216 Security Incidents jobs in the Philippines

Summary

Support the global Information Security Team by detecting, analyzing, and responding to security incidents. Help protect the firm's systems and data based on business needs and compliance requirements.

Key Responsibilities

• Handle Tier 2 security incidents and resolve tickets within SLA
• Analyze alerts and data to assess potential threats
• Recommend improvements to current security practices
• Help design and implement threat detection tools
• Use tools like SIEM, log management, and packet capture
• Assist with forensic investigations and evidence handling
• Maintain system reliability and performance
• Report issues and metrics to management
• Contribute to security awareness and documentation
• Join special projects as needed

Required Skills & Experience

• 4–5 years of relevant experience
• Strong background in digital forensics

Hands-on experience in:

• Incident Response
• Threat Detection
• Malware Analysis
• Forensics & Incident Handling
• Network Traffic Analysis
• SOAR & Threat Intelligence
• EDR & Vulnerability Management
• Cloud Forensics & Incident Response
• SIEM tools

Work Schedule:
Rotating shifts every 2 months

• APAC: 6am–3pm
• EMEA: 2pm–11pm
• WHEM: 10pm–7am (next day)
• Workdays: Sunday–Thursday or Monday–Friday

Primary Details
Time Type: Full time

Worker Type: Employee

The role is to provide an effective and proactive response to cybersecurity-related events and incidents to protect QBE's assets and services.

In addition, the role will support business stakeholders in the event of a security incident, and support incident management and escalation processes to the appropriate incident management teams.

We are looking for Tier 1 level support that will investigate a diverse set of alerts. The role should adapt to any changes in security operations to comply with various business requirements.

Job Description

• Be part of a globally distributed team (24x7) that will use several security tools (e.g., SIEM, email triage platform, cloud security tooling, EDR solutions, etc) to investigate suspicious events.
• Proactively monitor and respond to suspicious or true positive incidents across our security platforms.
• Perform initial incident analysis of various security alerts by analysing and investigating security-related logs harvested from various security signals.
• Provide recommendations and initial assessments to Tier 2 resources for deeper analysis and triage.
• Perform timely escalation of cybersecurity incidents to Tier 2 resources and incident responders using incident management tools and other available channels.
• Conduct research using various proprietary and open-source tools to identify current and emerging threats and risks to QBE.
• Provide assessment and recommendations to mitigate potential threats or suppress any occurring false positive alerts.
• Perform ad-hoc tasks and completion of goals relating to ongoing projects and initiatives.
• Generating reports and providing insights on the efficacy of the current security tools, incident responses, procedures, and other security-related information.

Required knowledge and skills:

• Bachelor's degree in computer science, programming, or IT-related field. Fresh graduates are welcome to apply.
• The ability to work in a fast-paced and time-sensitive role.
• Be able to communicate effectively and update various stakeholders globally.
• Proactive, analytical, and able to solve complex investigations.
• Understanding of known threat actors, techniques, and procedures that modern attackers use to compromise organisations.

Advantage, but not required knowledge and skills:

• 1-3 years relevant security experience performing similar duties working in a Security Operation Centre, Cybersecurity, and other IT-related fields.
• Advanced training or certifications (e.g., ISC2, ISACA, SANS, Azure, etc.)
• Knowledge of security solutions and technologies like Windows, Linux, IPS/IDS, Firewalls, Email gateways, proxy technologies, cloud solutions, endpoints, and mobile devices.
• Be able to perform correlations and analytics with diverse types of logs, i.e., network, active directory, database, DNS, firewalls, proxies, host-based security, cloud, and applications logs.

Benefits in joining our team:

• Be part of a global team and enrich your cybersecurity technical skills from subject matter experts.
• Tailored professional development.
• Exclusive access to industry-leading training platforms.
• Opportunity to get firsthand experience across industry-leading security tools.
• We are a team that values diversity and inclusion.

QBE Cultural DNA

• Everything we do at QBE is underpinned by our DNA (which interlinks seven cultural elements) – because we know it's not just what we do that matters, it's how we do it that makes the difference. We expect all employees to role model and inspire the right behaviours that link to our cultural elements:
• We are customer-focused
• We are technical experts
• We are inclusive
• We are fast-paced
• We are courageous
• We are accountable
• We are a team
• All employees are expected to adhere to QBE's Code of Ethics and Conduct and apply sound risk management practices

US Only - Travel Frequency

• Infrequent (approximately 1-4 trips annually)

US Only - Physical Demands

• General office jobs: Work is generally performed in an office environment in which there is not substantial exposure to adverse environmental conditions. Must have the ability to remain in a stationary position for extended periods of time. Must be able to operate basic office equipment including telephone, headset and computer. Incumbent must be able to lift basic office equipment up to 20 lbs.

