199 Soc Analyst jobs in the Philippines

The role is to provide an effective and proactive response to cybersecurity-related events and incidents to protect QBE's assets and services. In addition, the role will support business stakeholders in the event of a security incident, and support incident management and escalation processes to the appropriate incident management teams. We are looking for Tier 1 level support that will investigate a diverse set of alerts. The role should adapt to any changes in security operations to comply with various business requirements.

Job Description

• Be part of a globally distributed team (24x7) that will use several security tools (e.g., SIEM, email triage platform, cloud security tooling, EDR solutions, etc) to investigate suspicious events.
• Proactively monitor and respond to suspicious or true positive incidents across our security platforms.
• Perform initial incident analysis of various security alerts by analysing and investigating security-related logs harvested from various security signals.
• Provide recommendations and initial assessments to Tier 2 resources for deeper analysis and triage.
• Perform timely escalation of cybersecurity incidents to Tier 2 resources and incident responders using incident management tools and other available channels.
• Conduct research using various proprietary and open-source tools to identify current and emerging threats and risks to QBE.
• Provide assessment and recommendations to mitigate potential threats or suppress any occurring false positive alerts.
• Perform ad-hoc tasks and completion of goals relating to ongoing projects and initiatives.
• Generating reports and providing insights on the efficacy of the current security tools, incident responses, procedures, and other security-related information.

Required knowledge and skills:

• Bachelor's degree in computer science, programming, or IT-related field. Fresh graduates are welcome to apply.
• The ability to work in a fast-paced and time-sensitive role.
• Be able to communicate effectively and update various stakeholders globally.
• Proactive, analytical, and able to solve complex investigations.
• Understanding of known threat actors, techniques, and procedures that modern attackers use to compromise organizations.

Advantage, but not required knowledge and skills:

• 1-3 years relevant security experience performing similar duties working in a Security Operation Centre, Cybersecurity, and other IT-related fields.
• Advanced training or certifications (e.g., ISC2, ISACA, SANS, Azure, etc.)
• Knowledge of security solutions and technologies like Windows, Linux, IPS/IDS, Firewalls, Email gateways, proxy technologies, cloud solutions, endpoints, and mobile devices.
• Be able to perform correlations and analytics with diverse types of logs, i.e., network, active directory, database, DNS, firewalls, proxies, host-based security, cloud, and applications logs.

Benefits in joining our team:

• Be part of a global team and enrich your cybersecurity technical skills from subject matter experts.
• Tailored professional development.
• Exclusive access to industry-leading training platforms.
• Opportunity to get firsthand experience across industry-leading security tools.
• We are a team that values diversity and inclusion.

We're happy to discuss flexible working arrangements that support your productivity and well-being.

Security Analyst is an operational role, focusing on real time security event monitoring and security incident investigation. This will perform an in-depth analysis of evidence, identify the malicious operations, and evaluate the real impact to solve in a quick and efficient manner.

Essential Job Function

• The Security Analyst continuously monitors security events and triage security alerts from the SOC channel (Open XDR Platform). Based on the security event severity, escalate to Level 2 Security Analyst, and/or customer as appropriate to perform further investigation and resolution.
• Responds to security incidents if necessary or as required
• Collects data and context necessary to initiate Level 2 escalation. Works closely with Level 2 & Level 3 team towards the continuous improvement of the service
• Recommend enhancements to SOC security process, procedures, and policies.
• Participate in security incident management and vulnerability management processes
• Participate in evaluating, recommending, implementing, and troubleshooting security solutions and evaluating IT security of the new IT Infrastructure systems.
• Works as part of a team to ensure that corporate data and technology platform components are safeguarded from known threats
• Communicate effectively with customers, teammates, and management
• Provide input on tuning and optimization of security systems
• Document and maintain customer build documents, security procedures and processes.
• Staying up to date with emerging security threats including applicable regulatory security requirements
• Monitors health of customer security sensors and Open XDR Platform. Delivers scheduled and ad hoc reports.
• Other responsibilities and additional duties as assigned by the security management team

Qualifications:

• Graduate of IT related course
• At least 1-year previous Security Operations Centre Experience in conducting security investigations
• Good knowledge of IT including multiple operating systems and system administration skills (Windows, Solaris, Unix)
• Knowledgeable of client-server applications, multi-tier web applications, relational databases, firewalls, VPNs, and cybersecurity solutions like EDR and XDR

Job Type: Full-time

Benefits:

• Additional leave
• Company Christmas gift
• Company events
• Health insurance
• Life insurance
• Opportunities for promotion
• Paid training
• Promotion to permanent employee

Experience:

• SOC Analyst: 1 year (Preferred)

Work Location: In person

Let's be #BrilliantTogether

Overview
The role's primary focus is protecting the Firm's information security interests, leveraging advanced security tools and applications. As part of the Information Security Office (ISO), this role will work closely with technology functions to identify areas of improvement and supporting initiatives to promote information security within the organization.

