17 Incident Response jobs in the Philippines

**About Security Bank**

We are the Philippines' largest independent bank, having won countless awards over the years, including one of Euromoney's most prestigious industry awards in 2021—Best Bank in the Philippines.

We're changing how people bank. From the moment customers enter our branches to their experience online, we make them feel valued and empowered.

Now, with more than 300 branches spanning the country, _BetterBanking_ has become the gold standard in improving the banking lives of millions of Filipinos. But we're far from done.

In our constant pursuit of excellence and improvement, we create teams that support our business and each other.

**The Role**

As a Cyber Security and Forensic Analyst, you shall be responsible in investigation of misbehavior on computer systemsor any digital devicesby collecting and analyzing digital devices or computer-related evidence. Retrieve data that have been encrypted or electronically stored on a commercial or personal computer. Work with IT Security Operations CenterLeadto investigate wrong doings or activities to protect data against from criminals or attackers.He/She is the primaryfocal point in the management of cyber security incident.

**How you'll contribute**
- Manages Cyber security incident, creates processes, assesses incident reports, and develops and implements cyber crisis communication plans.
- Determines best methods of requesting and collecting data and devices as part of ongoing investigations
- Provides expert opinion on development and revision of Standard Operating Procedures (SOP) to provide most up-to-date techniques and technology in supporting digital forensics services.
- Provides direct technical support to investigation, litigation, and forensic analyst, to collect, preserves, process, analyze and interpret digital evidence from a broad range of electronic data storage media.
- Manages digital forensics examinations/investigations through the entire lifecycle (case planning, intake, acquisition, examination, presentation and disposition).
- Conducts forensic examinations of computers and media from a variety of sources with the goal of developing or presenting forensically sound evidence.
- Conducts research of IP addresses, domain names, and other cyber activity to provide investigative leads.
- Applies industry accepted principles in retrieving, recovering, and preserving digital evidence.

**What we're looking for**
- Graduate of any business or related course
- Expertise in hacking and intrusion techniques and prior experience with security testing and computer system diagnostics.
- Have excellent analytical skills, to be highly conscious of details and to be able to multi-task efficiently
- Good Working knowledge of computer forensics
- Extensive experience of using forensic tools
- Exposure of cloud forensic
- Documented experience acquiring and analyzing data
- Extensive experience in cyber security incident management.

Technical skills:

- High Capacity to analyze complex situations
- IT Security / Cybersecurity certifications a plus.
- Capacity to run and operate solutions like Palo Alto firewalls, cortex XDR, XSOA, Splunk, AD audit+, AV
- Language : English (mandatory), French is a plus
- Good knowledge of the solutions on the market is also a plus

Soft skills:

- Capacity to communicate and manage interaction in a global Team (interpersonal savvy)
- Results and customer oriented
- High capacity to work in a sometimes stressful environment and under pressure
- Confidentiality and loyalty
- Ability to work flexible work schedule; ie. weekends and evenings where requested
- Has interest for innovation and self learning in his/her security domain

BEHAVIOR ABILITIES:

- At least 2 years in handling SOC cases using SIEM platforms & log management systems
- Knowledge in the current tactics, techniques and procedures (TTPs) being used to breach an enterprise
- Must be available to work on-call or off hours as needed to sustain operations

Schedule:

- 8 hour shift

Supplemental Pay:

- 13th month salary
- Overtime pay

Ability to commute/relocate:

- Alabang: Reliably commute or planning to relocate before starting work (required)

Security Analyst II
- TaskUs is seeking a hands-on Security Analyst 2 for our third-Party Application Assurance to join our enterprise security team. As part of TaskUs' transformational security organization, we are looking for talented, experienced individual performers to help develop, and implement these foundational programs. As a hands-on security analyst, you will be responsible for identifying, assessing, tracking, and managing security risks in our third-party and internal security review programs. This role requires hands-on experience with assessing security risks, especially with specific security programs. You must be able to solve challenging security issues at scale and work collaboratively with all stakeholders. Additionally, you should be comfortable with incomplete requirements and a fast paced environment.
- Responsibilities:

