219 Incident Response jobs in the Philippines

The Incident Response Analyst will provide detection, containment, and analysis of security events to protect the confidentiality, integrity, and availability of information systems in accordance with the firm's business objectives, regulatory requirements, and strategic goals.

Responsibilities

• Provide Tier 2 incident response services to the global organization on behalf of the Information Security Team
• Receive, process, and resolve tickets per defined SLA's
• Analyze information garnered from monitoring systems, operational incidents, and other sources to determine the scope and impact of potential security incidents, and process accordingly
• Critically assess current practices and provide feedback to management on improvement opportunities
• Assist with the design and implementation of threat detection and prevention solutions identified as necessary for the protection of Firm assets
• Effectively utilize common IR toolsets, platforms, and processes, such as SIEM, log management, packet capture, and breach detection systems
• Assist with forensic examinations and chain-of-custody procedures as directed by the Security Incident Response Engineers
• Provide input into standards and procedures
• Report compliance failures to management for immediate remediation
• Maintain assigned systems to ensure availability, reliability, and integrity, including the oversight of current and projected capacity, performance, and licensing
• Provide status reports and relevant metrics to the Security Operations Manager
• Contribute to the Firm's security-related information repositories and other marketing/awareness endeavors
• Participate in special projects as needed

Skills and Experience

Education

• Possess a Computer Science Bachelor's Degree or substantial equivalent experience

Special Requirements, Licenses, and Certifications (desirable but not required):

• GSEC, GCIH, GCFE, GREM
• CISSP or SSCP

Experience

• Some professional experience in information security with a focus on incident response and forensics
• Foundational knowledge of IR concepts and best practices, including forensics and chain-of-custody
• Experience with common IR tools such as SIEM, log management, IDS, breach detection systems (APT/BDS/EDR), and packet capture.
• Broad understanding of TCP/IP, DNS, common network services, and other foundational topics
• Working knowledge of malware detection, analysis, and evasion techniques
• Able to conduct static and dynamic analysis of malware to extract indicators of compromise, profile malware behavior, and provide recommendations for mitigating and detecting malware;  Able to analyze suspicious websites, script-based and malware code
• Experience with vulnerability management tools such as Qualys, Nessus, or other vulnerability scanning discovery tools
• Broad familiarity with the threat landscape and the ability to adapt practices to evolving circumstances
• Identify, analyze, and report threats within the enterprise by using information collected from a variety of sources (IDS/IPS, SIEM, AV), to protect data and networks.  Implement techniques to hunt for known and unknown threats based on available threat intelligence reports and knowledge of the attacker's TTPs
• Able to gather and analyze facts, draw conclusions, define problems, and suggest solutions
• Maintain critical thinking and composure under pressure
• Strong written and oral communication skills.  Ability to convey complex concepts to non-technical constituents.
• Proficiency in oral and written English
• Capable of assisting with the preparation of internal training materials and documentation
• Able to be productive and maintain focus without direct supervision
• Passionate in the practice and pursuit of IR excellence
• Can exhibit a disciplined and rigorous approach to incident handling
• Willing to accommodate shift-based work for a global organization
• Provide exemplary customer service by striving for first-call resolution and demonstrating empathy, respect, professionalism, and expertise
• Experience with digital forensics on host or network and identification of anomalous behavior on the network or endpoint devices.  Familiar with host and network-based forensic tools such as EnCase, FTK, Sleuth Kit, X Ways, etc.

We are looking for a skilled Incident Response Specialist to lead the investigation and resolution of high-priority and escalated security incidents. In this role, you will work closely with internal teams to improve the bank's cybersecurity defenses and ensure timely response to threats.

Incident Handling & Investigation

• Lead investigations of complex or escalated security incidents.
• Perform deep-dive forensic analysis, including root cause and post-incident reviews.
• Act as an escalation point for other analysts during critical security events.
• Analyze incidents to assess impact, risk, and potential data compromise.

Threat Containment & Response

• Lead threat containment, eradication, and recovery efforts.
• Identify malware behavior, compromised systems, and data infiltration attempts.
• Provide guidance to teams on remediation and recovery strategies.
• Communicate response plans clearly to asset owners and other stakeholders.

Threat Intelligence & Analysis

• Use threat intelligence to assess scope and impact of attacks.
• Analyze network traffic, malware, and suspicious behaviors to support investigations.
• Support Threat Hunting and SOC Tool teams with new detection methods.

Documentation & Playbooks

• Document incidents thoroughly from detection to resolution.
• Develop, update, and test incident response procedures and playbooks.
• Participate in simulations and response drills to ensure readiness.

