77 Soc Engineer jobs in the Philippines

We are actively seeking a highly skilled and experienced Senior SOC Engineer with expertise in cryptocurrency exchange security operations. This pivotal role is instrumental in ensuring the security of our digital assets and customer funds by leading comprehensive security monitoring, incident response, and threat analysis activities.

Given the unique challenges of operating a cryptocurrency exchange, this position requires deep understanding of blockchain security, digital wallet protection, and financial crime prevention, with particular emphasis on threat intelligence analysis and insider threat detection.

Key Responsibilities:

• Security Operations Center Management
• Lead security monitoring operations for cryptocurrency exchange infrastructure, trading platforms, and digital wallet systems
• Oversee real-time analysis of security events, alerts, and anomalies across blockchain networks, trading engines, and customer-facing applications
• Coordinate incident response activities for security breaches, suspicious trading activities, and potential fraud attempts
• Manage and optimize SIEM platforms, security orchestration tools, and automated response systems
• Develop and maintain security playbooks specific to cryptocurrency exchange operations and digital asset protection
• Insider & Threat Intelligence Analysis
• Monitor dark web marketplaces, criminal forums, and threat actor communications for indicators targeting cryptocurrency businesses
• Conduct tactical, operational, and strategic threat assessments specific to digital asset platforms
• Develop threat intelligence feeds and indicators of compromise (IoCs) relevant to cryptocurrency security
• Collaborate with external threat intelligence providers and cryptocurrency security communities
• Design and implement comprehensive insider threat detection programs tailored to cryptocurrency exchange environments
• Analyze user behavior patterns to identify potential malicious insider activities or account compromises
• Conduct investigations into suspicious employee activities, unauthorized access attempts, and data exfiltration
• Incident Response & Forensics
• Lead incident response efforts for security breaches, fund theft attempts, and system compromises
• Conduct digital forensics investigations on cryptocurrency-related security incidents
• Coordinate with law enforcement, regulatory bodies, and external security firms during major incidents
• Develop and maintain incident response procedures specific to cryptocurrency exchange operations
• Create post-incident reports and recommendations for security improvements

Required Qualifications:

• Experience: Minimum 5+ years in SOC operations, preferably in financial services or cryptocurrency exchanges
• Certifications: CISSP, GCIH, GCFA, GNFA, GCTI, CEH, or equivalent security certifications required
• SIEM Expertise: Advanced proficiency with SIEM platforms (Sumo Logic, Splunk, QRadar, Sentinel, etc.)
• Threat Intelligence: Experience with threat intelligence platforms (MISP, ThreatConnect, Anomali) and frameworks (MITRE ATT&CK, Diamond Model)
• Programming/Scripting: Proficiency in Python, PowerShell, or similar languages for automation and analysis

• Cloud Security: Experience securing cloud infrastructure (AWS, Azure, GCP) and container environments

• Additional certifications: CISSP, CISM, GCTI, GCFA, CEH, or cryptocurrency-specific certifications

• Experience with insider threat analysis tools and methodologies (Securonix, Exabeam, Splunk UBA, Microsoft Sentinel UEBA)
• Background in behavioral analytics, user activity monitoring, and privileged access management

We are actively seeking a highly skilled and experienced Senior SOC Engineer with expertise in cryptocurrency exchange security operations. This pivotal role is instrumental in ensuring the security of our digital assets and customer funds by leading comprehensive security monitoring, incident response, and threat analysis activities.

Given the unique challenges of operating a cryptocurrency exchange, this position requires deep understanding of blockchain security, digital wallet protection, and financial crime prevention, with particular emphasis on threat intelligence analysis and insider threat detection.

