Senior Security Operations Center Analyst

18 hours ago


Cagayan Valley Philippines Buscojobs Full time

Senior Security Operations Center Analyst jobs...

Posted today

Job Description

The Incident Response Analyst will provide detection, containment, and analysis of security events to protect the confidentiality, integrity, and availability of information systems in accordance with the firm's business objectives, regulatory requirements, and strategic goals.

Responsibilities

  • Provide Tier 2 incident response services to the global organization on behalf of the Information Security Team
  • Receive, process, and resolve tickets per defined SLA's
  • Analyze information garnered from monitoring systems, operational incidents, and other sources to determine the scope and impact of potential security incidents, and process accordingly
  • Critically assess current practices and provide feedback to management on improvement opportunities
  • Assist with the design and implementation of threat detection and prevention solutions identified as necessary for the protection of Firm assets
  • Effectively utilize common IR toolsets, platforms, and processes, such as SIEM, log management, packet capture, and breach detection systems
  • Assist with forensic examinations and chain-of-custody procedures as directed by the Security Incident Response Engineers
  • Provide input into standards and procedures
  • Report compliance failures to management for immediate remediation
  • Maintain assigned systems to ensure availability, reliability, and integrity, including the oversight of current and projected capacity, performance, and licensing
  • Provide status reports and relevant metrics to the Security Operations Manager
  • Contribute to the Firm's security-related information repositories and other marketing/awareness endeavors
  • Participate in special projects as needed

Skills and Experience

Education

  • Possess a Computer Science Bachelor's Degree or substantial equivalent experience

Special Requirements, Licenses, and Certifications (desirable but not required):

  • GSEC, GCIH, GCFE, GREM
  • CISSP or SSCP

Experience

  • Some professional experience in information security with a focus on incident response and forensics
  • Foundational knowledge of IR concepts and best practices, including forensics and chain-of-custody
  • Experience with common IR tools such as SIEM, log management, IDS, breach detection systems (APT/BDS/EDR), and packet capture.
  • Broad understanding of TCP/IP, DNS, common network services, and other foundational topics
  • Working knowledge of malware detection, analysis, and evasion techniques
  • Able to conduct static and dynamic analysis of malware to extract indicators of compromise, profile malware behavior, and provide recommendations for mitigating and detecting malware; Able to analyze suspicious websites, script-based and malware code
  • Experience with vulnerability management tools such as Qualys, Nessus, or other vulnerability scanning discovery tools
  • Broad familiarity with the threat landscape and the ability to adapt practices to evolving circumstances
  • Identify, analyze, and report threats within the enterprise by using information collected from a variety of sources (IDS/IPS, SIEM, AV), to protect data and networks. Implement techniques to hunt for known and unknown threats based on available threat intelligence reports and knowledge of the attacker's TTPs
  • Able to gather and analyze facts, draw conclusions, define problems, and suggest solutions
  • Maintain critical thinking and composure under pressure
  • Strong written and oral communication skills. Ability to convey complex concepts to non-technical constituents.
  • Proficiency in oral and written English
  • Capable of assisting with the preparation of internal training materials and documentation
  • Able to be productive and maintain focus without direct supervision
  • Passionate in the practice and pursuit of IR excellence
  • Can exhibit a disciplined and rigorous approach to incident handling
  • Willing to accommodate shift-based work for a global organization
  • Provide exemplary customer service by striving for first-call resolution and demonstrating empathy, respect, professionalism, and expertise
  • Experience with digital forensics on host or network and identification of anomalous behavior on the network or endpoint devices. Familiar with host and network-based forensic tools such as EnCase, FTK, Sleuth Kit, X Ways, etc.

Posted today

Job Description

We are looking for a skilled Incident Response Specialist to lead the investigation and resolution of high-priority and escalated security incidents. In this role, you will work closely with internal teams to improve the bank's cybersecurity defenses and ensure timely response to threats.

We are looking for a skilled Incident Response Specialist to lead the investigation and resolution of high-priority and escalated security incidents. In this role, you will work closely with internal teams to improve the bank's cybersecurity defenses and ensure timely response to threats.