Collaboration & Support

• Work with Infrastructure & Operations teams to resolve incidents.
• Collaborate with the SOC Manager and Incident Response Lead to improve processes.
• Review system metrics and monitoring data to identify trends and anomalies.

Tool Management & Continuous Improvement

• Evaluate, recommend, and troubleshoot security tools and technologies.
• Contribute to improving SOC policies, procedures, and overall maturity.
• Stay informed about new threats, vulnerabilities, and compliance requirements.

Additional Responsibilities

• Perform other tasks as assigned by the CTMD Head.

• Education: Bachelor's degree in Computer Science, Cybersecurity, or a related field.
• Experience: Proven experience in incident response, malware analysis, and threat detection.

• Technical Skills:

• Strong understanding of network, system, and application security.

• Hands-on experience with SOC tools, threat intelligence platforms, and forensic tools.

• Soft Skills:

• Clear communication with both technical and non-technical stakeholders.

• Strong analytical, problem-solving, and decision-making abilities.
• Ability to perform under pressure and manage escalated incidents.
• Knowledge: Familiarity with regulatory requirements and cybersecurity frameworks (e.g., ISO, NIST, etc.).

Job Description:

Security Alert Triage

• Continuously monitoring security alerts generated by various security tools via SecOps and messaging apps (firewalls, intrusion detection systems, etc.)
• Analyzing alerts to determine their severity, legitimacy (potential false positives), and potential organizational impact.
• Prioritizing alerts based on a predefined risk assessment framework.

Initial Investigation

• Conducting basic investigations on prioritized alerts to gather additional context and evidence.
• Utilizing security tools and threat intelligence feeds to enrich their understanding of the incident.

Incident Classification and Reporting

• Classifying incidents based on predefined categories (e.g., phishing, malware, unauthorized access attempt).
• Documenting the incident details, including timeline, potential impact, and initial investigation findings.
• Reporting the incident to relevant internal stakeholders (security team leads, IT management).

Initial Containment

• Implementing basic containment actions based on the incident type (e.g., isolating compromised systems, disabling user accounts).
• This may involve following established playbooks or procedures for specific threats.

Job Qualifications:

Education: Bachelor's degree in computer science, Computer Engineering, Information Technology, Electronic and Communications Engineering, course with specialization in Cybersecurity, and another related course

Relevant Experience: Fundamental knowledge of Cybersecurity Concepts and Frameworks

Knowledge/Training: Service Management Framework, MITRE Framework, SIEM, SOAR, Network and Endpoint Security Tools

Certification/License: CompTIA Security+, Certified Blue Team, or any other Security Operations Related Certification is an advantage

Work Condition: Able to work onsite in Makati. The role will be part of a 24/7 shifting schedule.

Hiring for Incident Response Analyst

• Full-time

• Location: Taguig City

• Set-up: Hybrid (8x RTO per month)

• Schedule: Shifting every 2 months (Day, Mid, Night)

___

JOB SUMMARY:

To provide detection, containment, and analysis of security events to protect the confidentiality, integrity, and availability of information systems per the firm's business objectives, regulatory requirements, and strategic goals.

___

JOB RESPONSIBILITIES:

• At least 4 years of relevant experience
• 1-2 years forensic analysis

Job Types: Full-time, Permanent

Pay: Up to Php120,000.00 per month

Application Question(s):

• Are you amenable to work on hybrid set-up in Taguig?

Experience:

• Incident response: 4 years (Preferred)
• Forensic analysis: 2 years (Preferred)

Work Location: In person

Responsibilities:

• Provide Tier 2 incident response services to the global organization on behalf of the Information Security Team
• Receive, process, and resolve tickets per defined SLA's
• Analyze information garnered from monitoring systems, operational incidents, and other sources to determine the scope and impact of potential security incidents, and process accordingly
• Critically assess current practices and provide feedback to management on improvement opportunities
• Assist with the design and implementation of threat detection and prevention solutions identified as necessary for the protection of Firm assets
• Effectively utilize common IR toolsets, platforms, and processes, such as SIEM, log management, packet capture, and breach detection systems
• Assist with forensic examinations and chain-of-custody procedures as directed by the Security Incident Response Engineers
• Provide input into standards and procedures
• Report compliance failures to management for immediate remediation
• Maintain assigned systems to ensure availability, reliability, and integrity, including the oversight of current and projected capacity, performance, and licensing
• Provide status reports and relevant metrics to the Security Operations Manager
• Contribute to the Firm's security-related information repositories and other marketing/awareness endeavors
• Participate in special projects as needed