• Security Operations Center Management
• Lead security monitoring operations for cryptocurrency exchange infrastructure, trading platforms, and digital wallet systems
• Oversee real-time analysis of security events, alerts, and anomalies across blockchain networks, trading engines, and customer-facing applications
• Coordinate incident response activities for security breaches, suspicious trading activities, and potential fraud attempts
• Manage and optimize SIEM platforms, security orchestration tools, and automated response systems

• Develop and maintain security playbooks specific to cryptocurrency exchange operations and digital asset protection

• Insider & Threat Intelligence Analysis

• Monitor dark web marketplaces, criminal forums, and threat actor communications for indicators targeting cryptocurrency businesses
• Conduct tactical, operational, and strategic threat assessments specific to digital asset platforms
• Develop threat intelligence feeds and indicators of compromise (IoCs) relevant to cryptocurrency security
• Collaborate with external threat intelligence providers and cryptocurrency security communities
• Design and implement comprehensive insider threat detection programs tailored to cryptocurrency exchange environments
• Analyze user behavior patterns to identify potential malicious insider activities or account compromises

• Conduct investigations into suspicious employee activities, unauthorized access attempts, and data exfiltration

• Incident Response & Forensics

• Lead incident response efforts for security breaches, fund theft attempts, and system compromises
• Conduct digital forensics investigations on cryptocurrency-related security incidents
• Coordinate with law enforcement, regulatory bodies, and external security firms during major incidents
• Develop and maintain incident response procedures specific to cryptocurrency exchange operations
• Create post-incident reports and recommendations for security improvements

• Experience: Minimum 5+ years in SOC operations, preferably in financial services or cryptocurrency exchanges
• Certifications: CISSP, GCIH, GCFA, GNFA, GCTI, CEH, or equivalent security certifications required
• SIEM Expertise: Advanced proficiency with SIEM platforms (Sumo Logic, Splunk, QRadar, Sentinel, etc.)
• Threat Intelligence: Experience with threat intelligence platforms (MISP, ThreatConnect, Anomali) and frameworks (MITRE ATT&CK, Diamond Model)
• Programming/Scripting: Proficiency in Python, PowerShell, or similar languages for automation and analysis
• Cloud Security: Experience securing cloud infrastructure (AWS, Azure, GCP) and container environments

• Additional certifications: CISSP, CISM, GCTI, GCFA, CEH, or cryptocurrency-specific certifications
• Experience with insider threat analysis tools and methodologies (Securonix, Exabeam, Splunk UBA, Microsoft Sentinel UEBA)
• Background in behavioral analytics, user activity monitoring, and privileged access management

About the Role

We are looking for an experienced Senior SOC Engineer to lead threat detection, incident response, and continuous monitoring in our Security Operations Center. You will play a key role in protecting our systems and data, especially in a regulated financial environment.

Key Responsibilities

• Lead real-time monitoring, triage, and response to security incidents (cloud & on-prem).
• Build and improve SIEM detection rules and use cases for better threat visibility.
• Conduct threat hunting and forensic investigations using logs, endpoints, and network data.
• Work with threat intelligence teams to integrate IOCs and attack techniques into monitoring.
• Maintain and improve SOC playbooks, runbooks, and incident response procedures.
• Mentor junior analysts and guide escalated incident handling.
• Collaborate with engineering teams to implement security controls and logging standards.
• Support compliance requirements (GLBA, FFIEC, PCI DSS) through strong monitoring and response.
• Participate in red/blue/purple team exercises and post-incident reviews.

Qualifications

• Strong experience in SOC operations, threat detection, and incident response.
• Hands-on expertise with SIEM tools, log analysis, and forensic investigations.
• Solid knowledge of cloud and on-prem security monitoring.
• Ability to mentor, lead incidents, and work across technical teams.
• Understanding of regulatory compliance in financial environments.

Preferred Certifications

• GIAC Certified Incident Handler (GCIH)
• GIAC Security Operations Certified (GSOC)
• Certified Information Systems Security Professional (CISSP)
• Certified SOC Analyst (CSA)

Job Type: Full-time

Pay: Php100, Php120,000.00 per month

Application Question(s):

• Are you comfortable working in a hybrid set up?
• Are you comfortable working night shift?
• Do you have working knowledge of GLBA, FFIEC, PCI DSS or similar regulatory requirements?
• Do you have practical knowledge of monitoring AWS/Azure/GCP environments.