US Only - Disclaimer

• To successfully perform this job, the individual must be able to perform each essential job responsibility satisfactorily. Reasonable accommodations may be made to enable an individual with disabilities to perform the essential job responsibilities.

Job Type

• Individual Contributor

Australia/New Zealand Only - Advice/Non-Advice

• Non-Advice: This role is not authorised to provide financial product advice to retail customers in respect of General Insurance products. Financial product advice, means a statement or recommendation made to a retail customer with the intention of influencing their decision in considering a general insurance product.

Global Disclaimer

• The duties listed in this job description do not limit the assignment of work. They are not to be construed as a complete list of the duties normally to be performed in the position or those occasionally assigned outside an employee's normal duties. Our Group Code of Ethics and Conduct addresses the responsibilities we all have at QBE to our company, to each other and to our customers, suppliers, communities and governments. It provides clear guidance to help us to make good judgement calls.

Skills:
Adaptability, Business Continuity, Communication, Critical Thinking, Customer Service, Cybersecurity Risk Management, Digital Forensics, Forensic Investigations, Intentional collaboration, Malware Analysis, Managing performance, Process Improvements, Reporting and Analysis, Risk Management, Stakeholder Management

How to Apply:

To submit your application, click "Apply" and follow the step by step process.

Equal Employment Opportunity:

QBE is an equal opportunity employer and is required to comply with equal employment opportunity legislation in each jurisdiction it operates.

The Security Analyst function protects the bank's information assets through continuous monitoring, incident response, threat detection, and control validation. It translates security policies into operational controls, manages vulnerabilities, performs threat hunting, and oversees attack surface management. The function also supports threat intelligence sharing and ensures alignment with regulatory requirements.

Duties and Responsibilities:

Monitoring & Detection

• Monitor dashboards for asset inventory, user behavior, and unauthorized changes.
• Triage SIEM alerts and follow established playbooks for escalation.

Policy & Documentation Support

• Assist in version control and review of infosec policies, procedures, and awareness materials.
  
  Maintain tracking for policy updates and training compliance.

Third-Party & Firewall Review

• Maintain onboarding checklist for outsourced providers using BSP outsourcing criteria.
• Track and verify firewall rule changes and coordinate reviews with infrastructure teams.

API, Cloud & System Logging

• Gather logs from APIs, cloud IAM systems, and backend services to support security investigations.
• Monitor cloud activity for signs of abnormal access or misconfiguration.

AppSec & KYC Support

• Perform baseline scans for lower-risk apps and assist in fixing findings with developers.
• Monitor onboarding and KYC behavior for fraud or identity anomalies.

Coordination & Reporting

• Coordinate interviews during incident investigations, gather audit evidence, and maintain compliance reports.
• Track patch statuses, configuration changes, and alert resolutions across teams. Other tasks as assigned by his/her immediate supervisor

Qualification:

• Bachelor's degree in Information Technology or Security, Cybersecurity, Computer Science, or equivalent.
• At Least 3  years in infrastructure/app security, ideally in fintech, banking, or SaaS environments.
• Proficient in AWS/GCP, Kubernetes, Terraform, CI/CD pipelines, network or network security, security operations, threat detection and hunting, and  vulnerability management.
• Hands-on with Burp Suite, SIEM/SOAR tools.
• Scripting skills (Python, Bash, Go) for automation and tooling is a plus.

Primary Details

Time Type: Full timeWorker Type: EmployeeThe role is to provide an effective and proactive response to cybersecurity-related events and incidents to protect QBE's assets and services.

In addition, the role will support business stakeholders in the event of a security incident, and support incident management and escalation processes to the appropriate incident management teams.

We are looking for Tier 1 level support that will investigate a diverse set of alerts. The role should adapt to any changes in security operations to comply with various business requirements.

Job Description

• Be part of a globally distributed team (24x7) that will use several security tools (e.g., SIEM, email triage platform, cloud security tooling, EDR solutions, etc) to investigate suspicious events.

• Proactively monitor and respond to suspicious or true positive incidents across our security platforms.