Responsibilities

• Monitor security events and logs from a variety of systems and networks.
• Identify potential security incidents and threats.
• Perform analysis and investigations, correlating events and data to detect security incidents.
• Incident response and mitigation.
• Develop and document processes and procedures for responding to security incidents.
• Develop and maintain security incident response plans.
• Provide technical guidance, training, and support to other members of the security team.
• Maintain an up-to-date knowledge of security threats, vulnerabilities, and countermeasures.
• Audit and compliance support.

Required Qualifications

• Bachelor's degree in Computer Science, Information Technology, or a similar related field.
• Minimum of 1-2 years of experience in IT security, network security, application security or a related field.
• Experience with security monitoring, incident response, and threat analysis.
• Knowledge of security best practices and standards.
• Knowledge of security techniques such as firewalls, intrusion detection systems, and anti-virus software.

Essential Skills

• Minimum of 1+ years real-world experience in one or more of the following security tools and technologies:

• Microsoft Sentinel

• Microsoft Defender
• CyberArk Privileged Access Management (PAM)
• Zscaler Cloud Security
• Tenable Vulnerability Management

• Physical Security

• Strong understanding of network concepts, protocols, and security devices like firewalls, routers, and switches.

• Knowledge of major operating systems (Windows, MacOS, Linux) and their security features.
• Familiarity with scripting languages (KQL, Python, Bash) for automating tasks and security analysis.
• Skilled in analyzing complex situations, identifying anomalies, and connecting the dots to assess potential threats; proficient in troubleshooting security issues, crafting effective mitigation strategies, and implementing practical solutions.
• Proactive approach to searching for potential threats that may have bypassed existing security controls.
• Excellent written and verbal communication skills for conveying technical information to both technical and non-technical audiences; adept at cross-functional & global collaboration to respond to incidents and enhance overall security posture.
• Relevant vendor and/or vendor neutral certification(s) such as Microsoft Security Operations Analyst (SC-200), EC-Council Certified SOC Analyst (CSA), Cisco Certified CyberOps Associate, CompTIA Security+.

Work Shift and Arrangement

• Flexible and adaptable to a rotating work schedule (morning, evening, and predominantly graveyard shifts every 3 months). Comfortable working in dynamic environments and maintaining high performance across varying time zones and hours.
• On-call rotation participation.
• Amenable to go on a hybrid working arrangement (at least 3 days work onsite per week) and work in Makati City.

What You Can Expect From Us
At ISS STOXX, our people are our driving force. We are committed to building a culture that values diverse skills, perspectives, and experiences. We hire the best talent in our industry and empower them with the resources, support, and opportunities to grow—professionally and personally.

Together, we foster an environment that fuels creativity, drives innovation, and shapes our future success.

Let's empower, collaborate, and inspire.

Let's be #BrilliantTogether.

About ISS STOXX
ISS STOXX GmbH is a leading provider of research and technology solutions for the financial market. Established in 1985, we offer top-notch benchmark and custom indices globally, helping clients identify investment opportunities and manage portfolio risks. Our services cover corporate governance, sustainability, cyber risk, and fund intelligence. Majority-owned by Deutsche Börse Group, ISS STOXX has over 3,400 professionals in 33 locations worldwide, serving around 6,400 clients, including institutional investors and companies focused on ESG, cyber, and governance risk. Clients trust our expertise to make informed decisions for their stakeholders' benefit.

Visit our website:

View additional open roles:

Institutional Shareholder Services ("ISS") is committed to fostering, cultivating, and preserving a culture of diversity and inclusion. It is our policy to prohibit discrimination or harassment against any applicant or employee on the basis of race, color, ethnicity, creed, religion, sex, age, height, weight, citizenship status, national origin, social origin, sexual orientation, gender identity or gender expression, pregnancy status, marital status, familial status, mental or physical disability, veteran status, military service or status, genetic information, or any other characteristic protected by law (referred to as "protected status"). All activities including, but not limited to, recruiting and hiring, recruitment advertising, promotions, performance appraisals, training, job assignments, compensation, demotions, transfers, terminations (including layoffs), benefits, and other terms, conditions, and privileges of employment, are and will be administered on a non-discriminatory basis, consistent with all applicable federal, state, and local requirements.

