Security Information and Event Management (SIEM) Operations

Summary:

The SOC Analyst is responsible for monitoring and analyzing security events on an ongoing basis. The role involves investigating and responding to threats in a timely and effective manner, and where necessary, escalating incidents to the appropriate teams for in-depth analysis and/or resolution.

Roles and Responsibilities:

• Monitors and analyzes Security Information and Event Management (SIEM) to identify security issues for remediation.
• Recognizes potential, successful, and unsuccessful intrusion attempts and compromises thorough reviews and analyses of relevant event detail and summary information.
• Evaluates/deconstructs malware (e.g., obfuscated code) through open-source and vendor-provided tools.
• Communicates alerts to clients regarding intrusions and compromises to their network infrastructure, applications, and operating systems.
• Prepares briefings and reports of analysis methodology and results.
• Creates and maintains standard operating procedures and other similar documentation; ensures all documentation is up to date and standard.
• Generates end-of-shift reports for documentation and knowledge transfer to subsequent analysts on duty.
• Assists Entry-Level SOC analysts in building stronger skills.
• Assists Team Leads with reporting, projects, administrative work as needed.
• Support cyber defense functions to protect organizations from cyber security incidents that have potential to cause negative impact
• Review suspicious threat activity via logs and security applications to determine the nature of a possible threat
• Decide necessary remediation actions for a multitude of systems, including but not limited to Operating Systems, network firewalls/routers, AV systems and more
• Create clear and concise writeups representing the overall summary, analysis, actions taken and recommendations for escalated incidents via a platform ticketing system
• Validate operations during their shift and contact senior analysts for additional support/escalation
• Monitor customer requests via their escalated tickets and inform the senior team for additional support
• Investigate, document, and report on information security issues and emerging trends
• Incident Response - reporting of cyber security incidents, mitigation advisement, quality review and after action
• Use SOC monitoring tools and have a working understanding of systems such as, SIEM systems, Intrusion Detection System, Data Loss Prevention, Antivirus System, to review and analyze pre-defined events
• Provide analysis and identify trends of security log data from a large number of heterogeneous security devices indicative of incidents
• Suggest and request whitelisting and use case finetuning from Engineering team as applicable
• Inform parsing issues to SOC Content / Platform Engineering team as applicable
• Perform basic threat (retro) hunting leveraging an IoC-based approach

Open Positions:

• Security Delivery Analyst
• Security Delivery Senior Analyst

Qualifications:

• Experience in ticketing, monitoring systems, and working in a SOC environment.
• Ability to analyze data, such as logs or packets captures, from various sources within the enterprise and draw conclusions regarding past and future security incidents.
• Basic knowledge of client-server applications, multi-tier web applications, relational databases, firewalls, VPNs, Endpoint Detection and Response (EDR) and SIEM technologies.
• Fundamental understanding of computer networking (TCP/IP), knowledge of Windows, Linux, and Information Security.
• In-depth experience in performing security investigations across different platforms, including OS, networks, cloud, messaging, etc.
• High-level knowledge of cybersecurity attack, and defense techniques.
• Experience working with cloud cybersecurity tools.
• Excellent analytical and problem-solving skills as well as interpersonal skills to interact with clients, team members, and upper management.
• Proficient in both oral & written communication.
• Graduate of any college degree in Computer Science or Information Security, or related technical field of expertise.
• Must be willing to work on a shifting schedule and on site.

Location: Manila/Cebu