SOC Engineer

Job Title: SOC Engineer

Department: Network & Security Operations Centre (NSOC)

Location: IT Park, Cebu, Philippines

Employment Type: Full-time

Job Overview:

We are seeking a skilled and motivated SOC Engineer to join our Network & Security Operations Centre (NSOC) team. This role is well-suited for professionals with foundational experience in cybersecurity who are looking to further deepen their expertise in security monitoring, threat detection, and incident response within a fast-paced and collaborative environment.

As part of the team, you will work closely with fellow engineers and analysts to analyze security alerts, contribute to threat detection efforts, and support the development and automation of detection use cases and workflows. This position offers direct exposure to enterprise-grade security tools and real-world threats, making it an excellent opportunity to build a strong technical foundation and grow within the cybersecurity engineering field.

Key Responsibilities:

• Analyze and interpret security event data from various technologies such as SIEM, SOAR, EDR platforms, and network security devices
• Contribute to the development and refinement of detection use cases by evaluating alert logic, fidelity, and contextual accuracy
• Provide technical support to SOC analysts and incident responders by validating alerts, enriching event data, and supplying relevant context for escalated incidents
• Collaborate with senior security engineers to design, implement, and fine-tune detection rules and correlation logic
• Assist in the design and implementation of security automation workflows and incident response playbooks
• Support guided threat hunting efforts through log analysis and detection gap identification
• Document engineering processes including detection engineering workflows, suppression logic, and automation strategies
• Help maintain and improve internal engineering documentation, such as use case repositories, runbooks, and standard operating procedures
• Assist in onboarding and integrating new data sources into the SIEM platform, ensuring proper parsing, normalization, and classification
• Stay up-to-date with emerging threat tactics, attacker techniques, and evolving detection methodologies to support continuous engineering improvement

Qualifications:

Required:

• Bachelor's degree in Computer Science, Computer Engineering, Information Security, Information Technology, or equivalent hands-on experience
• Solid understanding of fundamental cybersecurity concepts such as threats, vulnerabilities, malware, phishing, and threat intelligence
• Familiarity with scripting or programming languages such as Python, SQL, Jinja, HTML/CSS, or Bash
• Solid understanding of automation workflows and their application in SOC environments (e.g., playbooks, auto-enrichment)
• Familiarity with security tools such as SIEM, SOAR, EDR, or firewalls
• Basic understanding of networking fundamentals (e.g., TCP/IP, DNS, HTTP, routing)
• Good analytical, problem-solving, and troubleshooting skills
• Effective written and verbal communication skills
• Able to perform effectively in high-pressure or time-sensitive environment.

Preferred/Nice to Have:

• Internship or academic project experience within a SOC, NOC, or cybersecurity lab environment
• Hands-on exposure to SIEM/SOAR platforms
• Basic understanding of log formats (e.g., syslog, Windows Event Logs)
• Ability to perform analytics and data queries manually using SQL
• Experience with parsing and working with structured data formats such as XML
• Exposure to use case development or detection engineering concepts
• Familiarity with frameworks such as MITRE ATT&CK, NIST, or Cyber Kill Chain
• Relevant security certifications: CompTIA Security+, ISC2 Certified in Cybersecurity (CC), or similar

Job Types: Full-time, Permanent

Pay: From Php30,000.00 per month

Application Question(s):

• What is your expected salary?

Education:

• Bachelor's (Required)

Work Location: In person