Experience:

• SIEM Platform: 5 years (Required)
• EDR/XDR Tools: 5 years (Required)

Work Location: In person

Defend the Digital Frontier with Your Expertise

Stay ahead of cyber threats and lead security operations that protect businesses on a global scale. Seize the chance to shape the future of cybersecurity while advancing your global career. This role empowers you to make your mark in safeguarding digital infrastructures, driving innovation, and leaving a lasting legacy while thriving in a world-class environment close to home.

Job Description

As a SOC L2 Engineer, you will lead incident investigations, refine detection rules, and mentor junior analysts while coordinating with global teams. You'll strengthen security frameworks and play a key role in both daily operations and long-term strategies.

Job Overview

Employment type: Full-time

Shift: Day Shift, Shifting

Work setup: Hybrid, Ortigas

Salary: PHP 150, PHP 180,

Exciting Perks Await

• Competitive Salary Package
• Prime office location in Ortigas (Easy access to MRT stations, restaurants, and banks)
• HMO coverage with free dependent upon regularization
• Day shift schedule
• Salary Advance Program through our banking partner (Eligibility and approval subject to bank assessment. Available to account holders with minimum of 6 months company tenure.)
• Unlimited upskilling through Emapta Academy courses (Want to know more? Visit )
• Free 24/7 access to our office gyms (Ortigas and Makati) with a free physical fitness trainer
• Exclusive Emapta Lifestyle perks (hotel and restaurant discounts, and more)
• Unlimited opportunities for employee referral incentives across the organization
• Standard government and Emapta benefits
• Total of 20 annual leaves to be used on your own discretion (including 5 credits convertible to cash)
• Fun engagement activities for employees
• Mentorship and exposure to global leaders and teams
• Career growth opportunities
• Diverse and supportive work environment

The Qualifications We Seek

• At least 3 years of SOC or cybersecurity experience (MSP/MSSP background preferred)
• Hands-on experience with SIEM and EDR tools (e.g., Sentinel, Defender)
• Strong understanding of MITRE ATT&CK, TCP/IP, and malware behavior
• Familiarity with ISO 27001 and NIST frameworks

Your Daily Tasks

• Lead security incident investigations and response
• Analyze alerts from Microsoft Sentinel, Defender, firewalls, and other security tools
• Tune SIEM rules and maintain incident response playbooks
• Mentor L1 analysts and coordinate with the MSP/NOC teams
• Document findings, trends, and threat intelligence

About the Client

Guardians of Digital Trust

Our client is a forward-thinking cybersecurity solutions provider, helping organizations across industries strengthen their defenses against evolving digital threats. With expertise in advanced monitoring, detection, and incident response, they provide peace of mind to businesses navigating today's digital-first economy. Their commitment to innovation ensures clients stay resilient, secure, and future-ready.

Welcome to Emapta Philippines

Join a team that values camaraderie, excellence, and growth. Recognized as one of the Top 20 Dream Companies of Filipinos in 2024, Emapta stands proudly alongside industry giants, offering stability and exciting career opportunities. Your career flourishes here with competitive compensation, international clients, and a work culture focused on collaboration and innovation. Work with global clients across industries, supported by a stable foundation and like-minded professionals passionate about making an impact. We empower your success with opportunities for personal and professional development in an inclusive environment. Apply now and be part of the #EmaptaEra

DUTIES AND RESPONSIBILITIES

● Serve as the initial point of contact for all issues related to the tools of Security  Engineering and other technologies.

● Perform real-time monitoring of availability and operations of security tools and  technologies.

● Review and understand technical and operational documentation.

● Review and approve Firewall requests

● Track operational aspects of security monitoring equipment and software, scheduled  tasks, reporting, alerting, and other key aspects of security tools' health.

● Report observed issues or outages using the standard ticketing system.

● Perform initial troubleshooting, symptom documentation and initial issue isolation.

● Implement Changes that are within the scope of L1

● Escalate issues to next level support, vendor or Leadership.

● Triage issues coming from chat, call, emails and tickets (incident, request).

● Attend meetings and escalation/bridge calls.