What You'll Do

Incident Handling & Investigation

  • Lead investigations of complex or escalated security incidents.
  • Perform deep-dive forensic analysis, including root cause and post-incident reviews.
  • Act as an escalation point for other analysts during critical security events.
  • Analyze incidents to assess impact, risk, and potential data compromise.

Threat Containment & Response

  • Lead threat containment, eradication, and recovery efforts.
  • Identify malware behavior, compromised systems, and data infiltration attempts.
  • Provide guidance to teams on remediation and recovery strategies.
  • Communicate response plans clearly to asset owners and other stakeholders.

Threat Intelligence & Analysis

  • Use threat intelligence to assess scope and impact of attacks.
  • Analyze network traffic, malware, and suspicious behaviors to support investigations.
  • Support Threat Hunting and SOC Tool teams with new detection methods.

Documentation & Playbooks

  • Document incidents thoroughly from detection to resolution.
  • Develop, update, and test incident response procedures and playbooks.
  • Participate in simulations and response drills to ensure readiness.

Collaboration & Support

  • Work with Infrastructure & Operations teams to resolve incidents.
  • Collaborate with the SOC Manager and Incident Response Lead to improve processes.
  • Review system metrics and monitoring data to identify trends and anomalies.

Tool Management & Continuous Improvement

  • Evaluate, recommend, and troubleshoot security tools and technologies.
  • Contribute to improving SOC policies, procedures, and overall maturity.
  • Stay informed about new threats, vulnerabilities, and compliance requirements.

Additional Responsibilities

  • Perform other tasks as assigned by the CTMD Head.

What We're Looking For

  • Education: Bachelor's degree in Computer Science, Cybersecurity, or a related field.
  • Experience: Proven experience in incident response, malware analysis, and threat detection.
  • Technical Skills:

  • Strong understanding of network, system, and application security.

  • Hands-on experience with SOC tools, threat intelligence platforms, and forensic tools.
  • Soft Skills:

  • Clear communication with both technical and non-technical stakeholders.

  • Strong analytical, problem-solving, and decision-making abilities.
  • Ability to perform under pressure and manage escalated incidents.
  • Knowledge: Familiarity with regulatory requirements and cybersecurity frameworks (e.g., ISO, NIST, etc.).

Mandaluyong, National Capital Region ₱ - ₱ Y Penbrothers

Posted 1 day ago

Job Description

About Penbrothers

Penbrothers is an HR & remote talent management partner and one of the fastest growing companies in the Philippines. We provide talented Filipinos with global opportunities in high-growth startups and dynamic companies, from the comfort of their own homes.

About the Client

Our client is Asia's premier cyber emergency response team, specializing in digital forensics and incident response services. We help organizations prepare for, respond to, and recover from cyber incidents, providing swift, discreet, and highly specialized expertise. With a team of cybersecurity specialists, we operate with a mission to make cyber resilience accessible, reliable, and actionable for all businesses across the region.

About the Role

You will manage high-profile cybersecurity investigations, coordinate with executives, clients, and stakeholders, and guide organizations through their most urgent moments of digital crisis. This role demands exceptional hands-on technical ability, strategic leadership, and the calm, decisive mindset required in fast-moving, high-stakes environments.

  • Lead and execute high-stakes cyber incident response investigations, ensuring rapid containment, eradication, and recovery in mission-critical environments.
  • Analyze forensic artifacts, attacker TTPs, and malware across complex hybrid infrastructures: including Windows, Linux, macOS, and cloud platforms.
  • Perform full-spectrum DFIR operations, including disk imaging, memory acquisition, log analysis, threat hunting, and lateral movement investigations.
  • Utilize scripting languages (Python, Bash, PowerShell) to automate response workflows, simulate adversarial techniques, and enhance investigative efficiency.
  • Communicate strategic insights and technical findings to clients, executives, regulators, and law enforcement with clarity, confidence, and precision.
  • Collaborate with engineering and R&D teams to refine internal tools, enhance proprietary tech, and accelerate operational readiness.
  • Coordinate directly with external stakeholders: including legal teams, insurers, vendors, and government agencies, throughout incident lifecycles.
  • Partner with sales consultants to scope potential engagements, provide technical insight during pre-sales, and contribute to internal upskilling, ensuring our commercial team is equipped to position our CIF capabilities with precision.
  • Train, mentor, and uplift junior analysts, instilling elite tradecraft, professional discipline, and the company's standard of operational excellence.