• Perform initial incident analysis of various security alerts by analysing and investigating security-related logs harvested from various security signals.

• Provide recommendations and initial assessments to Tier 2 resources for deeper analysis and triage.

• Perform timely escalation of cybersecurity incidents to Tier 2 resources and incident responders using incident management tools and other available channels.

• Conduct research using various proprietary and open-source tools to identify current and emerging threats and risks to QBE.

• Provide assessment and recommendations to mitigate potential threats or suppress any occurring false positive alerts.

• Perform ad-hoc tasks and completion of goals relating to ongoing projects and initiatives.

• Generating reports and providing insights on the efficacy of the current security tools, incident responses, procedures, and other security-related information.

Required knowledge and skills:

• Bachelor's degree in computer science, programming, or IT-related field. Fresh graduates are welcome to apply.

• The ability to work in a fast-paced and time-sensitive role.

• Be able to communicate effectively and update various stakeholders globally.

• Proactive, analytical, and able to solve complex investigations.

• Understanding of known threat actors, techniques, and procedures that modern attackers use to compromise organisations.

Advantage, but not required knowledge and skills:

• 1-3 years relevant security experience performing similar duties working in a Security Operation Centre, Cybersecurity, and other IT-related fields.

• Advanced training or certifications (e.g., ISC2, ISACA, SANS, Azure, etc.)

• Knowledge of security solutions and technologies like Windows, Linux, IPS/IDS, Firewalls, Email gateways, proxy technologies, cloud solutions, endpoints, and mobile devices.

• Be able to perform correlations and analytics with diverse types of logs, i.e., network, active directory, database, DNS, firewalls, proxies, host-based security, cloud, and applications logs.

Benefits in joining our team:

• Be part of a global team and enrich your cybersecurity technical skills from subject matter experts.

• Tailored professional development.

• Exclusive access to industry-leading training platforms.

• Opportunity to get firsthand experience across industry-leading security tools.

• We are a team that values diversity and inclusion.

QBE Cultural DNA

• Everything we do at QBE is underpinned by our DNA (which interlinks seven cultural elements) – because we know it's not just what we do that matters, it's how we do it that makes the difference. We expect all employees to role model and inspire the right behaviours that link to our cultural elements:
• We are customer-focused
• We are technical experts
• We are inclusive
• We are fast-paced
• We are courageous
• We are accountable
• We are a team
• All employees are expected to adhere to QBE's Code of Ethics and Conduct and apply sound risk management practices

US Only - Travel Frequency

• Infrequent (approximately 1-4 trips annually)

US Only - Physical Demands

• General office jobs: Work is generally performed in an office environment in which there is not substantial exposure to adverse environmental conditions. Must have the ability to remain in a stationary position for extended periods of time. Must be able to operate basic office equipment including telephone, headset and computer. Incumbent must be able to lift basic office equipment up to 20 lbs.

US Only - Disclaimer

• To successfully perform this job, the individual must be able to perform each essential job responsibility satisfactorily. Reasonable accommodations may be made to enable an individual with disabilities to perform the essential job responsibilities.

Job Type

• Individual Contributor

Australia/New Zealand Only - Advice/Non-Advice

• Non-Advice: This role is not authorised to provide financial product advice to retail customers in respect of General Insurance products. Financial product advice, means a statement or recommendation made to a retail customer with the intention of influencing their decision in considering a general insurance product.

Global Disclaimer

• The duties listed in this job description do not limit the assignment of work. They are not to be construed as a complete list of the duties normally to be performed in the position or those occasionally assigned outside an employee's normal duties. Our Group Code of Ethics and Conduct addresses the responsibilities we all have at QBE to our company, to each other and to our customers, suppliers, communities and governments. It provides clear guidance to help us to make good judgement calls.

Skills:

Adaptability, Business Continuity, Communication, Critical Thinking, Customer Service, Cybersecurity Risk Management, Digital Forensics, Forensic Investigations, Intentional collaboration, Malware Analysis, Managing performance, Process Improvements, Reporting and Analysis, Risk Management, Stakeholder Management

How to Apply:

To submit your application, click "Apply" and follow the step by step process.

Equal Employment Opportunity:

QBE is an equal opportunity employer and is required to comply with equal employment opportunity legislation in each jurisdiction it operates.