- Conduct regular security assessments on third-parties and internal stakeholders on requirements and standards
- Collaborate with internal stakeholders on assessments and identify risks and track them
- Consult with internal stakeholders on security standards and best practices to protect Zoom data and systems
- Follow up with internal stakeholders and third-parties on remediation to ensure security risks are tracked and closed
- Requirements:

- At least 3 years experience specifically in a security role
- Prior experience working in third-party risk management, enterprise risk management, or security compliance teams
- Exceptional verbal and written communication skills necessary to effectively collaborate with peers, and to present and explain highly technical information to stakeholders who may have limited technical knowledge.
- Bachelor's degree in IT Security, Computer Science, or equivalent; or an additional 4 years of relevant IT experience.
- Others:

- Burp suite experience is great to have but any testing experience with tools that allow you to proxy
- Familiarity with tools that allow you to proxy
- Burp is a very familiar known too / similar tools are good too
- Nice-to-have tools/experience are web app testing / mobile app testing
- Familiarity with top 10 framework - OWASP framework to test any form of mobile/app. familiarity with the top 10 is great!
- Testing STK for security is a nice-to-have experience too

If you like wild growth and working with happy, enthusiastic over-achievers, you'll enjoy your career with us!

TaskUs is an Equal Opportunity Employer

We are recruiting for a passionate **Security Analyst** who will be part of our Global Security Operation Centre Team in Manila. The role will serve as the Front-line support to counter an attack and performs in-depth to avoid an attack from happening again.

Assists and works closely with Jr. Security analyst in ensuring that security controls and security solutions are reviewed, functioning and running. The Security Analyst works with a moderate level of guidance. Provides peerreview to logs reported by Jr. Security Analysts using Security Information and Event Management (SIEM)., which ensures that a threat or any malicious activities/traffics are caught before impacting the business and its operation.

Typically follows prescribed guidelines or procedures to resolve problems reported in the Security or discovered proactively during daily routine security checking.

Must work closely with peers during Security Incident Response. Has working knowledge in executing the tactics/strategy of either a Blue Team and/or Red Team for breaches, threats, viruses, malwares, malicious/suspicious traffics/activities and active attacks detected in Cambridge University Press & Assessment.

**Why should you join Cambridge?**

Our mission is to contribute to society through the pursuit of education, learning, and research at the highest international levels of excellence. Which is why every year, we give vital support to millions of people in more than 170 countries around the world. From teachers and learners to researchers and academics, we help to build confidence, unlock potential, and enable success. We give people the opportunity to show what they've learnt, we spread knowledge, spark enquiry, and aid understanding.

We achieve this by embracing change, and continuously focusing on our customers' needs. And by collaborating, and carefully listening to our customers and to each other, we keep moving forward, keep innovating, and keep finding newer and better ways of doing things.

**What can we offer you?**

The role is pivotal to the success of technology services for the organisation. There are no limits to the opportunities afforded to work with new and exciting technologies and highly talented people.

The Global Security Operation Centre team has a skill booster success program offered to all new joiners of the team. Your first 30 days is allocated to studying and completing BTL 1 Training, Certification, and hands-on laboratories (unlimited access). The program objective is to strengthen your confidence, skills and knowledge as a Blue Team technical defender. The course outline is as follows:

- SECURITY FUNDAMENTALS
- PHISHING ANALYSIS
- THREAT INTELLIGENCE
- DIGITAL FORENSICS
- SECURITY INFORMATION & EVENT MANAGEMENT
- INCIDENT RESPONSE

On top of these, working with Cambridge will also give you stability. We show our care for our people by allowing them to grow not just professionally but also personally. We promote work-life balance through flexible work

**What will you do in this role?**

The key to our work is our colleagues, whose shared commitment enables us to have an ever-greater impact. We are a united, vibrant, and respectful global community of people, and we ensure that every individual is recognised, listened to, and cared for. And because our impact is amplified when our people are empowered, we give everyone the opportunity to develop in their own way. Whether you want a career that's linear, or want to follow your own path, we'll support you, and help give you the resources and training you'll need to be bold and take ownership of what you do.