What You Bring

  • 3+ Years of Hands-On Experience in cybersecurity incident response, security operations as an analyst, digital forensics, or threat intelligence (consulting or in-house).
  • Strong Technical Foundations across enterprise networks, security architecture, and cloud environments.
  • Proficiency with Key DFIR Tools including EDR platforms, SIEMs, firewalls, and forensic toolkits (e.g., Splunk, ELK, SentinelOne, Checkpoint, Velociraptor, X-Ways).
  • Operating System Mastery – Comfortable navigating and investigating across Windows, Linux, and macOS environments.
  • Scripting and Automation Skills – Proficient in at least one scripting language (Python, Bash, or PowerShell), with a mindset for automating workflows and simulating adversary behavior.
  • Calm Under Fire – Proven ability to lead or contribute to high-pressure, customer-facing IR engagements with poise and precision.
  • Communication – Able to translate complex technical findings into strategic guidance for senior stakeholders, boards, and regulators.

Preferred Qualifications – What Sets You Apart

  • Certifications – GCFA, GNFA, GREM, OSCP, or equivalent.
  • Real-World Adversary Experience – Deep exposure to ransomware/extortion cases, dark web intelligence, and threat actor tracking.
  • OT/ICS Proficiency – Experience working in air-gapped or critical infrastructure environments.
  • Builder Mindset – Demonstrated experience in building cybersecurity tools, writing custom scripts, or contributing to open-source security projects.
  • Backgrounds of Honor – Prior experience in military, law enforcement, or intelligence agencies is a strong plus.

Hiring Process

We utilize AI tools to enhance our hiring efficiency and ensure a fair evaluation of all candidates. As a result, candidates who passed our initial evaluations should expect an AI Interviewer as a component of our recruitment process. This is supervised by Human Talent Acquisition Experts who will also engage with you throughout your application journey.

What You'll Get

At Penbrothers, we are obsessed with creating positive employee experiences. Here you'll find an environment that nurtures learning and provides opportunities for growth. You'll have the opportunity to make an impact on fast-growing startups and dynamic companies.

  • Meaningful work & Growth: We take every opportunity to stretch ourselves and deliver an excellent client experience.
  • Employee as our biggest asset: We are genuinely invested in our people's career and welfare.
  • Global reach & local impact: Get to work with high-growth startups and dynamic companies from the comfort of your own home.
  • Powering global startups: We've created 1,400 Filipino jobs that empower global start-ups to focus on growth.

Posted 1 day ago

Job Description

The Incident Response Analyst will provide detection, containment, and analysis of security events to protect the confidentiality, integrity, and availability of information systems in accordance with the firm's business objectives, regulatory requirements, and strategic goals.

Responsibilities

  • Provide Tier 2 incident response services to the global organization on behalf of the Information Security Team
  • Receive, process, and resolve tickets per defined SLA's
  • Analyze information garnered from monitoring systems, operational incidents, and other sources to determine the scope and impact of potential security incidents, and process accordingly
  • Critically assess current practices and provide feedback to management on improvement opportunities
  • Assist with the design and implementation of threat detection and prevention solutions identified as necessary for the protection of Firm assets
  • Effectively utilize common IR toolsets, platforms, and processes, such as SIEM, log management, packet capture, and breach detection systems
  • Assist with forensic examinations and chain-of-custody procedures as directed by the Security Incident Response Engineers
  • Provide input into standards and procedures
  • Report compliance failures to management for immediate remediation
  • Maintain assigned systems to ensure availability, reliability, and integrity, including the oversight of current and projected capacity, performance, and licensing
  • Provide status reports and relevant metrics to the Security Operations Manager
  • Contribute to the Firm's security-related information repositories and other marketing/awareness endeavors
  • Participate in special projects as needed