● Prepare internal RCA document.

● Prepare and deliver turnover reports and communicate with the other shift colleagues  to ensure continuity in support.

● Provide assistance as directed to incident response or other technology teams.

● Provide evidence as directed, to support audit and compliance initiatives.

● Learn and contribute to Security Engineering policies and procedures.

● Develop effective teamwork skills.

● Recommend improvements to operations and monitoring processes.

● Continue self-development of knowledge, skills and abilities to better support execution  of the Security Engineering team.

Minimum Qualifications

● At Least 3 years work and knowledge experience in host or network security tools.

● Preferably Bachelor's degree in Computer Engineering, Computer Science, Information  Technology or equivalent.

● Experience working in a team-oriented, collaborative and global environment.

● Experience in troubleshooting security applications/tools.

● Amenable to work on a rotating schedule to provide 24x7 support.

● Average communication skills (oral and written).

● Ability to drive problem-isolation, problem resolution.

● Ability to multitask & time management.

Every day, Global Payments makes it possible for millions of people to move money between buyers and sellers using our payments solutions for credit, debit, prepaid and merchant services. Our worldwide team helps over 3 million companies, more than 1,300 financial institutions and over 600 million cardholders grow with confidence and achieve amazing results. We are driven by our passion for success and we are proud to deliver best-in-class payment technology and software solutions. Join our dynamic team and make your mark on the payments technology landscape of tomorrow.

DUTIES AND RESPONSIBILITIES

• Serve as the initial point of contact for all issues related to the tools of Security Engineering and other technologies.
• Perform real-time monitoring of availability and operations of security tools and technologies.
• Review and understand technical and operational documentation.
• Review and approve Firewall requests
• Track operational aspects of security monitoring equipment and software, scheduled tasks, reporting, alerting, and other key aspects of security tools' health.
• Report observed issues or outages using the standard ticketing system.
• Perform initial troubleshooting, symptom documentation and initial issue isolation.
• Implement Changes that are within the scope of L1
• Escalate issues to next level support, vendor or Leadership.
• Triage issues coming from chat, call, emails and tickets (incident, request).
• Attend meetings and escalation/bridge calls.
• Prepare internal RCA document.
• Prepare and deliver turnover reports and communicate with the other shift colleagues to ensure continuity in support.
• Provide assistance as directed to incident response or other technology teams.
• Provide evidence as directed, to support audit and compliance initiatives.
• Learn and contribute to Security Engineering policies and procedures.
• Develop effective teamwork skills.
• Recommend improvements to operations and monitoring processes.
• Continue self-development of knowledge, skills and abilities to better support execution of the Security Engineering team.

Minimum Qualifications

• At Least 3 years work and knowledge experience in host or network security tools.
• Preferably Bachelor's degree in Computer Engineering, Computer Science, Information Technology or equivalent.
• Experience working in a team-oriented, collaborative and global environment.
• Experience in troubleshooting security applications/tools.
• Amenable to work on a rotating schedule to provide 24x7 support.
• Average communication skills (oral and written).
• Ability to drive problem-isolation, problem resolution.
• Ability to multitask & time management.

Global Payments Inc. is an equal opportunity employer. Global Payments provides equal employment opportunities to all employees and applicants for employment without regard to race, color, religion, sex (including pregnancy), national origin, ancestry, age, marital status, sexual orientation, gender identity or expression, disability, veteran status, genetic information or any other basis protected by law. If you wish to request reasonable accommodations related to applying for employment or provide feedback about the accessibility of this website, please contact

Every day, Global Payments makes it possible for millions of people to move money between buyers and sellers using our payments solutions for credit, debit, prepaid and merchant services. Our worldwide team helps over 3 million companies, more than 1,300 financial institutions and over 600 million cardholders grow with confidence and achieve amazing results. We are driven by our passion for success and we are proud to deliver best-in-class payment technology and software solutions. Join our dynamic team and make your mark on the payments technology landscape of tomorrow.

Summary of This Role

DUTIES AND RESPONSIBILITIES

• Serve as the initial point of contact for all issues related to the tools of Security Engineering and other technologies.