Cyber Security Analyst
Location:
Remote / Flexible (with overlap to US CST)

Department:
Security Operations

Schedule:
Monday–Friday, 8:00 AM–5:00 PM US CST (flexibility +/- 3 hours)

Salary: PHP
80,000 to 95,000/mo (paid bimonthly)

About The Role
As a
Cyber Security Analyst,
you will play a key role in supporting our Incident Response and

Security Operations programs, ensuring the safety and integrity of both the company and our clients'

systems. You will be responsible for monitoring, identifying, and investigating security events,

responding to incidents in a timely and structured manner, and escalating issues as needed. This

role requires strong analytical skills, attention to detail, and a passion for staying ahead of emerging

cybersecurity threats.

Key Responsibilities

• Develop an understanding of Marco's information systems, managed technology

solutions, and security architecture.

• Monitor security solutions, tickets, and communication channels to identify and triage

potential threats.

• Respond promptly to escalated incidents, perform investigations, and provide thorough

post-event analyses.

• Collaborate with clients, internal teams, vendors, and legal stakeholders to manage and

resolve security threats.

• Stay updated on the latest threat intelligence, security breaches, malware, and regulatory

changes.

• Continuously tune, manage, and evaluate security solutions for effectiveness.
• Follow the company's incident response plan and maintain proficiency with the NIST

Cybersecurity Framework (CSF).

• Document investigations, maintain accurate records, and comply with administrative

procedures.

• Participate in on-call rotation and provide after-hours support when required.
• Attend team and company meetings and contribute to daily security management tasks.
• Perform additional duties as assigned in line with company policies.

Qualifications

• Associate degree in Computer Science, Cybersecurity, Information Security, or related field

preferred.

• 1+ years in information technology, cybersecurity, or related experience (or equivalent

combination of education and experience).

• Certifications (preferred): Security+, CISSP, CISA, CEH, GSOC, or equivalent incident

response/forensics certifications.

• Understanding of IT service management and security operations concepts.
• Knowledge of common security products (firewalls, EDR, SIEM, network security, PIM/PAM

solutions).

• Proficiency with Microsoft Office and business collaboration tools.
• Strong organizational and time management skills with attention to detail.
• Excellent verbal and written communication skills across technical and non-technical

audiences.

• Self-motivated, proactive, and able to work independently with minimal supervision.
• Integrity, professionalism, and commitment to organizational values.
• Dedication to continuous improvement and delivering high-quality results.

Position Summary:

The Security Consultant will be responsible for maintaining the safety and integrity of the organization's or client's online systems and networks. This role includes proactive monitoring, implementation of security measures, and providing expert consultation on best practices and compliance requirements.

Required Certifications
(must be obtained prior to employment):

• Microsoft AZ-500 – Microsoft Certified: Azure Security Engineer Associate

• Microsoft SC-100 – Microsoft Cybersecurity Architect

Key Responsibilities:

• Deploy, configure, and administer Microsoft Entra ID and Microsoft 365 (M365) environments

• Conduct information security management reviews and Information Security Management System (ISMS) assessments

• Perform continual testing on current systems to identify potential vulnerabilities or security threats

• Ensure technical implementations are aligned with business processes and objectives

• Lead the design, implementation, operation, and maintenance of security management systems

• Participate in the creation, review, and updating of information security policies

• Provide complex technical advice, recommendations, and consulting on networks, infrastructure, and services

• Recommend and implement IT strategies, technologies, and policies to safeguard customer information and assets

• Advise on hacking tools, techniques, and advanced malware detection practices

• Formulate and support an IT security incident response strategy, including proper notification protocols

• Prepare security reports for internal and external stakeholders with clear recommendations and solutions

• Provide or support the development of implementation documentation

• Stay current on secure coding practices, cyber threats, and security trends

• Support compliance with regulatory, contractual, and client-specific security requirements

Qualifications:

• Bachelor's degree in Cybersecurity, Information Technology, or a related field (or equivalent experience)

• Proven experience in a security analyst or consultant role

• Strong knowledge of Microsoft Azure, M365, and Entra ID platforms

• Excellent communication and problem-solving skills

• Ability to work independently and collaboratively across departments and with clients

SUMMARY

• Position Shift: Monday to Friday, 8:00PM - 5:00AM PHT (8:00AM to 5:00PM EST)
• Location: Clark Freeport Zone, Pampanga, Philippines
• Position Type: Full Time Employee
• Salary: To be determined based on qualification associated with job role
• Work set-up: Temporary WFH for Cebu-based new hires (subject to change to Hybrid)

We are seeking an L1 SOC Analyst to join our Security Operations Centre (SOC) team. The SOC Analyst will work on a shift basis and will be responsible for monitoring, analysing, and responding to security alerts and incidents to ensure the protection of our customers and company's assets, systems, and data.

