Cyber Incident Response L2 Analyst

This is Direct Hire Permanent to our client

Salary offer depends on your experiences and skills. They will assess you. The salary range on this post is not the actual budget of our client but our idea only. Client may still negotiate with you.

Position: Incident Response Analyst

Work Schedule: Shifting and any shift assigned : Shift (APAC: 6am to 3pm, EMEA: 2pm to 11pm, WHEM: 10pm to 7am (next day) Sunday to Thursday, or Monday to Friday. Shift changes every 2 months

Must be amenable to render overtime, work on weekends and/or PH holidays if needed

Work Set up: Hybrid: 8 times RTO per month, flexible days

Location: BGC, Taguig

• Graduate of Bachelor's Degree
• At least 4 years of hands-on experience in L2/L3 support with full IR lifecycle experience ((Preparation, identification, containment, eradication/remediation, recovery, lessons learned/followup)
• Experience in Creating rules to further identify suspicious behavior
• handled complex IR Cases
• hands-on experience in the following: SIEM, log management, IDS, breach detection systems (APT/BDS/EDR), and packet capture.; Qualys, Nessus, or other vulnerability scanning discovery tools
• TCP/IP, DNS, common network services, and other foundational topics
• malware detection, analysis, and evasion techniques:
• Able to conduct static and dynamic analysis of malware to extract indicators of compromise, profile malware behavior, and provide recommendations for mitigating and detecting malware; Able to analyze suspicious websites, script-based and malware code
• Identify, analyze, and report threats within the enterprise by using information collected from a variety of sources (IDS/IPS, SIEM, AV), to protect data and networks.
• EnCase, FTK, Sleuth Kit, X Ways, etc.
• Digital forensics on host or network and identification of anomalous behavior on the network or endpoint devices.
• Good communication Skills

*

Job Types: Full-time, Permanent

Pay: Php60, Php105,000.00 per month

Application Question(s):

• Are you willing to work on-site in BGC, Taguig - Hybrid: 8 times RTO per month, flexible days?
• Are you amenable to work on a Shifting schedule? Shift (APAC: 6am to 3pm, EMEA: 2pm to 11pm, WHEM: 10pm to 7am (next day) Sunday to Thursday, or Monday to Friday. Shift changes every 2 months
• Are you willing to render overtime, work on weekends and/or PH holidays if assigned and needed?
• How long is your total experience in BPO/International companies, supporting international clients?
• How long is your total hands-on experience in handling Incident Response?
• Have you personally reverse engineered a malware sample that used Windows Script Host (WScript), such as a malicious .vbs or .js file, as part of an actual investigation or incident response activity?
• Have you personally investigated a machine that was compromised by malware, including identifying the infection, analyzing its behavior, and contributing to containment or remediation?
• Have you created a custom alert or detection rule in a SIEM or XDR platform that goes beyond simple IOC matching—such as using behavioral patterns, TTP mapping techniques, or telemetry analysis?
• SPECIFY your YEARS of you have HANDS-ON experience in each of the following: : SIEM, log management, IDS, breach detection systems (APT/BDS/EDR), and packet capture.; Qualys, Nessus, or other vulnerability scanning discovery tools
• SPECIFY your YEARS of you have HANDS-ON experience in each of the following: EnCase, FTK, Sleuth Kit, X Ways, etc.
• How long is your total hands-on experience in FULL IR lifecycle experience ((Preparation, identification, containment, eradication/remediation, recovery, lessons learned/followup)?
• Are you currently L2/L3 Incident Response analyst (your most recent employment if you are handling L2/L3 level of incident response)?
• Do you have hands-on experience in Creating rules to further identify suspicious behavior?
• How much is your expected salary? Php - Basic Pay/Month

Education:

• Bachelor's (Preferred)

Work Location: In person