Skills and Experience

Education

  • Possess a Computer Science Bachelor's Degree or substantial equivalent experience

Special Requirements, Licenses, and Certifications (desirable but not required):

  • GSEC, GCIH, GCFE, GREM
  • CISSP or SSCP

Experience

  • Some professional experience in information security with a focus on incident response and forensics
  • Foundational knowledge of IR concepts and best practices, including forensics and chain-of-custody
  • Experience with common IR tools such as SIEM, log management, IDS, breach detection systems (APT/BDS/EDR), and packet capture.
  • Broad understanding of TCP/IP, DNS, common network services, and other foundational topics
  • Working knowledge of malware detection, analysis, and evasion techniques
  • Able to conduct static and dynamic analysis of malware to extract indicators of compromise, profile malware behavior, and provide recommendations for mitigating and detecting malware; Able to analyze suspicious websites, script-based and malware code
  • Experience with vulnerability management tools such as Qualys, Nessus, or other vulnerability scanning discovery tools
  • Broad familiarity with the threat landscape and the ability to adapt practices to evolving circumstances
  • Identify, analyze, and report threats within the enterprise by using information collected from a variety of sources (IDS/IPS, SIEM, AV), to protect data and networks. Implement techniques to hunt for known and unknown threats based on available threat intelligence reports and knowledge of the attacker's TTPs
  • Able to gather and analyze facts, draw conclusions, define problems, and suggest solutions
  • Maintain critical thinking and composure under pressure
  • Strong written and oral communication skills. Ability to convey complex concepts to non-technical constituents. Proficiency in oral and written English
  • Capable of assisting with the preparation of internal training materials and documentation
  • Able to be productive and maintain focus without direct supervision
  • Passionate in the practice and pursuit of IR excellence
  • Can exhibit a disciplined and rigorous approach to incident handling
  • Willing to accommodate shift-based work for a global organization
  • Provide exemplary customer service by striving for first-call resolution and demonstrating empathy, respect, professionalism, and expertise
  • Experience with digital forensics on host or network and identification of anomalous behavior on the network or endpoint devices. Familiar with host and network-based forensic tools such as EnCase, FTK, Sleuth Kit, X Ways, etc.

Posted today

Job Description

Job Description:

Security Alert Triage

  • Continuously monitoring security alerts generated by various security tools via SecOps and messaging apps (firewalls, intrusion detection systems, etc.)
  • Analyzing alerts to determine their severity, legitimacy (potential false positives), and potential organizational impact.
  • Prioritizing alerts based on a predefined risk assessment framework.
  • Conducting basic investigations on prioritized alerts to gather additional context and evidence.
  • Utilizing security tools and threat intelligence feeds to enrich their understanding of the incident.

Incident Classification and Reporting

  • Classifying incidents based on predefined categories (e.g., phishing, malware, unauthorized access attempt).
  • Documenting the incident details, including timeline, potential impact, and initial investigation findings.
  • Reporting the incident to relevant internal stakeholders (security team leads, IT management).

Initial Containment

  • Implementing basic containment actions based on the incident type (e.g., isolating compromised systems, disabling user accounts).
  • This may involve following established playbooks or procedures for specific threats.

Job Qualifications:

Education: Bachelor's degree in computer science, Computer Engineering, Information Technology, Electronic and Communications Engineering, course with specialization in Cybersecurity, and another related course

Relevant Experience: Fundamental knowledge of Cybersecurity Concepts and Frameworks

Knowledge/Training: Service Management Framework, MITRE Framework, SIEM, SOAR, Network and Endpoint Security Tools

Certification/License: CompTIA Security+, Certified Blue Team, or any other Security Operations Related Certification is an advantage

Work Condition: Able to work onsite in Makati. The role will be part of a 24/7 shifting schedule.

Posted today

Job Description

Hiring for Incident Response Analyst

Full-time

Schedule: Shifting every 2 months (Day, Mid, Night)

___

JOB SUMMARY:

To provide detection, containment, and analysis of security events to protect the confidentiality, integrity, and availability of information systems per the firm's business objectives, regulatory requirements, and strategic goals.