• Perform real-time monitoring of availability and operations of security tools and technologies.

• Review and understand technical and operational documentation.

• Review and approve Firewall requests

• Track operational aspects of security monitoring equipment and software, scheduled tasks, reporting, alerting, and other key aspects of security tools' health.

• Report observed issues or outages using the standard ticketing system.

• Perform initial troubleshooting, symptom documentation and initial issue isolation.

• Implement Changes that are within the scope of L1

• Escalate issues to next level support, vendor or Leadership.

• Triage issues coming from chat, call, emails and tickets (incident, request).

• Attend meetings and escalation/bridge calls.

• Prepare internal RCA document.

• Prepare and deliver turnover reports and communicate with the other shift colleagues to ensure continuity in support.

• Provide assistance as directed to incident response or other technology teams.

• Provide evidence as directed, to support audit and compliance initiatives.

• Learn and contribute to Security Engineering policies and procedures.

• Develop effective teamwork skills.

• Recommend improvements to operations and monitoring processes.

• Continue self-development of knowledge, skills and abilities to better support execution of the Security Engineering team.

What Are We Looking For in This Role?

Minimum Qualifications

• At Least 1-3 years work and knowledge experience in host or network security tools.

• Preferably Bachelor's degree in Computer Engineering, Computer Science, Information Technology or equivalent.

• Experience working in a team-oriented, collaborative and global environment.

• Experience in troubleshooting security applications/tools.

• Amenable to work on a rotating schedule to provide 24x7 support.

• Average communication skills (oral and written).

• Ability to drive problem-isolation, problem resolution.

• Ability to multitask & time management.

Global Payments Inc. is an equal opportunity employer. Global Payments provides equal employment opportunities to all employees and applicants for employment without regard to race, color, religion, sex (including pregnancy), national origin, ancestry, age, marital status, sexual orientation, gender identity or expression, disability, veteran status, genetic information or any other basis protected by law. If you wish to request reasonable accommodations related to applying for employment or provide feedback about the accessibility of this website, please contact

Join Us
At Google Operations Center we help Google users and customers solve problems and achieve their goals—all while enjoying a culture focused on improving continuously and being better together. We work hard, we play hard, and we want you to join us

The mission of Trust & Safety - Safe Browsing is to make the world's information safely accessible to all, and along with Safe Browsing Engineering we are responsible for protecting Internet users across the globe from phishing and malware. Safe Browsing systems provide defenses against these threats for Google products such as Gmail, Chrome, Search, and Ads. As part of Trust & Safety, we collaborate with abuse fighters across the company to identify and resolve the biggest problems that challenge the safety and integrity of our products.

As a Security Engineering Lead- Safe Browsing, you will help the team in its mission to protect Google's users. Our goals include: increasing the coverage, accuracy, and speed of Safe Browsing enforcement systems; understanding the global threat environment for phishing, malware, and unwanted software; and improving the user experience, both internally and externally, by communicating with webmasters, users, and partners.

You will become an expert in the workings of phishing and malware, and you will help the team to detect and prevent these abuses at scale. You will work to ensure that the trust users place not only in Safe Browsing, but also in Google as a broader brand and company, is well founded. You will demonstrate analytical thinking and make data-driven decisions.

Responsibilities

• Manage a team of tech process analysts and specialists
• Manage team workload to ensure even distribution of responsibilities and provide development opportunities
• Provide effective coordination with multiple cross-functional teams in a clear and effective manner
• Monitor and review SLAs and act as a point of contact to discuss risk / issues with workflow management
• Develop in depth understanding of documented process flows and playbooks and identify any process improvement opportunities
• Perform technical audit/reviews in code changes made by L3 and L4
• Develop complex data analyses to identify harmful entities, examine trends, patterns, and identify system vulnerabilities.
• Perform static code analysis, dynamic analysis of potential threats identified in the websites such as phishing, malware, social engineering

