SOC (Security Operations Center) Senior Analyst, Specialist, Team Lead, Associate Manager (L2-L3)

Ready to join Accenture’s team of empowered people? We’re looking for candidates with the following skills and experience for this role. Do you fit the profile? If you do, we’d love to hear from you!

In adherence to Accenture’s process of Identity Verification, your resume or CV must include your photo to ensure the accuracy of your application.

Who we are:

Accenture in the Philippines is a pioneer in Accenture’s global delivery network. Over the past 30 years, we have expanded our capabilities to become a powerhouse company providing end-to-end technology and business services. As part of Accenture’s global footprint in over 120 countries, covering 40-plus industries, we have been working with the biggest companies in the country and around the globe.

Innovation, a constant at Accenture, enables us to find new ways to stay ahead of our clients’ challenges. Our inclusive, diverse, and strong culture of equality helps us constantly drive innovation in the workplace. By combining our industry expertise and the deep skills of our people with the latest technologies and our uncompromising high-performance standards, we help organizations grow their business and succeed in the digital age.

What’s in it for you?

You'll work with Accenture’s certified practitioners, and Accenture will support you in growing your own tech stack and certifications.

SOC L3 Analyst

Job Summary:

In addition to leading incident response efforts, the SOC L3 Analyst conducts advanced, periodic threat hunting using a variety of tools, techniques, and intelligence sources to proactively identify malicious activity. The role requires close collaboration with engineering teams, threat intelligence units, incident responders, and client stakeholders to continuously enhance detection, investigation, and response capabilities.

Key Responsibilities:

• Lead investigations of complex security incidents and provide expert-level support to clients and junior SOC analysts
• Conduct proactive, intelligence-driven threat hunting to detect advanced threats and stay ahead of the evolving threat landscape.
• Develop, refine, and optimize detection use cases and correlation rules based on new log sources and threat insights.
• Provide SIEM/SOAR tuning recommendations to improve detection accuracy and reduce false positives.
• Maintain and enhance incident response playbooks and SOPs to ensure alignment with operational and client needs.
• Mentor and train L1/L2 analysts on detection techniques, response procedures, and new SOC tools or workflows.
• Act as a senior technical contact during major incidents and deliver clear, actionable incident reports and recommendations.
• Drive enhancements in SOC operations by reviewing SLAs, refining workflows, and supporting log learning and detection capability development.

SOC Level 2 Analyst

Job Summary:

The SOC Level 2 Analyst is responsible for conducting in-depth investigations, root-cause analysis, and responding to complex security incidents escalated by Intrusion Analysts. This role includes validating and analyzing security logs, providing expert guidance and mentorship, and collaborating closely with IT, security teams, and Content Engineers to improve and fine-tune detection use-cases.

• Continuously monitor and analyze security alerts and events from SIEM, IDS/IPS, firewalls, and endpoint protection platforms, providing 9x5 support with on-call availability as needed.
• Perform deep-dive investigations of escalated incidents, determining root cause, impact, and appropriate response. Own the end-to-end resolution process and escalate to Level 3 analysts when required.
• For validated high or critical incidents, initiates the Major Incident Management process, engage CSIRT and/or external incident response teams, and act as the Singe Point of Contact (SPOC) during the initial response phase.
• Conduct basic retroactive threat hunting using an Indicator of Compromise (IoC) driven approach to proactively identify potential threats.
• Work closely with engineering teams to request case updates, whitelisting, and resolve parsing issues. Escalate complex or unresolved issues promptly.
• Supervise and mentor Intrusion Analysts, conduct quality assurance (QA) reviews of incidents they handle, and guide them on best practices.
• Maintain clear, concise documentation of incidents, findings, and response actions. Ensure accurate shift handovers and update playbooks, SOPs, and reaction plans regularly.
• Provide recommendations for enhancing detection logic, SOC processes, and tools. Support the tuning and creation of detection rules and use cases in collaboration with Content Engineers.
• Generate ad-hoc reports based on client or management requests and ensure effective communication with relevant stakeholders throughout the incident lifecycle.