Globally performs a variety of routine tasks or assignments:

- Performs daily log monitoring, detection of abnormal activities, and threat hunting (Proactive mode) to ensure 24/7 protection to the business.
- Uses prescribed guidelines or policies to analyse and timely resolve raised incidents. Also, it ensures that requests are timely responded to and delivered.
- Receives a moderate level of guidance when following Incident Response (reactive mode) procedures, i.e. response to security alerts from SOC Global monitoring tools, malware attack, virus escalation, DDOS, the discovery of Data theft, etc., to ensure support efficiency and effectiveness.
- Provides L2 support for Security Operation Services (with mínimal guidance and direction from senior's) to ensure that an incident is timely escalated to L3 when needed
- Continues to build documentation and review operational processes and procedures to ensure that it is up to date and still applicable to the business.
- Maintains knowledge in security-related technologies, trends, cybersecurity threats, issues, and solutions to ensure awareness of the fast evolution of Security threats.
- Maintains knowledge of state-of-the-art information technology, equipment, and systems to ensure awareness of the fast evolution of technology

**What are the qualifications?**

In addition, experience, knowledge or e

Security Analyst II

TaskUs is seeking a hands-on Security Analyst 2 for our third-Party Application Assurance to join our enterprise security team. As part of TaskUs' transformational security organization, we are looking for talented, experienced individual performers to help develop, and implement these foundational programs. As a hands-on security analyst, you will be responsible for identifying, assessing, tracking, and managing security risks in our third-party and internal security review programs. This role requires hands-on experience with assessing security risks, especially with specific security programs. You must be able to solve challenging security issues at scale and work collaboratively with all stakeholders. Additionally, you should be comfortable with incomplete requirements and a fast paced environment.

**Responsibilities**:

- Conduct regular security assessments on third-parties and internal stakeholders on requirements and standards
- Collaborate with internal stakeholders on assessments and identify risks and track them
- Consult with internal stakeholders on security standards and best practices to protect Zoom data and systems
- Follow up with internal stakeholders and third-parties on remediation to ensure security risks are tracked and closed

**Requirements**:

- At least 3 years experience specifically in a security role
- Prior experience working in third-party risk management, enterprise risk management, or security compliance teams
- Exceptional verbal and written communication skills necessary to effectively collaborate with peers, and to present and explain highly technical information to stakeholders who may have limited technical knowledge.
- Bachelor's degree in IT Security, Computer Science, or equivalent; or an additional 4 years of relevant IT experience.

Others:

- Burp suite experience is great to have but any testing experience with tools that allow you to proxy
- Familiarity with tools that allow you to proxy
- Burp is a very familiar known too / similar tools are good too
- Nice-to-have tools/experience are web app testing / mobile app testing
- Familiarity with top 10 framework - OWASP framework to test any form of mobile/app. familiarity with the top 10 is great!
- Testing STK for security is a nice-to-have experience too

If you like wild growth and working with happy, enthusiastic over-achievers, you'll enjoy your career with us!

TaskUs is an Equal Opportunity Employer

**SOC/IT Security Analyst L1**:
To be part of a global security operations center and be responsible for monitoring and responding to security threats and vulnerabilities in supported environments.

**Responsibilities**:

- Monitor security tools for any alerts and security incidents.
- Investigate and find out if alerts are false positive or true positives.
- Provide proper incident response to security alerts.
- Identify new security use cases and create required detection rules in the system.
- Support wide range of security technologies including SIEM, EDR, Vulnerability Scanners, Identity and Access Management, Data Loss Prevention, and Cloud Security.
- Participate in internal and customer meetings and provide updates.
- Work with the customer point of contacts for any escalated incidents, security remediation.
- Create required dashboards and provide reports.
- Bachelor's degree in Computer Science, Information Security, or an equivalent degree.
- 2+ years of working experience in Information Security.
- Good understanding of security threats and mitigation strategies.
- Have in-depth knowledge on how to investigate and respond to various security alerts, and can able to create incident response procedures for same.
- Experience in multiple security tools in the areas of SIEM, VM, EDR.
- Certification in any of the following is a plus: Security+, CEH.
- Excellent analytical, presentation, customer service and facilitation skills
- Ready to work in 24x7 Security operations.