___

JOB RESPONSIBILITIES:

  • At least 4 years of relevant experience
  • 1-2 years forensic analysis

Job Types: Full-time, Permanent

Pay: Up to Php120,000.00 per month

Application Question(s):

  • Are you amenable to work on hybrid set-up in Taguig?

Experience:

  • Incident response: 4 years (Preferred)
  • Forensic analysis: 2 years (Preferred)
Security Operations Center and Incident Response Manager

Posted 1 day ago

Job Description

Line of Service

Assurance

Not Applicable

Specialism

Cybersecurity & Privacy

Manager

Job Description & Summary

A career in our Risk and Compliance Management practice, within Cybersecurity and Privacy services, will provide you with the opportunity to help our clients implement an effective cybersecurity programme that protects against threats, propels transformation, and drives growth. As companies pivot toward a digital business model, exponentially more data is generated and shared among organisations, partners and customers. You'll play an integral role in helping our clients ensure they are protected by developing transformation strategies focused on security, efficiently integrate and manage new or existing technology systems to deliver continuous operational improvements and increase their cybersecurity investment, and detect, respond, and remediate threats.

Our team helps organisations transform their governance, risk, and compliance activities into a tool that is able to anticipate and mitigate risk to drive business performance. In joining, you'll develop risk management solutions, compliance and ethics controls, business continuity planning, internal audit procedures, and a compliance framework.

To really stand out and make us fit for the future in a constantly changing world, each and every one of us at PwC needs to be a purpose-led and values-driven leader at every level. To help us achieve this we have the PwC Professional; our global leadership development framework. It gives us a single set of expectations across our lines, geographies and career paths, and provides transparency on the skills we need as individuals to be successful and progress in our careers, now and in the future.

As a Manager, you'll work as part of a team of problem solvers, helping to solve complex business issues from strategy to execution. PwC Professional skills and responsibilities for this management level include but are not limited to:

  • Develop new skills outside of comfort zone.
  • Act to resolve issues which prevent the team working effectively.
  • Coach others, recognise their strengths, and encourage them to take ownership of their personal development.
  • Analyse complex ideas or proposals and build a range of meaningful recommendations.
  • Use multiple sources of information including broader stakeholder views to develop solutions and recommendations.
  • Address sub-standard work or work that does not meet firm's/client's expectations.
  • Use data and insights to inform conclusions and support decision-making.
  • Develop a point of view on key global trends, and how they impact clients.
  • Manage a variety of viewpoints to build consensus and create positive outcomes for all parties.
  • Simplify complex messages, highlighting and summarising key points.
  • Uphold the firm's code of ethics and business conduct.
  • Lead and manage Organisation's Security Operations Center (SOC).
  • Responsible for incident identification, assessment, quantification, reporting, communication, mitigation and monitoring
  • Responsible for compliance to SLA, process adherence and process optimization to achieve the SOC's operational objectives
  • Responsible for team & vendor management, overall use of resources and initiation of corrective action where required for Security Operations Center
  • Perform threat management, threat modelling, identify threat vectors and develop use cases for security monitoring
  • Responsible for integration of standard and non-standard logs into SIEM
  • Creation of reports, dashboards, metrics for SOC operations and presentation to Executive Management and Cyber and Information security or Risk Management committees
  • Develop and maintain an incident response program/plan consistent with incident response management processes and standards.
  • Implement monitoring tools in the cloud
  • Work with other SOC analysts to create security-related rules to provide alerts on any suspicious activities
  • Conduct periodic threat simulation activities to evaluate the adequacy of deployed detective controls
  • Establish and maintain a database of detected and reported information security incidents
  • Provide support for forensic investigations related to Information security incidents and develop and share security event logging requirements with infrastructure and applications teams
  • Liaise with stakeholders for timely isolation, containment and remediation of Indicators of Compromise (IOCs) related to validated threat intelligence information

*Requirements *

  • A minimum of a degree in Computer Science / Engineering, Information
  • Technology, Electrical Engineering or a related field of study from a recognised Professional Certification such as CISSP, CISM, CEH or GCIH will be an added advantage
  • A Second degree is an added advantage

Minimum of Five (5) years of relevant IT work experience which may include Information Security, IT Infrastructure Management, IT Vendor Assessment and over two (2) years in a managerial role.

