SOC Analyst I
Makati, PH
3d ago

Job Description


This position is responsible for working in SGS Security Operation Center (SOC) environment and investigating security alerts.

Provides analysis and trending of security log data from a large number of heterogeneous security devices on the SGS network.

Provides Incident Response (IR) support when analysis confirms actionable incident. Additional activities include vulnerability assessments / pentest, SDE review, IAM and participation in POCs.


  • Responsible for working in a 24x7 Security Operation Center (SOC) environment in shifts.
  • Monitor, investigate and respond to security alerts from SIEM / log management and various security controls / tools such as Firewall, secure email gateway, endpoint security, WAF, IDS / IPS and DLP, etc.
  • Provide Incident Response (IR) support when analysis confirms an actionable incident and build rules, dashboards and reports in SIEM.
  • Process and manage requests for various security services, for example, responding to security inquiries from affiliates / stakeholders, reviewing malicious or blocked attachments or websites, reviewing firewall change requests, performing vulnerability scans, etc.
  • Support technical security assessments, self-phishing and cyber security awareness activities.
  • Provide threat and vulnerability analysis services, for example, analyze and respond to unknown or previously undisclosed software and hardware vulnerabilities.
  • Ensure that service operations best practices are being observed and applied.
  • Support the development of SOC processes, documentation, metrics, and reporting.
  • Develop and suggest new Operating Procedures or changes to existing ones as needed
  • Report to IT Management and stakeholders any major incident that could significantly impact the business
  • Qualifications

  • Bachelor's degree in Computer Science, Computer Engineering, IT Security or a related field; alternatively equivalent demonstrated knowledge.
  • Highly technical with at least 5 years of relevant experience in IT Security / IT Operations and at least 3 years experience as a Security Analyst with global companies.
  • Professional certifications such as ITIL, CompTIA Security+, CompTIA CySA+ , EC-Council Certified Ethical Hacker (CEH) will be a plus
  • Experience with SIEM / SOAR platforms, firewalls and intrusion detection / prevention systems and security operations.
  • Experience performing analysis of log files from a variety of sources, to include individual host logs, network traffic logs, firewall logs, secure email gateway logs or intrusion prevention logs.
  • Experience with packet analysis (wireshark) and malware analysis preferred
  • Strong understanding of security operations concepts : perimeter defense, endpoint management, data leak prevention, kill chain analysis and security metrics.
  • Knowledge of different classes of attacks (e.g., passive, active, insider, close-in, distribution).
  • Knowledge of general attack stages (e.g., foot printing and scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks).
  • Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code)Language / Structured Query Language PL / SQL
  • Knowledge of network protocols (e.g. Transmission Control Protocol and Internet Protocol TCP / IP , Dynamic Host Configuration Protocol DHCP ) and directory services (e.
  • g., Domain Name System DNS ).

  • Knowledge of how traffic flows across the network (e.g., Transmission Control Protocol and Internet Protocol TCP / IP , Open System Interconnection model OSI , Information Technology Infrastructure Library ITIL ).
  • Knowledge of common network tools (e.g., ping, traceroute, nslookup)
  • Knowledge of cyber defense policies, procedures, and regulations
  • Knowledge of the common attack vectors on the network layer.
  • Knowledge of host / network access controls (e.g., access control list)
  • Skill in recognizing and categorizing types of vulnerabilities and associated attacks.
  • Attention to detail and strong communicator.
  • Report this job

    Thank you for reporting this job!

    Your feedback will help us improve the quality of our services.

    My Email
    By clicking on "Continue", I give neuvoo consent to process my data and to send me email alerts, as detailed in neuvoo's Privacy Policy . I may withdraw my consent or unsubscribe at any time.
    Application form