Requirements:

• Possess a Computer Science Bachelor's Degree or substantial equivalent experience
• At least
  4- 5 years
  relevant experience
• L2/L3 support with full IR lifecycle experience
  (Preparation, identification, containment, eradication/remediation, recovery, lessons learned/follow-up)

What we offer:

• Direct, fulltime and permanent work engagement
• Hybrid Work Arrangement: 8 times RTO per month. Must be amenable to render overtime, work on weekends and/or PH holidays if needed.
• Shifting Schedule
• Competitive Base Pay per month
• Up to 14
  th
  month pay
• 30 days PTO
• Others, to be discussed once candidate reached the offer stage

Position: Incident Response Analyst

Work Setup: Hybrid – 8x RTO per month

Work Location: (Insert company / confidential if needed)

Schedule: Rotating shifts (changes every 2 months)

• APAC: 6:00 AM – 3:00 PM
• EMEA: 2:00 PM – 11:00 PM
• WHEM: 10:00 PM – 7:00 AM (next day)
• Sunday–Thursday or Monday–Friday
• Note:

Must be amenable to render overtime, work on weekends and Philippine holidays when neededAbout the Role

We're looking for a highly analytical Incident Response Analyst to join our global Information Security Team. This role is responsible for detecting, investigating, and mitigating security incidents to protect the organization's systems and data. You'll collaborate with security engineers, analysts, and stakeholders worldwide to maintain a secure and resilient IT environment.

Key Responsibilities

• Provide Tier 2 incident response support, analyzing alerts and investigating potential security breaches.
• Receive, process, and resolve security tickets within defined SLAs.
• Use monitoring tools and log data to determine the scope and impact of incidents.
• Support forensic analysis and evidence handling following chain-of-custody procedures.
• Operate and maintain security tools such as SIEM, IDS/IPS, EDR, and breach detection systems.
• Assist in designing and implementing new threat detection and prevention measures.
• Create incident reports and maintain documentation of security events and resolutions.
• Participate in audits, compliance reviews, and improvement of security processes.
• Provide status reports and metrics to the Security Operations Manager.
• Collaborate on security awareness initiatives and contribute to incident response playbooks.

Qualifications

Education:

• Bachelor's degree in Computer Science, Information Technology, or equivalent experience.

Experience:

• Professional experience in Information Security, particularly in Incident Response or Digital Forensics.
• Hands-on experience with SIEM, log management, vulnerability scanners (Qualys, Nessus), and endpoint detection tools.
• Solid understanding of network protocols (TCP/IP, DNS), malware analysis, and threat-hunting techniques.
• Experience analyzing network or host-based forensic data using tools like EnCase, FTK, or Sleuth Kit.
• Strong problem-solving, analytical, and documentation skills.
• Excellent written and verbal English communication skills.

Certifications (Preferred):

• GCFE, GCFA, GCTI, GREM, GPEN, GWAPT, CISSP, or SSCP

Job Type: Full-time

Pay: Php65, Php100,000.00 per month

Education:

• Bachelor's (Preferred)

Experience:

• Incident Response: 4 years (Preferred)
• Threat Detection: 4 years (Preferred)
• Malware Analysis: 4 years (Preferred)

Work Location: In person

Position: Incident Response Analyst

Work Setup: Hybrid – 8x RTO per month

Work Location: BGC, Taguig

Schedule: Rotating shifts (changes every 2 months)

• APAC: 6:00 AM – 3:00 PM
• EMEA: 2:00 PM – 11:00 PM
• WHEM: 10:00 PM – 7:00 AM (next day)
  
  Sunday–Thursday or Monday–Friday
  
  Note: Must be amenable to render overtime, work on weekends and Philippine holidays when needed

We're looking for a highly analytical Incident Response Analyst to join our global Information Security Team. This role is responsible for detecting, investigating, and mitigating security incidents to protect the organization's systems and data. You'll collaborate with security engineers, analysts, and stakeholders worldwide to maintain a secure and resilient IT environment.

• Provide Tier 2 incident response support, analyzing alerts and investigating potential security breaches.
• Receive, process, and resolve security tickets within defined SLAs.
• Use monitoring tools and log data to determine the scope and impact of incidents.
• Support forensic analysis and evidence handling following chain-of-custody procedures.
• Operate and maintain security tools such as SIEM, IDS/IPS, EDR, and breach detection systems.
• Assist in designing and implementing new threat detection and prevention measures.
• Create incident reports and maintain documentation of security events and resolutions.
• Participate in audits, compliance reviews, and improvement of security processes.
• Provide status reports and metrics to the Security Operations Manager.
• Collaborate on security awareness initiatives and contribute to incident response playbooks.