Education (if blank, degree and/or field of study not specified)

Degrees/Field of Study required:Degrees/Field of Study preferred:

Certifications (if blank, certifications not specified)

Required Skills

Optional Skills

Desired Languages (If blank, desired languages not specified)

Travel Requirements

Available for Work Visa Sponsorship?

Government Clearance Required?

Job Posting End Date

Be The First To Know

About the latest Senior security operations center analyst Jobsin Antipolo

Set Email Alert:

Job title

Location

Security Operations Center and Incident Response Manager

Posted 1 day ago

Job Description

Line of Service

Assurance

Specialism

Cybersecurity & Privacy

Manager

Job Description & Summary

A career in our Risk and Compliance Management practice, within Cybersecurity and Privacy services, will provide you with the opportunity to help our clients implement an effective cybersecurity programme that protects against threats, propels transformation, and drives growth. As companies pivot toward a digital business model, exponentially more data is generated and shared among organisations, partners and customers. You'll play an integral role in helping our clients ensure they are protected by developing transformation strategies focused on security, efficiently integrate and manage new or existing technology systems to deliver continuous operational improvements and increase their cybersecurity investment, and detect, respond, and remediate threats.

Our team helps organisations transform their governance, risk, and compliance activities into a tool that is able to anticipate and mitigate risk to drive business performance. In joining, you'll develop risk management solutions, compliance and ethics controls, business continuity planning, internal audit procedures, and a compliance framework.

To really stand out and make us fit for the future in a constantly changing world, each and every one of us at PwC needs to be a purpose-led and values-driven leader at every level. To help us achieve this we have the PwC Professional; our global leadership development framework. It gives us a single set of expectations across our lines, geographies and career paths, and provides transparency on the skills we need as individuals to be successful and progress in our careers, now and in the future.

As a Manager, you'll work as part of a team of problem solvers, helping to solve complex business issues from strategy to execution. PwC Professional skills and responsibilities for this management level include but are not limited to:

  • Develop new skills outside of comfort zone.
  • Act to resolve issues which prevent the team working effectively.
  • Coach others, recognise their strengths, and encourage them to take ownership of their personal development.
  • Analyse complex ideas or proposals and build a range of meaningful recommendations.
  • Use multiple sources of information including broader stakeholder views to develop solutions and recommendations.
  • Address sub-standard work or work that does not meet firm's/client's expectations.
  • Use data and insights to inform conclusions and support decision-making.
  • Develop a point of view on key global trends, and how they impact clients.
  • Manage a variety of viewpoints to build consensus and create positive outcomes for all parties.
  • Simplify complex messages, highlighting and summarising key points.
  • Uphold the firm's code of ethics and business conduct.
  • Lead and manage Organisation's Security Operations Center (SOC).
  • Responsible for incident identification, assessment, quantification, reporting, communication, mitigation and monitoring
  • Responsible for compliance to SLA, process adherence and process optimization to achieve the SOC's operational objectives
  • Responsible for team & vendor management, overall use of resources and initiation of corrective action where required for Security Operations Center
  • Perform threat management, threat modelling, identify threat vectors and develop use cases for security monitoring
  • Responsible for integration of standard and non-standard logs into SIEM
  • Creation of reports, dashboards, metrics for SOC operations and presentation to Executive Management and Cyber and Information security or Risk Management committees
  • Develop and maintain an incident response program/plan consistent with incident response management processes and standards.
  • Implement monitoring tools in the cloud
  • Work with other SOC analysts to create security-related rules to provide alerts on any suspicious activities
  • Conduct periodic threat simulation activities to evaluate the adequacy of deployed detective controls
  • Establish and maintain a database of detected and reported information security incidents
  • Provide support for forensic investigations related to Information security incidents and develop and share security event logging requirements with infrastructure and applications teams
  • Liaise with stakeholders for timely isolation, containment and remediation of Indicators of Compromise (IOCs) related to validated threat intelligence information