The ideal candidate will have a strong interest in cybersecurity and a desire to learn and grow in the field.

Our mission is to provide the highest quality outsourced IT and Cyber Security services for our clients, with responsive and effective communication at the core of our operations. We maintain excellence in our services through the continuous enhancement of our expertise, processes, and strategic technology partnerships.

Key Responsibilities

• Monitor security alerts generated by various security tools and systems, including XDR, SIEM, endpoint protection, and firewall logs.
• Analyse and investigate security events and incidents to determine the root cause and potential impact.
• Perform vulnerability management analysis and reporting to proactively improve the posture of our customers environments.
• Perform security incident response activities, including containment, eradication, and recovery.
• Collaborate with other SOC team members to maintain and improve security operations processes and procedures.
• Maintain accurate and timely incident records in the company's incident management system.
• Participate in SOC training programs to develop skills and knowledge in the cyber security field.
• Work on a shift basis, including weekends and holidays, ensuring 24/7 coverage and response readiness.

Qualifications and interests

• Personal and/or professional experience in Computer Science, cyber security, or a related field.
• Well-rounded knowledge of security and able to work independently, identify and drive improvement and always strive for excellence.
• Experience in cyber security (lab based or professional) and/or IT operations.
• Familiarity and understanding of security technologies such as SIEM, IDS/IPS, endpoint protection, and firewalls.
• Knowledge of XDR and Security tooling such as CrowdStrike, Microsoft Defender, Azure Sentinel and Vulnerability management solutions.
• Knowledge of common attack techniques, vulnerabilities, and mitigation strategies.
• Strong analytical and problem-solving skills.
• Ability to work independently and as part of a team.
• Strong written and verbal communication skills including report writing.
• Fluent in British-English both written and verbally.
• Willingness to work on a shift basis, including weekends and holidays.

We offer a fantastic lifestyle-driven working environment, personal and professional training and development to assist in your growth in the cyber security field as well as mentorship from experience Cyber Security professionals.

Job Type: Full-time

Pay: Up to Php55,000.00 per month

Experience:

• Security Analyst: 2 years (Required)

Work Location: In person

• Salary:

₱60,000 - ₱81,000
- Location:

Manila
- Country:

Philippines
- Business Unit:

Technology
- Vacancy Type:

Permanent
- Closing Date:

8 November 2025

Beige Sales

Work setup: We operate in a hybrid work environment, and we encourage applicants who are open to working in the office two days a week to apply.

Work schedule: 15:00 to 23:00 Manila time, with flexibility during major incidents or to support shifting schedules.

Employment type: Permanent

Location: Makati City, Metro Manila

Pay range: We value transparency and want to ensure a good fit for both parties. We encourage applicants who are comfortable within the salary range of Php 60,000 to 81,000 to apply.

Discover a world of endless possibilities with Cambridge University Press & Assessment, a distinguished global academic publisher and assessment organisation proudly affiliated with the prestigious University of Cambridge.

We are looking for a Security Analyst to join our Global Security Operations Centre (SOC) in Manila. In this key role, you will monitor, investigate, and respond to security alerts while proactively strengthening defences to prevent future incidents. You will analyse SIEM logs, contribute to incident response, and provide guidance to junior analysts to ensure effective threat containment. Collaborating with global teams, you will help protect sensitive data, enhance operational resilience, and support the organisation's overall security maturity.

Why Cambridge?

Cambridge University Press & Assessment is a world-renowned not-for-profit academic publisher and assessment organisation, proudly part of the prestigious University of Cambridge. With a legacy rooted in over 800 years of educational excellence, we are dedicated to unlocking the potential of learners and educators across the globe.

Joining Cambridge's second largest global office in the Philippines —operating for over 22 years with 1,300+ colleagues— means becoming a part of an extraordinary institution renowned worldwide. We are recognised as a Great Place to Work for three consecutive years, reflecting our inclusive culture, strong sense of purpose, and commitment to the professional growth and well-being of our people. At Cambridge, we don't just publish books or deliver tests—we empower progress, inspire curiosity, and champion the pursuit of knowledge.

What can you get from Cambridge?

