SOC L1-L3 (Security Information and Event Management (SIEM) Operations)

Ready to join Accenture’s team of empowered people? We’re looking for candidates with the following skills and experience for this role. Do you fit the profile? If you do, we’d love to hear from you!

In adherence to Accenture’s process of Identity Verification, your resume or CV must include your photo to ensure the accuracy of your application.

Who we are:

Accenture in the Philippines is a pioneer in Accenture’s global delivery network. Over the past 30 years, we have expanded our capabilities to become a powerhouse company providing end-to-end technology and business services. As part of Accenture’s global footprint in over 120 countries, covering 40-plus industries, we have been working with the biggest companies in the country and around the globe.

Innovation, a constant at Accenture, enables us to find new ways to stay ahead of our clients’ challenges. Our inclusive, diverse, and strong culture of equality helps us constantly drive innovation in the workplace. By combining our industry expertise and the deep skills of our people with the latest technologies and our uncompromising high-performance standards, we help organizations grow their business and succeed in the digital age.

What’s in it for you?

You'll work with Accenture’s certified practitioners, and Accenture will support you in growing your own tech stack and certifications.

Summary:

The SOC Analyst/Lead is responsible for monitoring and analyzing security events on an ongoing basis. The role involves investigating and responding to threats in a timely and effective manner, and where necessary, escalating incidents to the appropriate teams for in-depth analysis and/or resolution.

Roles and Responsibilities:

• Monitors and analyzes Security Information and Event Management (SIEM) to identify security issues for remediation.
• Recognizes potential, successful, and unsuccessful intrusion attempts and compromises thorough reviews and analyses of relevant event detail and summary information.
• Evaluates/deconstructs malware (e.g., obfuscated code) through open-source and vendor-provided tools.
• Communicates alerts to clients regarding intrusions and compromises to their network infrastructure, applications, and operating systems.
• Prepares briefings and reports of analysis methodology and results.
• Creates and maintains standard operating procedures and other similar documentation; ensures all documentation is up to date and standard.
• Generates end-of-shift reports for documentation and knowledge transfer to subsequent analysts on duty.
• Assists Entry-Level SOC analysts in building stronger skills.
• Assists Team Leads with reporting, projects, administrative work as needed.
• Support cyber defense functions to protect organizations from cyber security incidents that have potential to cause negative impact
• Review suspicious threat activity via logs and security applications to determine the nature of a possible threat
• Decide necessary remediation actions for a multitude of systems, including but not limited to Operating Systems, network firewalls/routers, AV systems and more
• Create clear and concise writeups representing the overall summary, analysis, actions taken and recommendations for escalated incidents via a platform ticketing system
• Validate operations during their shift and contact senior analysts for additional support/escalation
• Monitor customer requests via their escalated tickets and inform the senior team for additional support
• Investigate, document, and report on information security issues and emerging trends
• Incident Response - reporting of cyber security incidents, mitigation advisement, quality review and after action
• Use SOC monitoring tools and have a working understanding of systems such as, SIEM systems, Intrusion Detection System, Data Loss Prevention, Antivirus System, to review and analyze pre-defined events
• Provide analysis and identify trends of security log data from a large number of heterogeneous security devices indicative of incidents
• Suggest and request whitelisting and use case finetuning from Engineering team as applicable
• Inform parsing issues to SOC Content / Platform Engineering team as applicable
• Perform basic threat (retro) hunting leveraging an IoC-based approach

Open Positions:

• SOC L1
• SOC L2
• SOC L3