*Requirements *

  • A minimum of a degree in Computer Science / Engineering, Information
  • Technology, Electrical Engineering or a related field of study from a recognised Professional Certification such as CISSP, CISM, CEH or GCIH will be an added advantage
  • A Second degree is an added advantage

Minimum of Five (5) years of relevant IT work experience which may include Information Security, IT Infrastructure Management, IT Vendor Assessment and over two (2) years in a managerial role.
Education
(if blank, degree and/or field of study not specified)
Degrees/Field of Study required:

Degrees/Field of Study preferred:

Certifications
(if blank, certifications not specified)
Required Skills
Optional Skills
Desired Languages (If blank, desired languages not specified)

Travel Requirements

Available for Work Visa Sponsorship?

Government Clearance Required?

Job Posting End Date

Be The First To Know

About the latest Senior security operations center analyst Jobsin Antipolo

Set Email Alert:

Job title

Location

Digital Forensic and Incident Response Analyst

Posted today

Job Description

I. Job Purpose

Responsible on conducting investigations and analysis of cybersecurity incidents, and then performing incident response to mitigate and contain the threat. This includes conducting forensics by examining post-exploitation artifacts to identify indicators of compromise and exploited gaps for the root cause analysis, while also conducting internal investigations on detected insider threats.

II. Primary Accountabilities

Conduct investigations on identified cybersecurity incidents.

Perform incident response to verified cybersecurity incidents.

Collect digital evidence for a post-incident forensic analysis.

Conduct Digital Forensics to identify indicators of compromise.

Write detailed notes and submit a report on the results of the investigation.

Collaborate with other departments to support the Digital Forensics and Incident Response activities.

Ensure that the forensic tools used by the team is always updated.

Collaborate with the team to review and update the incident response plan, process and playbook.

Collaborate with the team to enhance its capability to proactively detect and prevent threats towards the bank.

Participate in the Bank's sustainable finance-related activities.

Participate in mandatory BCP activities.

III. Job Qualification

Education:

Bachelor's degree in computer science, Mathematics, Engineering, or other related area of Information Security

Experience:

At least 2 years practical experience in IT Infrastructure/IT Audit and/or Information Security Operations preferably from financial services environment

About Us

PSBank is the thrift bank arm of the Metrobank Group. It started as a small neighborhood bank right at the heart of the historic Plaza Miranda in Quiapo, Manila, which used to be the country's commercial and business hub. We opened our first branch in the area on September 26, 1960. Backing our strength is our parent Metropolitan Bank and Trust Company (Metrobank), the banking arm of GT Capital Holdings, Inc., the publicly listed holding firm of the family of George S.K. Ty. We continue to strive to be the country's consumer and retail bank of choice by innovating our products and services to keep up with our clients' ever-evolving needs. We also aim to be recognized as the banking leader in providing exceptional customer experience at every encounter. We have expanded our presence to over 250 branches and more than 600 ATMs nationwide.

Job Type: Full-time

Incident Response Engineer with Forensic Expertise

Posted today

Job Description

Job Description:

To provide detection, containment, and analysis of security events to protect the confidentiality, integrity, and availability of information systems per the firm's business objectives, regulatory requirements, and strategic goals.

Must Haves:

  • At least 4–5 years of relevant experience with a strong background in Forensics.
  • Must have experience providing Level 2–3 Incident Response (IR) support, handling complex cases.
  • Experience handling the end-to-end Incident Response (IR) lifecycle — including preparation, identification, containment, eradication/remediation, recovery, and lessons learned/follow-up
  • Experience in endpoint detection and response (EDR) tools—such as CrowdStrike, Microsoft Defender, or SentinelOne
  • Experience in analyzing logs from firewalls or proxies—such as Palo Alto, Fortinet, Zscaler, or Squid
  • Permanent and Direct hire
  • Shifting (APAC: 6am to 3pm, EMEA: 2pm to 11pm, WHEM: 10pm to 7am (next day) Sunday to Thursday, or Monday to Friday. Shift changes every 2 months
  • 8 times RTO per month. Must be amenable to render overtime, work on weekends and/or PH holidays if needed
  • BGC, Taguig office
What Locations Can I Find These Jobs In? #J-18808-Ljbffr

  • , , Philippines Executive Operations, LLC Full time

    Overview We are seeking a proactive and detail-oriented Security Operations Center (SOC) Analyst Level 1 to join our team at EXOP. In this entry-level role, you will monitor and respond to security alerts, help mitigate security incidents and support the overall security posture of the organization. As a SOC Analyst Level 1, you will work closely with senior...

