Studies/Computer Engineering/Information Technology/Electronics Engineering or equivalent
- **Experience**
- With at least 1-2 years working experience in a NOC/SOC Operations environment.
- Must have at least 1 significant certification (CCNA Routing & Switching, CCNA Wireless, CCNA CyberOps, CompTIA Security+, CompTIA CySA+ (Cybersecurity Analyst), EC-Council Computer Hacking Forensics Investigator, EC Council: Certified Ethical Hacker (CEH), ITIL, Nexusguard Certification, Customer Service )
- **Skills and Competencies**
- **Familiarity (1-2 years’ experience) on the following**:

- Monitoring Systems (Nexusguard Application Protection (WAF), Origin Protection, DNS Protection, Solarwinds, Syslog, Traffic Grapher)
- Network Troubleshooting
- Knowledgeable in internet technologies like Anycast, BGP, OSPF, TCP/IP, UDP, ICMP, HTTP, GRE, SMPT, DNS, and SSL
- Systems Troubleshooting
- Application / Web Troubleshooting
- Cybersecurity Fundamentals
- Firewall intrusion detection, prevention, and protocol
- Different Security Threats (DOS/DDOS, SQL Injection, Cross-Site Scripting, Leeching, etc.)
- ITIL IP Networking

**Join our AWESOME team and enjoy the following benefits**:

- Health Maintenance Coverage upon Hiring
- Vacation Leave of 10 days, pro-rata upon the anniversary
- Sick Leave of 10 days, pro-rata upon the anniversary
- Monthly relocation allowance
- Christmas Basket every December
- Healthy, Kind and Nurturing Work Environment
- Career growth and opportunities for promotion
- Engagement Activities (remote & onsite)
- Generous salary increment during annual reviews (performance-based)

**Job Type**: Fixed term
Contract length: 24 months

Schedule:

- 12 hour shift

Supplemental Pay:

- 13th month salary
- Overtime pay

Ability to commute/relocate:

- Carmona, Cavite: Reliably commute or planning to relocate before starting work (required)

**Qualifications**
- Bachelor's degree in cybersecurity or a related area, such as computer science.
- Security specialists must have the skills developed in their degree programs when they implement and modify software, and conduct deep computer system analysis.
- Exceptional analytical and problem-solving skills.
- Excellent interpersonal, communication, and collaboration skills.
- Assist with security breach investigations to guide the refinement of information security policies and practices
- Ensures that all identified breaches in security are promptly and thoroughly investigated
- Ensures that any system changes required to maintain security are implemented
- Ensures that security records are accurate and complete.
- Investigates major breaches of security, and recommends appropriate control improvements.
- Interprets security policy and contributes to development of standards and guidelines that comply with this.
- Performs risk assessment, business impact analysis and accreditation for all major information systems within the organization
- Ensures proportionate response to vulnerability information, including appropriate use of forensics.
- Help in drafting and maintaining of the policy, standards, procedures and documentation for security.
- Management of security devices and review of system configuration and infrastructural changes
- Performs additional tasks assigned by Immediate Superior related to the position.

**Salary**: Php30,000.00 - Php40,000.00 per month

**Benefits**:

- Health insurance
- Paid training

Schedule:

- 8 hour shift

Supplemental pay types:

- 13th month salary
- Overtime pay

Ability to commute/relocate:

- Makati City: Reliably commute or planning to relocate before starting work (required)

This is a remote position.

**About the Client**:
Audinate Group Limited (ASX:AD8) is a publicly traded company listed on the
**Australian Stock Exchange** with subsidiaries in the
**US, UK, and Hong Kong.** Audinate is the leading provider of professional
**digital audio networking technologies** globally for the professional Audio/Visual (AV) industry. Audinate’s customers are the leading manufacturers of professional AV equipment, including
**Yamaha, Bose & Bosch.**

Their technology is called
**Dante** and it is the global de-factor standard for the AV industry deployed in thousands of locations worldwide - including sporting stadiums, concert halls, shopping malls, airports, schools & universities and offices & corporate buildings. It is used by many well-known artists such as the
**Foo Fighters & Pink Floyd** and was used at the latest Superbowl. Some of the flagship installations include the
**Tottenham Hotspurs Stadium, LA Lakers, Disneyland, Facebook Head Office and Sydney Olympic Stadium.**

Audinate listed on the
**Australian Securities Exchange (ASX)** on 30 June 2017 and is going through a period of rapid growth utilizing the capital raised from the IPO and subsequent equity raisings in 2019 and 2020. The company’s Head Office is based in Sydney, with other offices in
**USA, Hong Kong, UK, Manila & Japan.**

