236 Infosec Analyst jobs in the Philippines

Job Description:

You will:

• You will be responsible for conducting various security activities, including feasibility studies, automation initiatives, vulnerability assessments (VA), threat monitoring, risk assessments, policy compliance scanning, and reporting.
• Your role will be crucial in identifying and mitigating security risks, ensuring policy compliance, and maintaining a secure environment for our organization.
• Conduct daily feasibility studies to assess the viability and effectiveness of potential security measures or initiatives.
• Collaborate with cross-functional teams to gather information and analyze the feasibility of implementing new security solutions.
• Prepare reports summarizing the findings and recommendations from feasibility studies.
• Identify opportunities for process automation within the security operations function.
• Perform daily application onboarding and assessment for vulnerability scanning.
• Respond to risk assessment requests related to architecture design and new applications.
• Evaluate security risks associated with exemption requests for WAF rules, Snyk findings, IP/URL whitelisting, and ad-hoc assessments.

Key Qualifications:

• Bachelor's degree in Computer Science, Information Security, or a related field.
• Solid understanding of information security principles, concepts, and best practices.
• Experience in conducting feasibility studies and performing risk assessments.
• Knowledge of vulnerability assessment tools and techniques.
• Familiarity with threat monitoring tools and practices.
• Relevant certifications (e.g., CISSP, CISM, CEH) are a plus.

Introduction
We're looking for an ITDR Security Analyst that will support the daily operational monitoring and incident handling for the ITDR platform. Analyst helps validate detections, execute tuning instructions, and ensure system readiness across Active Directory environments.

Your Role And Responsibilities

• Perform daily operational checks of ITDR collectors/connectors, domain connectivity, and platform health indicators.
• Monitor alert queues, validate detection accuracy, and escalate credible threats to SOC.
• Assist in incident enrichment using ITDR data and alert metadata for SOC use case alignment.
• Execute tuning configurations as guided by the Consultant.
• Help track false positive trends and document recommendations for future tuning.
• Document all configurations and integrations thoroughly for future reference and maintenance.
• Monitor platform integrations with other security platforms
• Raise technical issues to the Consultant after performing basic checks and log reviews.
• Generate weekly reports on alert volumes, false positives, system health, and notable anomalies.
• Maintain internal runbooks, procedures, and troubleshooting checklists for operations team reference.

Preferred Education
Bachelor's Degree

Experience
Required technical and professional expertise

• 1–3 years of experience in security operations or IT systems support with exposure to Active Directory environments.
• Working knowledge of Active Directory structure, policies, and authentication processes.
• Familiarity with identity-based threats, common AD attack vectors, and indicators of compromise.
• Basic understanding of SIEM tools, security alert triage, and log/event analysis.
• Ability to follow SOPs, perform health checks, and track operational tasks in a structured way.
• Exposure to ITDR solutions (e.g., Semperis, SentinelOne Singularity Identity Posture Management, or similar platforms) is preferred and will be considered a strong advantage.

Soft Skills

• Strong analytical mindset, with attention to detail and problem-solving capabilities.
• Effective communication skills for coordination with internal teams and escalation to Stakeholders.

Preferred Technical And Professional Experience
Certifications

• CompTIA Security+
• Microsoft Certified: Identity and Access Administrator Associate (or equivalent AD-focused certification)
• Microsoft Certified: Security Operations Analyst Associate
• Any foundational training or certification in Active Directory administration or security
• Any entry-level SOC analyst, ITDR, or cloud security certification

QUALIFICATIONS:

• At least 3-5 years as a VAPT Specialist/Offensive Security or other related roles.
• Hands-on experience in web and mobile application VAPT, following the OWASP Top 10 testing framework
• Proficient in using open-source and commercial security testing tools such as Kali Linux, Metasploit, Qualys, Nessus, Burp Suite, OWASP ZAP, etc.
• Working knowledge of web and mobile application development
• Ability to write assessment reports that are clear and understandable for both technical and non-technical audiences
• Cybersecurity certifications such as CEH, CISSP, or equivalent are preferred
• Should be amendable to work Hybrid (3x a week onsite - temporary) and 100% onsite in Ortigas in the future.

RESPONSIBILITIES:

• Conduct vulnerability assessment and penetration testing on web and mobile applications
• Provide detailed assessment report and recommendations following the preferred report format of the client, if available
• Provide assistance and consultation services to teams responsible for remediations
• Organize and conduct meetings or consultation sessions, when needed, to facilitate completion VAPT sub activities
• Independently manage and complete schedule of activities or assigned tickets
• Regularly submit progress report to immediate supervisors
• Ensure confidentiality of client information at all times

About Cloudtrace

Founded in 2018, Cloudtrace specialises in providing offensive and defensive cyber security services for public cloud environments. Our service offerings include penetration testing, red/purple teaming, 24/7 managed security services, PCI DSS QSA assessments and incident response.