  • Senior Analyst

    18 hours ago


    , Metro Manila, Philippines Buscojobs Full time

    Security Operations Center and Incident Response Manager Posted 1 day ago Job Description Line of Service: Assurance Specialism: Cybersecurity & Privacy Manager Overview and Summary A career in our Risk and Compliance Management practice, within Cybersecurity and Privacy services, will provide you with the opportunity to help our clients implement an...


  • , Metro Manila, Philippines PCCW GLOBAL Limited Full time

    PCCW Global is a leading telecommunications provider, offering the latest voice and data solutions to multi-national enterprises and communication service providers. Our truly global coverage combined with local, on the ground knowledge has helped us build best in class connections across the globe linking Asia-Pacific, Europe, the Americas, the Middle East...


  • , , Philippines ProV International Full time

    Joining ProV will positively impact your career. ProV International has positioned itself to be an employer of choice, recruiting the best talent the technology industry has to offer. We create an environment that encourages positive impact for professional development and ensures exceptional results. Our IMPACT promise is to hire and deliver only the best...

  • Security Analyst

    2 weeks ago


    , Metro Manila, Philippines Verifone Full time

    Join to apply for the Security Analyst role at Verifone Join to apply for the Security Analyst role at Verifone Get AI-powered advice on this job and more exclusive features. Why VerifoneFor more than 30 years Verifone has established a remarkable record of leadership in the electronic payment technology industry. Verifone has one of the leading...


  • Philippines Summit 360 Solutions Full time ₱90,000 - ₱120,000 per year

    Senior Cyber Security AnalystLocation: Remote / Flexible (with overlap to US CST)Department: Security OperationsSchedule: Monday–Friday, 8:00 AM–5:00 PM US CST (flexibility +/- 3 hours)Salary: PHP90,000 to 120,000/mo (paid bimonthly)About the RoleWe are seeking a highly skilled Senior Security Analyst II to join our Security Operations and Incident...

  • Security Analyst

    2 weeks ago


    , Metro Manila, Philippines QBE Insurance Full time

    Join to apply for the Security Analyst role at QBE Insurance Join to apply for the Security Analyst role at QBE Insurance Primary DetailsTime Type: Full timeWorker Type: EmployeeThe purpose of this role is to be a key member of the Global Security Operations team, responsible for performing advanced analysis on cyber threats using proactive and reactive...

  • Analyst II

    2 weeks ago


    , Metro Manila, Philippines Microchip Technology Inc. Full time

    Join to apply for the Analyst II - IT Security Operations role at Microchip Technology Inc. 1 day ago Be among the first 25 applicants Join to apply for the Analyst II - IT Security Operations role at Microchip Technology Inc. Are you looking for a unique opportunity to be a part of something great? Want to join a 17,000-member team that works on the...


  • , , Philippines TaskUs Full time

    .The People First culture at TaskUs has enabled the company to expand its workforce to approximately 45,000 employees globally. Presently, we have a presence in twenty-three locations across twelve countries, which include the Philippines, India, and the United States.It started with one ridiculously good idea to create a different breed of Business...


  • , , Philippines Sealed Air Full time

    IT Security Analyst IV - Cloud and App Security Job Description Job Alerts Link Apply now IT Security Analyst IV - Cloud and App Security Sealed Air SS (PH) Requisition ID: 50723 If you are a current employee click here to apply. What does an IT Security Analyst IV - Cloud and App Security do? Sealed Air Shared Service (Philippines) Inc. is looking for a...