**Job Summary**:
This position of Cyber Security Specialist will see you work as part of a global company within Security where you will be responsible for
**coordinating cyber security across all hybrid on-premises and cloud-based platforms.**

**Responsibilities**:

- **Manage and monitor **vulnerability scanning services to ensure compliance with patching processes
- Providing and coordinate **security advice**, security awareness and compliance training
- Participate in risk management activities including risk and incident analysis and remediation, as well as disaster recovery
- Perform incident response and internal investigations as required.
- **Cyber Security Assurance**, threat analysis and **SIEM** operations and dashboard
- Define, promote, and ensure the security implementation and architecture of existing and upcoming systems

**Requirements**:

- Experience with **SIEM technologies, firewalls, virtualized client/server architecture.**
- Understanding of networking, **system administration**, architectures and security elements to include firewalls, intrusion detection systems, virtualization technologies,encryption, and servers.
- **Azure Security and Knowledge of Security **monitoring practices and tools, including Azure sentinel
- Relevant industry certifications would be highly regarded such as** Certified Information Systems Security Professional (CISSP), SANS GIAC, Microsoft Cloud Security**

**Additionally, you will also possess experience in one or more of the following technologies**:

- Microsoft Azure & M365 Security Services including **Microsoft Sentinel, Microsoft Defender Suite, Microsoft Purview / Information Protection, Azure/M365 Security Workloads**
- Modern Endpoint Management (**Windows 10 / 11, Intune, AutoPilot, Enterprise Mobilit**y)
- Experience in the field of cyber security operations
- Perform incident response and internal investigations as required.
- Use and implementation of SIEM tools, such as **Azure Sentinel **to develop and maintain of SIEM alerts and dashboards to aid with threat detection.
- Develop and maintain** automatic detection** and response capabilities using available SOAR capabilities
- Develop and maintain team playbooks for SIEM management and configuration, including, actioning of alerts, alert exclusions and alert tuning.
- Assist with the upkeep of the** SecOps environment** where needed
- Skills in event analysis and identification of security threats.
- Ability to operate security controls to monitor and address risks and emerging threats
- Ability to drive incident response playbooks using common scripting languages like Python.
- Knowledge of Security monitoring practices and tools, including **Azure sentinel**
- **Azure AD & Identity Governance**
- Proven background on **Azure Security and Knowledge of Security **monitoring practices and tools, including Azure sentinel

**Benefits**:
**WHAT WE OFFER**:
** AUD1,000 Stock Share**

** Annual Performance Bonus**

** 1 HMO Dependent from Day 1**

Great Place to Work-Certified Company

Holistic employee experience

Rewards and incentives

Monthly engagement activities

Career advancement opportunities

Paid referral program

Hybrid Work Setup

Work Experience

4-5 years

Change Healthcare is a leading Healthcare Technology company with a mission to inspire a better healthcare system. We deliver innovative solutions to patients, hospitals, and insurance companies to improve clinical decision making, simplify financial processes, and enable better patient experiences to improve lives and support healthier communities. Position: The Technical Trainer for Cloud is responsible for the development, coordination, and facilitation of various training initiatives across the Cloud Customer Operations team. This is an essential role within our organization that drives performance and the growth of our team. In this role, you will deliver new hire onboarding, technical skill training and expand ongoing employee skill development.

**Position**:
Under general direction, the position performs all procedures necessary to ensure information systems assets’ safety and protect systems from intentional or inadvertent access or destruction. Interfaces with the user community to understand their security needs and implements procedures to accommodate them. Ensures that the user community understands and adheres to necessary procedures to maintain security. This position requires familiarity with domain structures, user authentication, and digital signatures. It also conducts an accurate evaluation of the level of protection needed. It involves understanding network layouts and protocols, firewall theory, and configuration. It also requires experience with host-based security on one or more platforms and conceptual knowledge of database security. Must be able to articulate security concerns to management to be weighed against business needs.

**Responsibilities**:
1: Execute security risk assessments of vendors providing services to Change Healthcare 40%

2: Measure the vendor’s compliance to critical controls using established procedures and Analyze collected information to identify critical risks (findings) 25%

3: Partner with vendors and business teams to develop and track remediation plans 10%

4: Coordinate responses to customer questionnaires, assessments, and audits of Change Healthcare security functions 5%

5: Gather, organize, and update security control documentation for easy reference during audits 10%

6: Deliver risk reporting to IT and business leadership and partner with enterprise risk management functions 5%

7: Conduct on-site assessments of domestic or international vendor facilities as directed 5%.