Cloudtrace is a PCI Security Standards Council (SSC) Qualified Security Assessor Company (QSAC), a CREST accredited penetration testing provider and ISO 27001 certified by the British Standards Institution (BSI). Amazon Web Services (AWS) has designated Cloudtrace as an Advanced Tier Services partner with the Level 1 Managed Security Services Provider Competency and recognised us as the 2024 AWS Rising Star Consulting Partner of the Year for Australia and New Zealand.

Our Values

Customers are our compass:
Our customers drive our decision-making processes. We are dedicated to our mission of protecting them and work backwards from that.

We get things done:
When we work on something we own it. We love solving difficult challenges and we never make excuses. We know time is valuable and we don't waste it.

We are constantly learning:
Our team is passionate about what we do and are hungry for knowledge. It excites us that the work we do lets us learn more every day.

We are creators:
There is always a better way and we are obsessed with continually improving how we do things. Invention is in our DNA and we are all about rewriting the rules.

We take pride in our work:
If a job's worth doing its worth doing well. We pay attention to detail, deliver quality and encourage each other to be the best at what we do.

Why Join Us

Here's why passionate cyber professionals choose to work with us:

We make a real difference:
The work we do directly protects the global community from cybercriminals, making the digital world a safer place.

We are at the forefront of innovation
: Our customers are some of the brightest stars in technology and we work closely with them to secure their cloud-native platforms.

We are shaping the future of threat detection:
We are crafting a cloud-native threat detection service that changes the way modern application environments are protected.

We unlock potential with continuous learning
: We invest in career growth with training programs, attendance at security conferences, and mentorship from cloud security experts.

We are a collaborative fast-paced team:
Our team is made up of experts in the industry who share a passion for cyber security and building innovative technology.

The Role

We are looking for a technical lead to join our fast-growing Threat Detection and Response (TDR) team and help us forge a next-generation cloud native managed security service. This role would suit someone currently in a senior security operations or DevOps role that is looking to take the next step in their career and become an expert in cloud security.

Our philosophy is that solid defense requires intimate knowledge of offensive tactics. Our managed security service leverages our penetration testing and red team expertise to ensure our TDR team is across current cyber-attack techniques. This, combined with our cloud-native tooling and deep understanding of AWS services, allows us to deliver best-in-class protection for AWS customer environments.

The successful candidate will work closely with our experienced offensive security and incident response teams to understand the latest TTPs used in real world breaches. That knowledge will be used to continually improve our next generation threat detection service and protect our customers from cyber-attacks. Cloudtrace customers include start-ups, scale-ups, enterprises and state/federal government agencies, giving this role exposure to a range of technologies and industry sectors.

Your Responsibilities

Our in-house SIEM platform, built on Amazon Security Lake, ingests telemetry from AWS services, endpoint security products and third-party SaaS vendors. You be working with our team to continuously improve the detection and investigation capabilities of the platform. You will use findings from our offensive team engagements and MITRE ATT&CK Matrices to detect the latest threat IOCs and TTPs used by highly skilled adversaries.

You will be responding to alerts generated by our SIEM platform and investigating complex attack chains to ensure breaches are rapidly discovered and contained. Using penetration testing techniques, you will also validate any security exposures detected by our Attack Surface Management (ASM) platform and review the security of new customer assets identified by the platform discovery engine.

Your Typical Day

This is not a typical SOC role where you wait for SIEM alerts to come through, you will be constantly applying your current skillset across different areas and learning new skills every day. A typical day will include enhancing the capabilities of our TDR service, using exploit POCs to validate real cyber threats, and giving security advice to customers in shared slack channels.

Your daily activities will include the following:

Investigating and responding to potential cyber threats

• Ownership through to resolution of alerts generated by our SIEM and ASM platforms
• Liaising with customers to provide updates on alert investigation status
• Escalating to our offensive security team for validation of complex exposures
• Closing alerts with investigation outcomes once appropriate action has been taken
• Review of new assets discovered by our ASM platform and assessing exposure risk

Developing high signal threat detection rules

• Tuning existing rules to reduce false positive rates
• Developing new rules to search and alert on threat activity
• Engaging our offensive security team for rule testing

Managing a best-in-class cloud TDR solution

• Updating event ingestion pipelines to enrich data for threat detection rules
• Monitoring CloudWatch metrics and modifying AWS service configurations as required
• Reviewing OpenSearch metrics and modifying index configurations as required
• Developing and maintaining runbooks that improve our threat detection processes
• Automation of routine tasks such as filtering low-priority alerts and sending notifications

You will also be using your client facing and engineering skills to work collaboratively with the broader team on projects and periodic reporting. These activities will include:

• Assistance with onboarding of new clients to our TDR and ASM platforms
• Integration of new log sources for existing TDR clients
• Generation of reports for our managed service clients
• Presentation of report content to our managed service clients

Your Experience

You will need 5+ years' experience in the following areas:

• Cyber security operations covering endpoints and cloud services
• Tuning SIEM rules for accurate threat detection

Your Skills

The following base technical skills are required for this role:

Endpoint Security

Understanding of endpoint cyber threats and attack vectors including:

• Malware (e.g. Ransomware)
• Adversary in the Middle Attacks

Network Protocols

Understanding of common internet protocols, including:

• TCP/IP
• HTTP
• DNS
• TLS

AWS

Configuration of basic AWS services via console and CLI, including:

• EC2 Instances
• Security Groups
• IAM Permissions

Data Analysis

• Ability to write data queries using syntax such as SQL, DSL, KQL or ES|QL
• Ability to extract relevant data in spreadsheets using formulas and functions

Linux

• Command line navigation and file operations
• Scripting for automation using Bash and Python

The following non-technical skills are required for this role:

• Clear communication of technical information to both technical and non-technical audiences
• Problem solving and critical thinking to approach problems from different angles and identify potential solutions
• Ability to independently find information from internet resources and use that to solve complex problems
• Strong organisational skills with the proven ability to meet deadlines in a fast-paced environment
• Ability to make quick decisions under pressure, weighing risks and benefits to choose the best course of action
• Ability to interpret data, identify patterns, and draw conclusions from complex information

Responsibilities:

a) 24/7 Incident Response

• Perform triage, assess severity of incidents
• Investigate and contain security incidents
• Execute predefined response procedures

b) 24/7 Alerts Monitoring

• Continuously monitor security alerts, logs, and network traffic
• Identify potential threats or anomalies

c) Suspicious Email Analysis and other Security Validations

• Respond to reported suspicious emails
• Analyze suspicious emails, trigger email threat remediation actions
• Perform validations for reported suspicious activities and other cybersecurity concerns
• Provide recommendations on analyzed concerns

d) Documentations and other tasks

• Assist in developing and executive Recovery Plan
• Participate in investigations or forensics activities
• Participate in change management processes
• Assist in troubleshooting hardware and software issues of Collectors and MXDR agents
• Documentation of Incident Reports, weekly/monthly reporting, maintenance of
• trackers and other relevant documents
• Detection Rules review and configuration

e) Threat Intelligence duties

• Performance relevant Threat Intelligence team responsibilities such as, but not limited to:
• Indicators of compromise (IOCs): Collect, analyze, disseminate, and initiate
• blacklisting
• Compromised accounts: Monitor and validate Client's password leaks
• Brand protection initiatives: hunting of trademark infringements and other
• violations, impersonations, and sales scams. Perform validations, request for
• takedown, and monitoring

Others

• Threat Intel publications and release of advisories, and other reports
• Monitor releases of new vulnerability advisories, disseminate and track
• Monitor of other potential leaks relating to Client (e.g. code repository, database, etc.)
• Implement and enforce security policies, procedures, and best practices.
• Track and validate security controls, addressing deviations and risks.
• Should be experience in L2 incident response such as containment, isolation, root cause analysis and deep probing analysis.

Qualifications:

• Bachelor Graduate of Computer Science, IT or other related course
• Have at least 2 - 5 years - Mid level as a SOC Analyst or Security Engineer  with Threat Intelligence and Threat Detection engineering.
• Amendable to work 100% onsite in Ortigas and shifting
• Proficient in documentation, strong incident, attack response and containment skills.
• Threat hunting and use case development is a plus/ideal.

What do we have in store for you?

• A professional career adapted to your personal goals, with growth and development opportunities for all professionals
• Challenging projects with impact for leading clients in a wide range of industries
• Competitive renumeration and flexible benefits package which you may customize based on your individual needs and lifestyle
• Continuous learning and development through our Open University's virtual campus, with access to the Udemy for Business platform with more than 3,000 specialized courses
• Meaningful engagement with other employees while leading a balanced and healthy lifestyle through our clubs and various sports activities

Join Indra and have a professional career adapted to your personal goals, with continuous training in a flexible environment, and where people are the core.

Diversity is a key element of our culture. Our policies reflect our commitment to equal opportunities and recognizing the value of people and their work, and the social and natural environment wherein we operation. As such, equal opportunities, diversity, respect for people and non-discrimination (race, gender, language, religion, disability, sexual orientation, opinion, origin, economic position, birth, union membership or any other personal/social condition or circumstance) are basic principles of action for all the company's Professionals, as well as our Partners.

Responsibilities:

• Actively monitor, detect, and respond to security alerts and incidents per defined SLA.
• Incidents are acknowledged and responded to within the agreed response SLO
• Perform alert triage and analysis including asset and custodian identification, reputational checking, and alert validation
• Perform containment and eradication within the agreed response SLO
• Ensures resolution of incidents within the defined SLOs
• Utilize IR toolsets such as ServiceNow, EAS, IPS, WAF, NAC, Firewall etc
• Timely submission of Operational Performance reports/dashboards/value reports for consumption of management

Qualifications:

• Bachelor's degree of Information Technology, Computer Science, Computer Engineering
• At least 1-2 years' work experience in Incident Response
• Knowledgeable in Security Monitoring and Service Management Tools