Job Description
Cyber SOC Incident Response Analyst
With growing number of Security Incidents and in order to improve Incident Response process, the Security Operations Center needs to assign a Tier 1 Cyber SOC Incident Response Analyst who will be able to quickly identify the true cause of a cyber incident, determine the span of a compromise and provide practical advice to fix and prevent the threats and if required, to assist with recovering critical data and services.
Within its main functions, the Cyber SOC Incident Response Analyst will:
1. Act as first line of defense handling low and medium security incidents.
2. Escalate to the Tier 2 and Tier 3 Cyber Incident Response Managers high severity incidents, providing information about first analysis and contribute to the resolution.
3. Follow IR security standards and plyabooks, properly document IR actions and coordinate IR tasks with other functions within SOC and rest of the organization.
Desirable: Certifications (any security certification like but not exclusive to the following): CEH, CND, CSA, CompTIA Security+
What will you do
Cyber Incident Response
Respond to low and medium Security Incidents, mainly but not exclusively to Phishing, Malware and Web Attacks related Security Incidents.
Asses, triage, categorize and prioritize Security Incidents and escalate to higher tiers when severity is elevated.
Derive immediate mitigation measures for containment, eradication, and recovery of Security Incident in line with JTI internal SLAs and track progress.
Coordinate Incident Response taskforces with different IT functions and end users according to established playbooks.
Estimate the scope of impacted asset , ensure that remediation is properly address to all scope identified during the Analysis stage.
Collect forensics malicious payloads, forensics artifacts and IOCs according to JTI SOPs and for further analysis by JTI SOC personnel.
Concisely summarize the analysis and actions carried out during the Incident Response handling in the Review phase and provide lessons learn recommendations if any.
Provide basic malware analysis using sandboxing solutions.
Support
Support Security Incident Managers during relevant security incidents by following their ad-hoc instructions during the incident handling.
Documentation
Contribution to the creation, maintenance and improvement of Security Incident playbooks and SOPs in scope of Incident Response daily activities.
To provide support on reporting activities
Knowledge management:
Monitor Security Industry trendDocumentation
Contribution to the creation, maintenance and improvement of Security Incident playbooks and SOPs in scope of Incident Response daily activities.
To provide support on reporting activities on new threats and share knowledge with rest of the team.
Who are we looking for
University degree in Computer Sciences, Information Systems, or related field or relevant experience
1 year of experience in Information Security or 2 years of experience in system or network administration.
1 year working within a SOC team is a plus.
Knowledge of information security principles and best practices.
Familiarity with tools and techniques used in incident detection and response.
Experience with Microsoft security products is a plus. E.g. Microsoft Defender for Enpoint.
Analytical/problem solving ability
Understanding of fundamentals of OS and Networking
Good understanding EDR/XDR solutions, SIEM platforms and Ticketing systems
Knowledge of security santandar (e.g. NIST 800-61) and MITRE ATT&CK framework
Ability to work under constantly changing conditions and tight deadlines
Communications skills and capable of focusing on the important and the details.
Scripting abilities are a plus (Powershell or Python desirable)
What are the next steps
Thank you very much for applying!
We will make sure to provide feedback on your applicationwithin 2 weeks after the application deadline.
Cyber SOC Incident Response Analyst
With growing number of Security Incidents and in order to improve Incident Response process, the Security Operations Center needs to assign a Tier 1 Cyber SOC Incident Response Analyst who will be able to quickly identify the true cause of a cyber incident, determine the span of a compromise and provide practical advice to fix and prevent the threats and if required, to assist with recovering critical data and services.
Within its main functions, the Cyber SOC Incident Response Analyst will:
1. Act as first line of defense handling low and medium security incidents.
2. Escalate to the Tier 2 and Tier 3 Cyber Incident Response Managers high severity incidents, providing information about first analysis and contribute to the resolution.
3. Follow IR security standards and plyabooks, properly document IR actions and coordinate IR tasks with other functions within SOC and rest of the organization.
Desirable: Certifications (any security certification like but not exclusive to the following): CEH, CND, CSA, CompTIA Security+
What will you do
Cyber Incident Response
Respond to low and medium Security Incidents, mainly but not exclusively to Phishing, Malware and Web Attacks related Security Incidents.
Asses, triage, categorize and prioritize Security Incidents and escalate to higher tiers when severity is elevated.
Derive immediate mitigation measures for containment, eradication, and recovery of Security Incident in line with JTI internal SLAs and track progress.
Coordinate Incident Response taskforces with different IT functions and end users according to established playbooks.
Estimate the scope of impacted asset , ensure that remediation is properly address to all scope identified during the Analysis stage.
Collect forensics malicious payloads, forensics artifacts and IOCs according to JTI SOPs and for further analysis by JTI SOC personnel.
Concisely summarize the analysis and actions carried out during the Incident Response handling in the Review phase and provide lessons learn recommendations if any.
Provide basic malware analysis using sandboxing solutions.
Support
Support Security Incident Managers during relevant security incidents by following their ad-hoc instructions during the incident handling.
Documentation
Contribution to the creation, maintenance and improvement of Security Incident playbooks and SOPs in scope of Incident Response daily activities.
To provide support on reporting activities
Knowledge management:
Monitor Security Industry trendDocumentation
Contribution to the creation, maintenance and improvement of Security Incident playbooks and SOPs in scope of Incident Response daily activities.
To provide support on reporting activities on new threats and share knowledge with rest of the team.
Who are we looking for
University degree in Computer Sciences, Information Systems, or related field or relevant experience
1 year of experience in Information Security or 2 years of experience in system or network administration.
1 year working within a SOC team is a plus.
Knowledge of information security principles and best practices.
Familiarity with tools and techniques used in incident detection and response.
Experience with Microsoft security products is a plus. E.g. Microsoft Defender for Enpoint.
Analytical/problem solving ability
Understanding of fundamentals of OS and Networking
Good understanding EDR/XDR solutions, SIEM platforms and Ticketing systems
Knowledge of security santandar (e.g. NIST 800-61) and MITRE ATT&CK framework
Ability to work under constantly changing conditions and tight deadlines
Communications skills and capable of focusing on the important and the details.
Scripting abilities are a plus (Powershell or Python desirable)
What are the next steps
Thank you very much for applying!
We will make sure to provide feedback on your applicationwithin 2 weeks after the application deadline.
Submit profile
JT International (Philippines), Inc.
About the company
JT International (Philippines), Inc. jobs
Manila, Metro Manila
Database Analyst / Computer Hardware & Software Product Specialist
iSell Philippines Inc.
Biliran, Cebu, CebuAgreement
Position cyber incident response Analyst recruited by the company JT International (Philippines), Inc. at Taguig, Joboko automatically collects the salary of , finds more jobs on Cyber Incident Response Analyst or JT International (Philippines), Inc. company in the links above