L1 SOC Analyst

We are looking for an L1 SOC Analyst (Threat Monitoring) to join our Security Operations Center (SOC) team.

As an L1 Analyst, you will play a crucial role in monitoring, analyzing, and responding to security alerts, ensuring swift incident detection and escalation. This is an exciting opportunity for those who want to build a career in cybersecurity while working with cutting-edge security tools and methodologies.

Key Responsibilities - Monitor security alerts in real-time from SIEM and other security tools. - Perform Level 1 triage of security incidents by analyzing logs, network traffic, and endpoint events. - Investigate suspicious activity and escalate security events according to SOC guidelines. - Analyze and correlate security data from multiple sources to identify potential threats. - Coordinate with Level 2 and Level 3 analysts for complex investigations. - Escalate high-priority incidents and provide detailed incident reports. - Monitor the health of SIEM alerts and dependencies to ensure continuous security monitoring. - Assist in forensic investigations by gathering relevant security logs and evidence. - Identify and report false positives to fine-tune security monitoring rules. - Work within a ticketing system to document findings, actions, and resolutions. - Provide security recommendations for improving detection capabilities and security policies. - Support compliance and audit activities by maintaining security logs and incident documentation. - Stay updated on emerging cybersecurity threats, attack techniques, and trends. Experience & Technical Skills: - Basic to Intermediate knowledge of network security, TCP/IP, and troubleshooting. - Familiarity with SIEM platforms such as IBM QRadar, Splunk, ArcSight, Microsoft Sentinel, or LogRhythm. - Understanding of log analysis and ability to interpret system, network, and security logs. - Knowledge of firewalls, IDS/IPS, endpoint security, and anti-malware solutions. - Familiarity with MITRE ATT&CK Framework for understanding adversary tactics and techniques. - Basic knowledge of cybersecurity frameworks such as NIST Cybersecurity Framework, CIS Controls, and ISO 27001. - Ability to identify and investigate phishing emails and suspicious file activity. - Familiarity with incident response processes and escalation procedures. - Basic knowledge of Linux/Unix and Windows operating systems. - Understanding of common network services (web, mail, DNS, authentication). - Knowledge of vulnerability management and basic remediation steps. - Understanding of threat intelligence sources and how they apply to SOC operations. - Strong analytical and problem-solving skills. - Excellent written and verbal communication skills.

Preferred

Training & Certifications (a plus but not required!) - CompTIA Security+ - Certified SOC Analyst (CSA) - Microsoft Security Operations Analyst (SC-200) - GIAC Security Essentials (GSEC) - IBM QRadar SIEM Training - MITRE ATT&CK Defender (MAD) Certifications Philippines Consulting Hybrid Professional Taguig City, PH