Role summary

Monitor, triage, and investigate security alerts. Execute playbooks, reduce false positives, and escalate incidents.

Key responsibilities

• Monitor SIEM alerts and triage events per SOPs and SLAs
• Perform basic threat hunting and tune detections with the senior team
• Collect and preserve logs, artifacts, and evidence for investigations
• Create tickets, document incidents, and propose control improvements
• Coordinate with IT and engineering during containment and recovery

Minimum qualifications

• 1 to 3 years in SOC, blue team, or IT security operations
• Familiar with SIEM and EDR tools, basic networking, Windows and Linux basics
• Understanding of MITRE ATT&CK, phishing analysis, and common TTPs
• Strong written communications and shift readiness

Preferred

• Scripting for automation in Python or PowerShell
• Certifications: Security+, CySA+, Microsoft SC-200, AZ-500 or equivalent

Tools

• Microsoft Sentinel or Splunk, Defender or CrowdStrike, Zeek or Suricata, SOAR

KPIs

• Mean time to detect and respond, true positive rate, alert fatigue reduction

Screening questions

• Walk through your triage of a suspicious PowerShell event
• How would you reduce false positives from a noisy rule

Job Type: Full-time

Work Location: On the road

Company Profile: A global business and technology transformation partner that helps firms accelerate their dual transition to a digital and sustainable future while making tangible difference for businesses and society.

Position: SOC Analyst (Open to Junior - Senior)

Industry: IT Company

Location: Quezon City / Taguig / Manila

Schedule: Night Shift / Shifting

Salary Range:

Junior Level - Php 60, ,000

Mid Level - Php 75,000 - Php 100,000

Senior Level- Php 100,000 - Php 200,000

Work Setup: Hybrid

BENEFITS :

• HMO

• Government Mandated Benefits

• Company Bonuses

• Yearly Salary Increase

• Fun company Activities

Job Requirements:

- Bachelor's Degree in Computer Science, Information Technology, or related fields.

- With experience as a System Analyst with knowledge of IT industry standards (ISO 27001, HIPAA, SOX).

- With background in security monitoring, networking technologies, protocols, and standards.

- With experience in network security and vulnerability management.

- Willing to work on shifting schedules.

Job Responsibilities:

- Monitor, detect, and respond to cybersecurity threats.

- Conduct threat analysis, incident response, and vulnerability assessments.

- Identify and assess risks, monitor network traffic, and handle incidents.

- Mitigate risks and resolve issues in the security stack.

- Prepare reports on security issues and provide insights on emerging InfoSec trends.

Recruitment Process (Online):

• Initial Interview

• Technical Assessment

• Final Interview

• Job Offer

How to Apply:

Register now on our website to be updated with our Job Openings:

Send your resume on our email below.

For inquiries contact us:

Look for: Ms. Solene

Telephone Number:

Mobile Number:

MS Team: jkitwave

Facebook and Messenger Name: Jk-it Openings )

Facebook Page Name: Filipino Openings 2024

Facebook Group: Engineering Job Hiring PH

Linkedin: Lily Guerero

Tiktok: jkitopenings

Subscribe to our official YouTube channel: Life as a Bilingual in the Philippines

Want to know more about our job openings? Register now

Do you know someone? Refer your friend and we'll give you Referral Bonus once they get their dream job through us

Apply now and bring home an exclusive J-K Network Hoodie once you get hired from any of our clients

Security Analyst is an operational role, focusing on real time security event monitoring and security incident investigation. This will perform an in-depth analysis of evidence, identify the malicious operations, and evaluate the real impact to solve in a quick and efficient manner.