Education:

• Bachelor's degree in Computer Science, Information Technology, or equivalent experience.

Experience:

• Professional experience in Information Security, particularly in Incident Response or Digital Forensics.
• Hands-on experience with SIEM, log management, vulnerability scanners (Qualys, Nessus), and endpoint detection tools.
• Solid understanding of network protocols (TCP/IP, DNS), malware analysis, and threat-hunting techniques.
• Experience analyzing network or host-based forensic data using tools like EnCase, FTK, or Sleuth Kit.
• Strong problem-solving, analytical, and documentation skills.
• Excellent written and verbal English communication skills.

Certifications (Preferred):

• GCFE, GCFA, GCTI, GREM, GPEN, GWAPT, CISSP, or SSCP

Executive search firm Monroe Consulting Group Philippines is recruiting on behalf of a prominent global law firm known for its extensive reach and expertise in various legal areas.

The position is based in
BGC, Taguig City, Philippines
with a shifting schedule (8-10 times RTO per month. Must be amenable to render overtime, work on weekends and/or PH holidays if needed).

Job summary

The
Incident Response Analyst
is responsible to provide detection, containment, and analysis of security events to protect the confidentiality, integrity, and availability of information systems per the firm's business objectives, regulatory requirements, and strategic goals.

Key Job Responsibilities
:

• Provide Tier 2 incident response services to the global organization on behalf of the Information Security Team.
• Receive, process, and resolve tickets per defined SLA's.
• Analyze information garnered from monitoring systems, operational incidents, and other sources to determine the scope and impact of potential security incidents, and process accordingly.
• Critically assess current practices and provide feedback to management on improvement opportunities.
• Assist with the design and implementation of threat detection and prevention solutions identified as necessary for the protection of Firm assets.
• Effectively utilize common IR toolsets, platforms, and processes, such as SIEM, log management, packet capture, and breach detection systems.
• Assist with forensic examinations and chain-of-custody procedures as directed by the Security Incident Response Engineers.
• Provide input into standards and procedures.
• Report compliance failures to management for immediate remediation.
• Maintain assigned systems to ensure availability, reliability, and integrity, including the oversight of current and projected capacity, performance, and licensing.
• Provide status reports and relevant metrics to the Security Operations Manager.
• Contribute to the Firm's security-related information repositories and other marketing/awareness endeavors.
• Participate in special projects as needed.

Key Job Requirements
:

• Possess a Computer Science Bachelor's Degree or substantial equivalent experience.
• Special Requirements, Licenses, and Certifications: GSEC, GCIH, GCFE, GREM / CISSP or SSCP desired.
• Some professional experience in information security with a Focus on incident response and forensics.
• Foundational knowledge of IR concepts and best practices, including forensics and chain-of custody.
• Experience with common IR tools such as SIEM, log management, IDS, breach detection systems (APT/BDS/EDR), and packet capture.
• Broad understanding of TCP/IP, DNS, common network services, and other foundational topics.
• Working knowledge of malware detection, analysis, and evasion techniques.
• Able to conduct static and dynamic analysis of malware to extract indicators of compromise, profile malware behavior, and provide recommendations for mitigating and detecting malware; Able to analyze suspicious websites, script-based and malware code.
• Experience with vulnerability management tools such as Qualys, Nessus, or other vulnerability scanning discovery tools.
• Broad familiarity with the threat landscape and the ability to adapt practices to evolving circumstances.
• Identify, analyze, and report threats within the enterprise by using information collected from a variety of sources (IDS/IPS, SIEM, AV), to protect data and networks. Implement techniques to hunt for known and unknown threats based on available threat intelligence reports and knowledge of the attacker's TTPs.
• Able to gather and analyze facts, draw conclusions, define problems, and suggest solutions.
• Maintain critical thinking and composure under pressure.
• Strong written and oral communication skills. Ability to convey complex concepts to non technical constituents. Proficiency in oral and written English.
• Capable of assisting with the preparation of internal training materials and documentation.
• Able to be productive and maintain focus without direct supervision.
• Passionate in the practice and pursuit of IR excellence.
• Can exhibit a disciplined and rigorous approach to incident handling.
• Willing to accommodate shift-based work for a global organization.
• Provide exemplary customer service by striving for first-call resolution and demonstrating empathy, respect, professionalism, and expertise.
• Experience with digital forensics on host or network and identification of anomalous behavior on the network or endpoint devices. Familiar with host and network-based forensic tools such as EnCase, FTK, Sleuth Kit, X Ways, etc.