**Requirements/Qualifications**:

- Bachelor’s degree required - preferably Computer Science or MIS
- Minimum of 2 years of experience in a risk management, security assessment, or internal audit capacity.

**Preferred Qualifications**:

- Vendor risk assessment experience
- Understanding of crucial InfoSec regulation & frameworks (PCI, HIPAA, ISO 27001, HITRUST, FISMA) is a plus.
- Experience with Lockpath Keylight GRC suite is a plus.

Pay: Php60,000.00 - Php80,000.00 per month

Schedule:

- 8 hour shift

Ability to commute/relocate:

- Manila: Reliably commute or planning to relocate before starting work (preferred)

Job Scope:
To manage all RX security assessments and play a key part in ensuring RX's security compliance optimization. Monitor assessments while ensuring that Reed Exhibitions internal systems are compliant with RELX and industry standards. Proactively manage the third-party risk assessments, compliance evidence gathering of their IT services, infrastructure, applications and relevant services against their Security policies and related frameworks. Training and development will be provided in all areas of the role as required.
Key Responsibilities:
Security Assessment Management
+ Serve as an advanced technical advisor for third-party assessments, providing detailed security insights and solutions.
+ Perform in-depth security reviews and risk assessments for new and existing third-party vendors, ensuring compliance with organizational and regulatory requirements.
+ Demonstrate advanced knowledge in RELX security compliance policies and procedures.
+ Stay current with updates and developments in security standards such as OWASP Top 10, ISO27001, and SOC 2, and ensure their proper implementation across the organization.
+ Develop and deliver training and awareness on security policies and standards to business units.
+ Gain in-depth knowledge of the organization's major infrastructure security controls, ensuring they align with RELX Policies and Standards, industry best practices, and regulatory requirements.
+ Coordinate with technology/service owners and business owners to conduct annual security audits, vulnerability assessments, and penetration tests where applicable.
+ Work collaboratively within all business areas and key stakeholders to ensure the review and approach of all security governance, risk, and compliance scope is appropriate and proactive.
+ Ensure continuous monitoring and reporting of compliance and risk status against NIST2.0, RELX Framework, ISO27001, SOC2, PCI DSS, regional and global regulations, and all other relevant standards.
+ Support internal and external audits by providing detailed documentation and evidence of security controls and practices.
+ Perform RX Business Unit and Third-Party security audits according to the CISO office strategic plan and produce detailed documentation and evidence against security controls and practices tested.
+ Act as a point of escalation for security-related incidents, providing advanced security support and guidance to Level I Analysts and other team members.
+ Provide regular updates and at least monthly metric reports to senior management on security compliance and risk posture.
+ Escalation of high impact security issues to Security Compliance Manager.
Ideal candidate profile:
Technical Skills:
+ Bachelor's Degree holder.
+ Background in IT, compliance, and/or information security.
+ Ability to work across all levels of seniority within business teams to drive a working partnership.
+ Strong analytical and critical thinking skills.
+ Understanding of industry standards for IT security (e.g., ISO27001/2, SOC 2, PCI DSS).
+ Basic understanding of IT security applications (e.g., firewalls, intrusion detection, virus protection).
+ Understanding of IT security testing and vulnerability management, and Threat Modeling.
+ Understanding in Cloud Environment (e.g., AWS, Azure or GCP)
+ Understanding of Service Level Management.
+ Desired understanding of OneTrust portal or Similar.
+ With CompTIA Security+ or Similar or Higher.
Personal Skills:
+ Ability to work across all levels of seniority within the organization and suppliers to drive a working partnership.
+ Good communication skills at all levels, both oral and written.
+ Good interpersonal skills.
+ Ability to produce effective influence and persuasive arguments in support of security assessment process goals.
+ Highly driven and self-motivated individuals.
+ Skilled in project management and able to work independently in a fast-paced environment.
We are committed to providing a fair and accessible hiring process. If you have a disability or other need that requires accommodation or adjustment, please let us know by completing our Applicant Request Support Form or please contact 1- .
Criminals may pose as recruiters asking for money or personal information. We never request money or banking details from job applicants. Learn more about spotting and avoiding scams here .
Please read our Candidate Privacy Policy .
We are an equal opportunity employer: qualified applicants are considered for and treated during employment without regard to race, color, creed, religion, sex, national origin, citizenship status, disability status, protected veteran status, age, marital status, sexual orientation, gender identity, genetic information, or any other characteristic protected by law.
USA Job Seekers:
EEO Know Your Rights .
RELX is a global provider of information-based analytics and decision tools for professional and business customers, enabling them to make better decisions, get better results and be more productive.
Our purpose is to benefit society by developing products that help researchers advance scientific knowledge; doctors and nurses improve the lives of patients; lawyers promote the rule of law and achieve justice and fair results for their clients; businesses and governments prevent fraud; consumers access financial services and get fair prices on insurance; and customers learn about markets and complete transactions.
Our purpose guides our actions beyond the products that we develop. It defines us as a company. Every day across RELX our employees are inspired to undertake initiatives that make unique contributions to society and the communities in which we operate.