Essential Job Function

• The Security Analyst continuously monitors security events and triage security alerts from the SOC channel (Open XDR Platform). Based on the security event severity, escalate to Level 2 Security Analyst, and/or customer as appropriate to perform further investigation and resolution.
• Responds to security incidents if necessary or as required
• Collects data and context necessary to initiate Level 2 escalation. Works closely with Level 2 & Level 3 team towards the continuous improvement of the service
• Recommend enhancements to SOC security process, procedures, and policies.
• Participate in security incident management and vulnerability management processes
• Participate in evaluating, recommending, implementing, and troubleshooting security solutions and evaluating IT security of the new IT Infrastructure systems.
• Works as part of a team to ensure that corporate data and technology platform components are safeguarded from known threats
• Communicate effectively with customers, teammates, and management
• Provide input on tuning and optimization of security systems
• Document and maintain customer build documents, security procedures and processes.
• Staying up to date with emerging security threats including applicable regulatory security requirements
• Monitors health of customer security sensors and Open XDR Platform. Delivers scheduled and ad hoc reports.
• Other responsibilities and additional duties as assigned by the security management team

Qualifications:

• Graduate of IT related course
• At least 1-year previous Security Operations Centre Experience in conducting security investigations
• Good knowledge of IT including multiple operating systems and system administration skills (Windows, Solaris, Unix)
• Knowledgeable of client-server applications, multi-tier web applications, relational databases, firewalls, VPNs, and cybersecurity solutions like EDR and XDR

a) 24/7 Incident Response

• Perform triage, assess severity of incidents
• Investigate and contain security incidents
• Execute predefined response procedures

b) 24/7 Alerts Monitoring

• Continuously monitor security alerts, logs, and network traffic
• Identify potential threats or anomalies

c) Suspicious Email Analysis and other Security Validations

• Respond to reported suspicious emails
• Analyze suspicious emails, trigger email threat remediation actions
• Perform validations for reported suspicious activities and other cybersecurity concerns
• Provide recommendations on analyzed concern

d) Documentations and other tasks

• Assist in developing and executive Recovery Plan
• Participate in investigations or forensics activities
• Participate in change management processes
• Assist in troubleshooting hardware and software issues of Collectors and MXDR agents
• Documentation of Incident Reports, weekly/monthly reporting, maintenance of trackers

and other relevant documents

• Detection Rules review and configuration

e) Threat Intelligence duties

• Performance relevant Threat Intelligence team responsibilities such as, but not limited to:
• Indicators of compromise (IOCs): Collect, analyze, disseminate, and initiate blacklisting
• Compromised accounts: Monitor and validate Client's password leaks
• Brand protection initiatives: hunting of trademark infringements and other violations,

impersonations, and sales scams. Perform validations, request for takedown, and

monitoring

Others:

• Threat Intel publications and release of advisories, and other reports
• Monitor releases of new vulnerability advisories, disseminate and track
• Monitor of other potential leaks relating to Client (e.g. code repository, database, etc.)
• Implement and enforce security policies, procedures, and best practices.
• Track and validate security controls, addressing deviations and risks

Job Types: Full-time, Permanent

Pay: Php80, Php120,000.00 per month

Benefits:

• Additional leave
• Company Christmas gift
• Company events
• Health insurance
• Life insurance
• Opportunities for promotion
• Paid training
• Promotion to permanent employee

Work Location: In person

Responsibilities:

• 24/7 Incident Response
• Perform triage, assess severity of incidents
• Investigate and contain security incidents
• Execute predefined response procedures
• 24/7 Alerts Monitoring
• Continuously monitor security alerts, logs, and network traffic
• Identify potential threats or anomalies
• Suspicious Email Analysis and other Security Validations
• Respond to reported suspicious emails
• Analyze suspicious emails, trigger email threat remediation actions
• Perform validations for reported suspicious activities and other cybersecurity concerns
• Provide recommendations on analyzed concerns
• Documentations and other tasks
• Assist in developing and executive Recovery Plan
• Participate in investigations or forensics activities
• Participate in change management processes
• Assist in troubleshooting hardware and software issues of Collectors and MXDR agents
• Documentation of Incident Reports, weekly/monthly reporting, maintenance of trackers and other relevant documents
• Detection Rules review and configuration
• Threat Intelligence duties
• Performance relevant Threat Intelligence team responsibilities such as, but not limited to:
• Indicators of compromise (IOCs): Collect, analyze, disseminate, and initiate blacklisting
• Compromised accounts: Monitor and validate Client's password leaks
• Brand protection initiatives: hunting of trademark infringements and other violations, impersonations, and sales scams. Perform validations, request for takedown, and monitoring

Others:

• Threat Intel publications and release of advisories, and other reports
• Monitor releases of new vulnerability advisories, disseminate and track
• Monitor of other potential leaks relating to Client (e.g. code repository, database, etc.)
• Implement and enforce security policies, procedures, and best practices.
• Track and validate security controls, addressing deviations and risks
• Mid-level SOC should be experience in L2 incident response such as containment, isolation, root cause analysis and deep probing analysis. Has experience in cyber threat intelligence is an advantage.
• Senior-level SOC should be experienced in L2 (see mid-level); and/or L3 threat hunting; Team management;
• Ideal to have: use case development, and use of cyber threat intelligence.
• Good-to-have competency related to governance and enforcement: Implement and enforce security policies, procedures, and best practices; Track and validate security controls, addressing deviations and risks; proficiency in process and documentation.