Job Scope:
To manage all RX security assessments and play a key part in ensuring RX's security compliance optimization. Monitor assessments while ensuring that Reed Exhibitions internal systems are compliant with RELX and industry standards. Proactively manage the third-party risk assessments, compliance evidence gathering of their IT services, infrastructure, applications and relevant services against their Security policies and related frameworks. Training and development will be provided in all areas of the role as required.
Key Responsibilities:
Security Assessment Management
+ Serve as an advanced technical advisor for third-party assessments, providing detailed security insights and solutions.
+ Perform in-depth security reviews and risk assessments for new and existing third-party vendors, ensuring compliance with organizational and regulatory requirements.
+ Demonstrate advanced knowledge in RELX security compliance policies and procedures.
+ Stay current with updates and developments in security standards such as OWASP Top 10, ISO27001, and SOC 2, and ensure their proper implementation across the organization.
+ Develop and deliver training and awareness on security policies and standards to business units.
+ Gain in-depth knowledge of the organization's major infrastructure security controls, ensuring they align with RELX Policies and Standards, industry best practices, and regulatory requirements.
+ Coordinate with technology/service owners and business owners to conduct annual security audits, vulnerability assessments, and penetration tests where applicable.
+ Work collaboratively within all business areas and key stakeholders to ensure the review and approach of all security governance, risk, and compliance scope is appropriate and proactive.
+ Ensure continuous monitoring and reporting of compliance and risk status against NIST2.0, RELX Framework, ISO27001, SOC2, PCI DSS, regional and global regulations, and all other relevant standards.
+ Support internal and external audits by providing detailed documentation and evidence of security controls and practices.
+ Perform RX Business Unit and Third-Party security audits according to the CISO office strategic plan and produce detailed documentation and evidence against security controls and practices tested.
+ Act as a point of escalation for security-related incidents, providing advanced security support and guidance to Level I Analysts and other team members.
+ Provide regular updates and at least monthly metric reports to senior management on security compliance and risk posture.
+ Escalation of high impact security issues to Security Compliance Manager.
Ideal candidate profile:
Technical Skills:
+ Bachelor's Degree holder.
+ Background in IT, compliance, and/or information security.
+ Ability to work across all levels of seniority within business teams to drive a working partnership.
+ Strong analytical and critical thinking skills.
+ Understanding of industry standards for IT security (e.g., ISO27001/2, SOC 2, PCI DSS).
+ Basic understanding of IT security applications (e.g., firewalls, intrusion detection, virus protection).
+ Understanding of IT security testing and vulnerability management, and Threat Modeling.
+ Understanding in Cloud Environment (e.g., AWS, Azure or GCP)
+ Understanding of Service Level Management.
+ Desired understanding of OneTrust portal or Similar.
+ With CompTIA Security+ or Similar or Higher.
Personal Skills:
+ Ability to work across all levels of seniority within the organization and suppliers to drive a working partnership.
+ Good communication skills at all levels, both oral and written.
+ Good interpersonal skills.
+ Ability to produce effective influence and persuasive arguments in support of security assessment process goals.
+ Highly driven and self-motivated individuals.
+ Skilled in project management and able to work independently in a fast-paced environment.
We are committed to providing a fair and accessible hiring process. If you have a disability or other need that requires accommodation or adjustment, please let us know by completing our Applicant Request Support Form or please contact .
Criminals may pose as recruiters asking for money or personal information. We never request money or banking details from job applicants. Learn more about spotting and avoiding scams here .
Please read our Candidate Privacy Policy .
We are an equal opportunity employer: qualified applicants are considered for and treated during employment without regard to race, color, creed, religion, sex, national origin, citizenship status, disability status, protected veteran status, age, marital status, sexual orientation, gender identity, genetic information, or any other characteristic protected by law.
USA Job Seekers:
EEO Know Your Rights .
RELX is a global provider of information-based analytics and decision tools for professional and business customers, enabling them to make better decisions, get better results and be more productive.
Our purpose is to benefit society by developing products that help researchers advance scientific knowledge; doctors and nurses improve the lives of patients; lawyers promote the rule of law and achieve justice and fair results for their clients; businesses and governments prevent fraud; consumers access financial services and get fair prices on insurance; and customers learn about markets and complete transactions.
Our purpose guides our actions beyond the products that we develop. It defines us as a company. Every day across RELX our employees are inspired to undertake initiatives that make unique contributions to society and the communities in which we operate.