About the role: As a Cyber Security Analyst – Tier 1 in the Security Operations Center (SOC), you will be the first responder for business-impacting cyber security incidents that arise in our customers' environments. Fast, effective, and courteous service is the lifeblood of our organization, and this position requires nothing less. Your technical acumen will be challenged daily. Quick thinkers who can make decisions on their feet will be successful in this job.
br>What You’ll Do: < r>- Monitor cyber security tools to identify, triage, and report security incidents to customers.
- Leverage available cyber security capabilities to contain security incidents to prevent the lateral spread of malware or lateral movement of attackers.
- Conduct cyber security investigations to identify and rule out false positive security incidents.
- Provide additional cyber security investigatory support to customers as needed.
- Work with a team of like-minded professionals to monitor customer ticket queues and triage tickets that need immediate attention. We service customers as small as 10 users, up to multi-national enterprises.
- Follow pre-defined playbooks and runbooks and collaborate with other technical resources, where appropriate.
- Monitor and process event tickets on a prioritized basis as to the customer impact and urgency of these events.
- Remain cognizant of customer service-level agreements, and strive to meet or exceed them on a regular basis.
- Participate in Incident Management by providing situational reports (sitreps) via ticket updates and/or customer-facing communications.
- Provide first level technical resolution for cyber security incidents.
- Collaborate with our Network Operations Center (NOC) as needed, to document incidents, maintenance, and problems.
- Utilize various systems management tools to monitor availability, reliability, and performance of customer environments.
- Demonstrate problem solving skills that contribute towards the resolution of any issues that arise.
- Quickly assess an issue and form an understanding of the likely root cause in unfamiliar technical environments and technologies.
- Investigate, resolve, and/or escalate matters of significance pertaining to customer alerts and events.
- Document solutions, processes, procedures and present them in writing, verbally on the phone or in-person.
- Commit to professional growth and development by maintaining and/or obtaining new industry specific certifications.

What Skills & Experience You’ll Need: < r>- Experience with monitoring and using a SIEM
Azure Sentinel preferred (Splunk, Elastic, QRadar are nice to have)
- Experience supporting and administering the following is highly desired:
> Crowdstrike (or a similar nextgen endpoint solution)
> Azure or AWS cloud environments, including compute, storage, networking basics, and backups.
> Microsoft O365
> Windows Server OS: Windows 2012 through Windows 2019, including ADDS, DNS, DHCP, DFS, file/print services, PowerShell basics.
- Networking Basics (CompTIA Network+ equivalent).
- At least one of the following industry certifications highly desired: Security+, Network+, CEH, GCIH.
- A curious disposition.
- Strong documentation, reporting, analytical and problem-solving skills.
- The ability to effectively engage in customer-facing communications.

Preferred Qualifications:
- Experience with any of the following tools: Kaseya VSA, Auvik.
- Experience working in IT enterprises that use industry frameworks such as ITIL, COBIT, or MOF.

**Requirements**:

- Robust creativity and problem-solving skills
- Ability to think analytically
- Knowledge of technical systems and terminology
- Proficiency in scripting languages
- Ability to identify and exploit vulnerabilities
- English written and verbal communication skills

**Education and Background**:
This position requires a bachelor’s degree in cybersecurity, computer science, information technology, or a related field.

**Working conditions**: Remote Work

**Responsibilities**:

- Conduct formal testing on computer systems
- Assess the security of computer software and hardware
- Conduct security audits and legal cyberattack simulations by designing and utilizing hacking tools to access designated pieces of data during a predetermined time frame
- Generate tools for breaking into security systems
- Detect and correct system weaknesses
- Provide recommendations based on an assessment of hardware and software systems
- Implement solutions to enhance data security
- Provide IT support

**Job Types**: Full-time, Permanent

**Salary**: Php50,000.00 - Php100,000.00 per month

**Benefits**:

- Company events
- Opportunities for promotion
- Work from home

Schedule:

- 8 hour shift
- Monday to Friday
- Night shift

Supplemental pay types:

- 13th month salary
- Performance bonus