Qualifications:

• Bachelor Graduate of Computer Science, IT or other related course
• Have at least 3- 5 years - Mid level and 6-7 years for Senior as a SOC Analyst or Security Engineer
• Amendable to work 100% onsite in Ortigas and shifting
• Proficient in documentation, strong incident, attack response and containment skills.
• Threat hunting or Threat intelligence is an advantage

Job Description:

We are looking for a self-motivated Senior Cybersecurity Analyst to join the R1 Cybersecurity Operations Team. We have a relentless focus on driving results for our customers and enabling them to invest more into patient care; in turn, this allows us to continue to grow our company and your career. The successful candidate must be well-versed in security operations, cyber security tools, intrusion detection, and secured networks. They will serve as an expert and be responsible for providing network and security operations technical analysis, assessment, and recommendations in the areas of real-time security situational awareness, operational network system and applications systems security monitoring.

Responsibilities:

Monitor various security tools to identify potential incidents, network intrusions, and malware events, etc., to ensure the confidentiality, integrity, and availability of R1's architecture and information systems are protected.

Generate trouble tickets and perform initial validation and triage to determine whether incidents are security events using open-source intelligence (OSINT).

Review and analyze log files to report any unusual or suspect activities.

Utilize incident response use-case workflows to follow established and repeatable processes for triaging and escalating.

Follow established incident response procedures to ensure proper escalation, analysis, and resolution of security incidents.

Analyze and correlate incident event data to develop preliminary root cause and corresponding remediation strategy.

Provide technical support for new detection capabilities, recommendations to improve upon existing tools/capabilities to protect R1's network, and assessments for High Value Assets.

Research Threat Intelligence sources on the latest malware, trends, patches to keep the Security Program up to date.

Document and maintain SOPs/Runbooks related to investigating security incidents.

Perform case management throughout the incident lifecycle for moderately complex security incidents.

Understand and assist with compliance and enterprise change management policies and procedures.

Attend and participate in cybersecurity projects and the change management process. This includes interacting with business units and technical teams to understand what is coming and how their projects can be more secure from the beginning.

Maintain metrics & reports on the status of the R1 cybersecurity operations program.

Qualifications:

4 years plus of experience as SOC Analyst or IT related roles

Knowledge of security, monitoring, and networking technologies, tools, protocols, and standards.

Intermediate or advanced security, networking, or equivalent professional experience in security operations.

Understanding/Experience on Network Security, Firewall Security, and Web Security (including web application firewalls and proxies).

Experience on Investigating, documenting, and reporting on any information security (InfoSec) issues as well as emerging trends.

Knowledge of IT Industry standards such as ISO 27001, HIPAA, SOX.

Nice to have:

Certification (or ability to obtain certification) in at least one of the following areas: General Security (CISSP), Cloud Security (GCLD, Cloud+, CCSK), and Ethical Hacking (CEH).

Experience with advanced cybersecurity tools, network topologies, intrusion detection, and secured networks.

In-depth understanding of NIST SP 800-61, SOC 2 AICPA controls, and frameworks.

Recent experience with static and/or dynamic code review process.

Experience with forensic data analysis.

Leadership experience and qualities.

Job Types: Full-time, Permanent

Pay: Php50, Php60,000.00 per month

Benefits:

• Company events
• Opportunities for promotion

Application Question(s):

• Total Relevant Years of Experience as a Cybersecurity/SOC Analyst in the BPO Industry:
• Total Relevant Years of Experience as a SOC Analyst:
• Active Viber Number:
• Active Email Address:
• Current Salary:
• Expected Salary:
• Availability for Interview (Please indicate preferred dates/times):
• Are you open to working in either BGC or Quezon City?
• Are you open to a flexible and/or night shift schedule?
• Are you amenable to work onsite?(4x a week Onsite, 1x WFH):
• Notice Period:
• Reason for leaving your current/previous job:

Work Location: In person