We are recruiting for a passionate Junior Security Analyst who will be part of our Global Security Operation Centre Team in Manila. The role will serve as the Front-line support to counter an attack and performs in-depth analysis (based on received instruction, guidance and direction from a more senior-level role) to avoid an attack from happening.

He/She ensures that security controls and security solutions are reviewed, functioning, effective and running. The Jr. Security Analyst will be working under a senior's guidance in daily checking and monitoring Security Information and Event Management (SIEM). This ensures that a threat or any malicious activities/traffics are caught before impacting the business and its operation.

It is also the Jr. Security Analyst responsibility to ensure timely reporting of all problems or services detected not functioning to their senior's. It is the duty of security analyst's to react proactively to identify issues or problems within security solutions, systems, and networks. This way, systems or solutions are ensured functioning and operating as efficiently as possible.

Again with the close guidance and direction from seniors, Jr. Security analysts also must perform the initial tasks defined in Security Operation incident response. Mixing the tactics/strategy of either a Blue Team and/or Red Team for breaches, threats, viruses, malwares, malicious/suspicious traffics/activities and active attacks detected in Cambridge University Press & Assessment.

**Why should you join Cambridge?**

Our mission is to contribute to society through the pursuit of education, learning, and research at the highest international levels of excellence. Which is why every year, we give vital support to millions of people in more than 170 countries around the world. From teachers and learners to researchers and academics, we help to build confidence, unlock potential, and enable success. We give people the opportunity to show what they've learnt, we spread knowledge, spark enquiry, and aid understanding.

We achieve this by embracing change, and continuously focusing on our customers' needs. And by collaborating, and carefully listening to our customers and to each other, we keep moving forward, keep innovating, and keep finding newer and better ways of doing things.

**What can we offer you?**

The role is pivotal to the success of technology services for the organisation. There are no limits to the opportunities afforded to work with new and exciting technologies and highly talented people.

The Global Security Operation Centre team has a skill booster success program offered to all new joiners of the team. Your first 30 days is allocated to studying and completing BTL 1 Training, Certification, and hands-on laboratories (unlimited access). The program objective is to strengthen your confidence, skills and knowledge as a Blue Team technical defender. The course outline is as follows:

- SECURITY FUNDAMENTALS
- PHISHING ANALYSIS
- THREAT INTELLIGENCE
- DIGITAL FORENSICS
- SECURITY INFORMATION & EVENT MANAGEMENT
- INCIDENT RESPONSE

On top of these, working with Cambridge will also give you stability. We show our care for our people by allowing them to grow not just professionally but also personally. We promote work-life balance through flexible work

**What will you do in this role?**

The key to our work is our colleagues, whose shared commitment enables us to have an ever-greater impact. We are a united, vibrant, and respectful global community of people, and we ensure that every individual is recognised, listened to, and cared for. And because our impact is amplified when our people are empowered, we give everyone the opportunity to develop in their own way. Whether you want a career that's linear, or want to follow your own path, we'll support you, and help give you the resources and training you'll need to be bold and take ownership of what you do.

Global operation daily routine assignments are:

- Performs daily log monitoring, detection of abnormal activities, and threat hunting (Proactive mode) to ensure 24/7 protection to the business.
- Performs daily checking of Security operation tickets queue to ensure timely response to requests and incidents while maintaining the quality of service. Also uses existing procedures to solve routine or standard requests/incidents.
- Follows Incident Response (reactive mode) procedures, i.e. response to security alerts from SOC Global monitoring tools, malware attack, virus escalation, DDOS, the discovery of Data theft, etc., to ensure support efficiency and effectiveness.
- Provides L2 support for Security Operation Services (with guidance and direction from senior's) before escalating to L3 (refer to SOC Service Catalogue) to ensure that an incident is timely escalated when needed.
- Performs timeline and information note-taking during M1 and P1 incidents to ensure that all details needed in completing the Security Incident report are documented.