Minimum Qualifications / Skills

• Bachelor's degree in Computer Science, Engineering, Mathematics, Statistics, or an equivalent technical field, or equivalent practical experience.
• 8+ years of strong hands-on experience in security operations, web security analysis, or a related analytical role.
• Proficient experience in querying and analyzing large datasets using SQL and data-focused programming (e.g., Python).
• Demonstrated knowledge of the threat landscape targeting websites on the internet, including phishing, malware, or vulnerabilities
• Strong analytical and problem-solving skills with meticulous attention to detail
• 2+ years of experience in people management and performance management

Preferred Qualifications / Skills

• Experience in handling technical team
• Good understanding of OWASP vulnerabilities and/or Exploit Kits.
• Experience of Linux operating system and shell/batch scripting.
• Strong ability to communicate complex technical concepts clearly and effectively to diverse audiences.
• Ability to independently prioritize competing stakeholder demands, and manage multiple responsibilities in a fast-paced, dynamic environment.
• Experience in statistical analysis (e.g., R, Stata, SAS) for identifying trends and insights.
• Ability to identify and prioritize actionable steps towards resolution.

Benefits

• We support you with competitive wages and with comprehensive health care including medical, dental and vision coverage
• We support your family with gender-neutral baby bonding leave, 18 week birth-parent maternity leave, and generous life, accident and disability insurance minimums
• Employees who work onsite can enjoy free meals and snacks, and fun onsite experiences

Information collected and processed as part of your Google Operations Center (GOC) jobs profile, and any job applications you choose to submit, is subject to GOC's Applicant and Candidate Privacy Policy.

Google Operations Center (GOC) is committed to equal employment opportunities regardless of race, creed, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity or veteran status or any other basis protected by law. We also consider qualified applicants regardless of criminal histories, consistent with legal requirements.

To ensure a barrier-free interview, please mention any required assistance or specific arrangements in your application and confirm them with your recruiter.

To all recruitment agencies: Google Operations Center (GOC) does not accept agency resumes. Please do not forward resumes to our jobs alias, GOC employees, or any other organization location. GOC is not responsible for any fees related to unsolicited resumes.

Thanks for your interest in this opportunity Our recruitment team will contact you if your profile is a good fit for the role. If you don't hear from us within 2-3 weeks, please consider your application unsuccessful at this time. We value your patience throughout this time. For any questions, feel free to reach out to us at goc-candidate-

Security Operations Technician – CyberArk & SIEM

About the Role

We are seeking a skilled and motivated Security Operations Technician with hands-on experience in
CyberArk
and
SIEM technologies
. The ideal candidate will play a key role in ensuring the stability, performance, and continuous improvement of our privileged access management and security monitoring platforms. You will work closely with the Security and Infrastructure teams to ensure alignment with operational and strategic security requirements.

Key Responsibilities

• Operate, maintain and optimise
  CyberArk
  and
  SIEM
  platforms to ensure high availability and performance.
• Investigate and resolve incidents and service requests related to privileged access and security monitoring tools.
• Collaborate with the Security team to implement technical changes based on security requirements and threat intelligence.
• Perform routine health checks, audits, and compliance activities for CyberArk and SIEM systems.
• Contribute to documentation, including standard operating procedures and knowledge base articles.
• Identify opportunities to automate repetitive tasks and improve efficiency.
• Participate in on-call rotations and support escalations when necessary.

Required Skills and Experience

• Hands-on experience with CyberArk: configuration, troubleshooting, and maintenance.
• Experience working with SIEM tools such as Logrythm, Splunk, QRadar or similar.
• Solid understanding of identity & access management and security operations.
• Experience with incident and change management processes in ITIL-based environments.
• Familiarity with scripting or automation (e.g., PowerShell, Python) is a plus.
• Strong analytical and troubleshooting skills.
• Fluent English (spoken and written).

Soft Skills

• Detail-oriented with a focus on security best practices.
• Proactive and solution-oriented mindset.
• Ability to manage multiple tasks and prioritise effectively.
• Team player with good communication skills and a collaborative approach.
• Eagerness to learn and grow in a dynamic and international environment.