About Penbrothers

Penbrothers is an HR & remote talent management partner and one of the fastest growing companies in the Philippines. We provide talented Filipinos with global opportunities in high-growth startups and dynamic companies, from the comfort of their own homes.

About the Client

Our client is Asia's premier cyber emergency response team, specializing in digital forensics and incident response services. We help organizations prepare for, respond to, and recover from cyber incidents, providing swift, discreet, and highly specialized expertise. With a team of cybersecurity specialists, we operate with a mission to make cyber resilience accessible, reliable, and actionable for all businesses across the region.

About the Role

You will manage high-profile cybersecurity investigations, coordinate with executives, clients, and stakeholders, and guide organizations through their most urgent moments of digital crisis. This role demands exceptional hands-on technical ability, strategic leadership, and the calm, decisive mindset required in fast-moving, high-stakes environments.

• Lead and execute high-stakes cyber incident response investigations, ensuring rapid containment, eradication, and recovery in mission-critical environments.
• Analyze forensic artifacts, attacker TTPs, and malware across complex hybrid infrastructures: including Windows, Linux, macOS, and cloud platforms.
• Perform full-spectrum DFIR operations, including disk imaging, memory acquisition, log analysis, threat hunting, and lateral movement investigations.
• Utilize scripting languages (Python, Bash, PowerShell) to automate response workflows, simulate adversarial techniques, and enhance investigative efficiency.
• Communicate strategic insights and technical findings to clients, executives, regulators, and law enforcement with clarity, confidence, and precision.
• Collaborate with engineering and R&D teams to refine internal tools, enhance proprietary tech, and accelerate operational readiness.
• Coordinate directly with external stakeholders: including legal teams, insurers, vendors, and government agencies, throughout incident lifecycles.
• Partner with sales consultants to scope potential engagements, provide technical insight during pre-sales, and contribute to internal upskilling, ensuring our commercial team is equipped to position our CIF capabilities with precision.
• Train, mentor, and uplift junior analysts, instilling elite tradecraft, professional discipline, and the company's standard of operational excellence.

What You Bring

• 3+ Years of Hands-On Experience in cybersecurity incident response, security operations as an analyst, digital forensics, or threat intelligence (consulting or in-house).
• Strong Technical Foundations across enterprise networks, security architecture, and cloud environments.
• Proficiency with Key DFIR Tools including EDR platforms, SIEMs, firewalls, and forensic toolkits (e.g., Splunk, ELK, SentinelOne, Checkpoint, Velociraptor, X-Ways).
• Operating System Mastery – Comfortable navigating and investigating across Windows, Linux, and macOS environments.
• Scripting and Automation Skills – Proficient in at least one scripting language (Python, Bash, or PowerShell), with a mindset for automating workflows and simulating adversary behavior.
• Calm Under Fire – Proven ability to lead or contribute to high-pressure, customer-facing IR engagements with poise and precision.
• Communication – Able to translate complex technical findings into strategic guidance for senior stakeholders, boards, and regulators.

Preferred Qualifications – What Sets You Apart

• Certifications – GCFA, GNFA, GREM, OSCP, or equivalent.
• Real-World Adversary Experience – Deep exposure to ransomware/extortion cases, dark web intelligence, and threat actor tracking.
• OT/ICS Proficiency – Experience working in air-gapped or critical infrastructure environments.
• Builder Mindset – Demonstrated experience in building cybersecurity tools, writing custom scripts, or contributing to open-source security projects.
• Backgrounds of Honor – Prior experience in military, law enforcement, or intelligence agencies is a strong plus.

Hiring Process

We utilize AI tools to enhance our hiring efficiency and ensure a fair evaluation of all candidates. As a result, candidates who passed our initial evaluations should expect an AI Interviewer as a component of our recruitment process. This is supervised by Human Talent Acquisition Experts who will also engage with you throughout your application journey.

What You'll Get

At Penbrothers, we are obsessed with creating positive employee experiences. Here you'll find an environment that nurtures learning and provides opportunities for growth. You'll have the opportunity to make an impact on fast-growing startups and dynamic companies.

• Meaningful work & Growth:
  We take every opportunity to stretch ourselves and deliver an excellent client experience.
• Employee as our biggest asset:
  We are genuinely invested in our people's career and welfare.
• Global reach & local impact:
  Get to work with high-growth startups and dynamic companies from the comfort of your own home.
• Powering global startups:
  We've created 1,400 Filipino jobs that empower global start-ups to focus on growth.