We are recruiting for a passionate Junior Security Analyst who will be part of our Global Security Operation Centre Team in Manila. The role will serve as the Front-line support to counter an attack and performs in-depth analysis (based on received instruction, guidance and direction from a more senior-level role) to avoid an attack from happening.

He/She ensures that security controls and security solutions are reviewed, functioning, effective and running. The Jr. Security Analyst will be working under a senior's guidance in daily checking and monitoring Security Information and Event Management (SIEM). This ensures that a threat or any malicious activities/traffics are caught before impacting the business and its operation.

It is also the Jr. Security Analyst responsibility to ensure timely reporting of all problems or services detected not functioning to their senior's. It is the duty of security analyst's to react proactively to identify issues or problems within security solutions, systems, and networks. This way, systems or solutions are ensured functioning and operating as efficiently as possible.

Again with the close guidance and direction from seniors, Jr. Security analysts also must perform the initial tasks defined in Security Operation incident response. Mixing the tactics/strategy of either a Blue Team and/or Red Team for breaches, threats, viruses, malwares, malicious/suspicious traffics/activities and active attacks detected in Cambridge University Press & Assessment.

**Why should you join Cambridge?**

Our mission is to contribute to society through the pursuit of education, learning, and research at the highest international levels of excellence. Which is why every year, we give vital support to millions of people in more than 170 countries around the world. From teachers and learners to researchers and academics, we help to build confidence, unlock potential, and enable success. We give people the opportunity to show what they've learnt, we spread knowledge, spark enquiry, and aid understanding.

We achieve this by embracing change, and continuously focusing on our customers' needs. And by collaborating, and carefully listening to our customers and to each other, we keep moving forward, keep innovating, and keep finding newer and better ways of doing things.

**What can we offer you?**

The role is pivotal to the success of technology services for the organisation. There are no limits to the opportunities afforded to work with new and exciting technologies and highly talented people.

The Global Security Operation Centre team has a skill booster success program offered to all new joiners of the team. Your first 30 days is allocated to studying and completing BTL 1 Training, Certification, and hands-on laboratories (unlimited access). The program objective is to strengthen your confidence, skills and knowledge as a Blue Team technical defender. The course outline is as follows:

- SECURITY FUNDAMENTALS
- PHISHING ANALYSIS
- THREAT INTELLIGENCE
- DIGITAL FORENSICS
- SECURITY INFORMATION & EVENT MANAGEMENT
- INCIDENT RESPONSE

On top of these, working with Cambridge will also give you stability. We show our care for our people by allowing them to grow not just professionally but also personally. We promote work-life balance through flexible work

**What will you do in this role?**

The key to our work is our colleagues, whose shared commitment enables us to have an ever-greater impact. We are a united, vibrant, and respectful global community of people, and we ensure that every individual is recognised, listened to, and cared for. And because our impact is amplified when our people are empowered, we give everyone the opportunity to develop in their own way. Whether you want a career that's linear, or want to follow your own path, we'll support you, and help give you the resources and training you'll need to be bold and take ownership of what you do.

Global operation daily routine assignments are:

- Performs daily log monitoring, detection of abnormal activities, and threat hunting (Proactive mode) to ensure 24/7 protection to the business.
- Performs daily checking of Security operation tickets queue to ensure timely response to requests and incidents while maintaining the quality of service. Also uses existing procedures to solve routine or standard requests/incidents.
- Follows Incident Response (reactive mode) procedures, i.e. response to security alerts from SOC Global monitoring tools, malware attack, virus escalation, DDOS, the discovery of Data theft, etc., to ensure support efficiency and effectiveness.
- Provides L2 support for Security Operation Services (with guidance and direction from senior's) before escalating to L3 (refer to SOC Service Catalogue) to ensure that an incident is timely escalated when needed.
- Performs timeline and information note-taking during M1 and P1 incidents to ensure that all details needed in completing the Security Incident report are documented.