At Cambridge, you'll become a part of a vibrant and forward-thinking community that transcends tradition, fostering a culture of continuous growth and personal development. Here, we provide the right environment for you to thrive, supporting your professional journey and empowering you to reach your highest potential, that is why our pay philosophy is intricately tied to your skills and competencies, ensuring that your compensation aligns with the unique value you bring to the role you are applying for.

The organization offers a wide range of benefits and opportunities including:

• Regular Employment on Day 1
• HMO Coverage and Life Insurance on Day 1
• Paid Annual Leaves (Vacation, Well-being, Flexible, Holiday, and Volunteering leaves)
• Vesting/Retirement package
• Opportunities for career growth and development
• Access to well-being programs
• Flexible schedule, hybrid work arrangement and work-life balance
• Opportunity to collaborate with colleagues from diverse branches that will expand your horizons and enrich your understanding of different cultures

What will you do as a Security Analyst?

Reporting to the Security Operations Lead, you will help defend our network infrastructure against cyber threats.

Your responsibilities will include:

• Monitor system logs daily to detect unusual activity and perform proactive threat hunting to protect the business around the clock.
• Analyse and resolve incidents using established procedures, ensuring timely and accurate responses.
• Follow incident response processes for alerts such as malware, DDoS attacks, and data breaches, escalating when necessary.
• ProvideLevel 2 support for Security Operations, escalating to Level 3 when required.
• Assess and report security risks across networks, systems, and applications.
• Maintain and update documentation, processes, and procedures to keep them current and useful.
• Stay informed about new cybersecurity threats, technologies, and trends.

What makes you the ideal candidate for this role?

An ideal candidate has the following qualities:

Essential:

• Proven professional experience in IT or Security Operations (e.g., technical support or junior security analyst roles).
• Solid understanding of information security through hands-on experience and formal training.
• Practical knowledge of key security tools and technologies such as firewalls, IDS/IPS, DLP, endpoint security, data encryption, NAC, web/email filtering, penetration testing, forensics, and SIEM.
• Clear written and verbal communication skills, able to explain issues to both technical and non-technical audiences.
• The ability to stay calm and focused under pressure.

Desirable:

• Knowledge of security frameworks and standards like ISO 27001 and PCI DSS

Are you driven by desire to be part of a globally renowned institution that celebrates innovation, embraces inclusion, and empowers learners? Then, we invite you to Pursue your Potential with us.

Applications received through the system will be reviewed on a rolling basis and may close the vacancy once sufficient applications are received. Therefore, if you are interested, tailor-fit your CV (advantageous if you submit one with a Cover Letter) and submit as early as possible.

Job Summary

Monitor, investigate and analyze security alerts. Performs in-depth analysis of network traffic and logs, and manages incident response, often requiring advanced technical skills and a deep understanding of cybersecurity frameworks and tools like SIEM, EDR, MDR. Key responsibilities include advanced incident handling, root cause analysis, triage, contributing to detection improvements and staying updated on emerging threats.

Job Specifications:

Education and Experience Required

Graduate of any collegiate course preferably in the field of ICT

Work related experience of at least one (1) year as a Security Analyst.

Good understanding or hands-on experience on incident response, forensics, malware reverse engineering including threat intelligence and other areas of security is desired.

Knowledge on security technologies such as SIEM, MDR, XDR etc. is required.

Knowledge in Network Security controls such as Next Generation Firewalls

Willing to work on shifts.

Duties and Responsibilities:

Security Operation Center Monitoring: In-depth analysis of security logs, network traffic, and system events to identify malicious activity.

• Incident Triage & Investigation: Analyze and investigate security alerts, determining the nature and severity of threats.

• Incident Response & Containment: Handle security incidents and breaches, implementing measures to contain and mitigate risks.

• Malware Analysis & Forensics: Assist in performing malware analysis and forensic investigations when required.

• Detection & Policy Improvement: Recommend and implement improvements to detection rules, playbooks, and security policies.

• Threat Hunting: Assist in proactive search for and identify advanced threats using various tools and techniques.

• Tool Management & Optimization: Assist in the set-up and configuration of security tools like SIEM and EDR to improve their effectiveness.

• Reporting: Document security incidents and create detailed reports for management and other teams.

• Knowledge Development: Stay informed about the latest cybersecurity threats, attack techniques, and vulnerabilities.

• Coordination: Work with vendors and partners in the SOC services fulfillment and meeting the SLA