Security Information and Event Management (SIEM) Operations
Manila, National Capital Region
Posted 2 days ago
- Company:
- Neksjob
- Company Description:
- Neksjob is an outsourcing and social enterprise that provides quality services to our clients locally and abroad. We are driven by the innate desire to bring about change by encouraging out of the box solutions to well-worn path challenges at a cost-effective rate. We aim to bridge the gap between countries and cultures, distance and time zones, to bring the world closer through the help of emerging technology.
- Contract Type:
- Full Time
- Experience Required:
- 3 to 4 years
- Education Level:
- Bachelor’s Degree
- Gender:
- Any
- Number of vacancies:
- 5
Job Description
The SOC Analyst is responsible for monitoring and analyzing security events on an ongoing basis. The role involves investigating and responding to threats in a timely and effective manner, and where necessary, escalating incidents to the appropriate teams for in-depth analysis and/or resolution.
Roles and Responsibilities:
Monitors and analyzes Security Information and Event Management (SIEM) to identify security issues for remediation.
Recognizes potential, successful, and unsuccessful intrusion attempts and compromises thorough reviews and analyses of relevant event detail and summary information.
Evaluates/deconstructs malware (e.g., obfuscated code) through open-source and vendor-provided tools.
Communicates alerts to clients regarding intrusions and compromises to their network infrastructure, applications, and operating systems.
Prepares briefings and reports of analysis methodology and results.
Creates and maintains standard operating procedures and other similar documentation; ensures all documentation is up to date and standard.
Generates end-of-shift reports for documentation and knowledge transfer to subsequent analysts on duty.
Assists Entry-Level SOC analysts in building stronger skills.
Assists Team Leads with reporting, projects, administrative work as needed.
Support cyber defense functions to protect organizations from cyber security incidents that have potential to cause negative impact
Review suspicious threat activity via logs and security applications to determine the nature of a possible threat
Decide necessary remediation actions for a multitude of systems, including but not limited to Operating Systems, network firewalls/routers, AV systems and more
Create clear and concise writeups representing the overall summary, analysis, actions taken and recommendations for escalated incidents via a platform ticketing system
Validate operations during their shift and contact senior analysts for additional support/escalation
Monitor customer requests via their escalated tickets and inform the senior team for additional support
Investigate, document, and report on information security issues and emerging trends
Incident Response - reporting of cyber security incidents, mitigation advisement, quality review and after action
Use SOC monitoring tools and have a working understanding of systems such as, SIEM systems, Intrusion Detection System, Data Loss Prevention, Antivirus System, to review and analyze pre-defined events
Provide analysis and identify trends of security log data from a large number of heterogeneous security devices indicative of incidents
Suggest and request whitelisting and use case finetuning from Engineering team as applicable
Inform parsing issues to SOC Content / Platform Engineering team as applicable
Perform basic threat (retro) hunting leveraging an IoC-based approach
Open Positions:
Security Delivery Senior Analyst
Security Delivery Specialist/Team Lead
Security Delivery Associate Manager
Security Delivery Manager
Job Qualifications:
Minimum of 3 years of relevant experience
Experience in ticketing, monitoring systems, and working in a SOC environment.
Ability to analyze data, such as logs or packets captures, from various sources within the enterprise and draw conclusions regarding past and future security incidents.
Basic knowledge of client-server applications, multi-tier web applications, relational databases, firewalls, VPNs, Endpoint Detection and Response (EDR) and SIEM technologies.
Fundamental understanding of computer networking (TCP/IP), knowledge of Windows, Linux, and Information Security.
In-depth experience in performing security investigations across different platforms, including OS, networks, cloud, messaging, etc.
High-level knowledge of cybersecurity attack, and defense techniques.
Experience working with cloud cybersecurity tools.
Excellent analytical and problem-solving skills as well as interpersonal skills to interact with clients, team members, and upper management.
Proficient in both oral & written communication.
Graduate of any college degree in Computer Science or Information Security, or related technical field of expertise.
Must be willing to work on a shifting schedule and on site.
Location: Manila/Cebu
Job Details
Remote Type
Hybrid
Location
Quezon City, Cyberpark Tower 1
Time Type
Full time
Job Type
Regular