Security Operations Center Analyst I
Makati City, National Capital Region, Philippines
6d ago
Job Description

This position is responsible for working in SGS Security Operation Center (SOC) environment and investigating security alerts. Provides analysis and trending of security log data from a large number of heterogeneous security devices on the SGS network. Provides Incident Response (IR) support when analysis confirms actionable incident. Additional activities include vulnerability assessments / pentest, SDE review, IAM and participation in POCs.


  • Responsible for working in a 24x7 Security Operation Center (SOC) environment in shifts.
  •  Monitor, investigate and respond to security alerts from SIEM / log management and various security controls / tools  such as Firewall, secure email gateway, endpoint security, WAF, IDS/ IPS and DLP, etc.
  • Provide Incident Response (IR) support when analysis confirms an actionable incident and build rules, dashboards and reports in SIEM.
  • Process and manage requests for various security services, for example, responding to security inquiries from affiliates/ stakeholders, reviewing malicious or blocked attachments or websites, reviewing firewall change requests, performing vulnerability scans, etc.
  • Support technical security assessments, self-phishing and cyber security awareness activities.
  • Provide threat and vulnerability analysis services, for example, analyze and respond to unknown or previously undisclosed software and hardware vulnerabilities.
  • Ensure that service operations best practices are being observed and applied.
  • Support the development of SOC processes, documentation, metrics, and reporting.
  • Develop and suggest new Operating Procedures or changes to existing ones as needed
  • Report to IT Management and stakeholders any major incident that could significantly impact the business


  • Bachelor's degree in Computer Science, Computer Engineering, IT Security or a related field; alternatively equivalent demonstrated knowledge.
  • Highly technical with at least 5 years of relevant experience in IT Security / IT Operations and at least 3 years experience as a Security Analyst with global companies.
  • Professional certifications such as ITIL, CompTIA Security+, CompTIA CySA+ , EC-Council Certified Ethical Hacker (CEH) will be a plus
  • Experience with SIEM / SOAR platforms, firewalls and intrusion detection / prevention systems and security operations.
  • Experience performing analysis of log files from a variety of sources, to include individual host logs, network traffic logs, firewall logs, secure email gateway logs or intrusion prevention logs.
  • Experience with packet analysis (wireshark) and malware analysis preferred
  • Strong understanding of security operations concepts: perimeter defense, endpoint management, data leak prevention, kill chain analysis and security metrics.
  • Knowledge of different classes of attacks (e.g., passive, active, insider, close-in, distribution).
  • Knowledge of general attack stages (e.g., foot printing and scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks).
  • Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code)Language/Structured Query Language [PL/SQL]
  • Knowledge of network protocols (e.g. Transmission Control Protocol and Internet Protocol [TCP/IP], Dynamic Host Configuration Protocol [DHCP]) and directory services (e.g., Domain Name System [DNS]).
  • Knowledge of how traffic flows across the network (e.g., Transmission Control Protocol and Internet Protocol [TCP/IP], Open System Interconnection model [OSI], Information Technology Infrastructure Library [ITIL]).
  • Knowledge of common network tools (e.g., ping, traceroute, nslookup)
  • Knowledge of cyber defense policies, procedures, and regulations
  • Knowledge of the common attack vectors on the network layer.
  • Knowledge of host/network access controls (e.g., access control list)
  • Skill in recognizing and categorizing types of vulnerabilities and associated attacks.
  • Attention to detail and strong communicator.

Additional Information

Report this job

Thank you for reporting this job!

Your feedback will help us improve the quality of our services.

My Email
By clicking on "Continue", I give neuvoo consent to process my data and to send me email alerts, as detailed in neuvoo's Privacy Policy . I may withdraw my consent or unsubscribe at any time.
Application form