Security Operations Center (SOC) Analyst

SOC Manager

Job Summary:

The SOC Manager will work with the SOC Operations team with a focus on threat identification, incident response, cyber threat intelligence infusion, and mitigations—to ensure defensive resiliency.

Key Responsibilities:

• Act as service delivery manager and Subject Matter Expert (SME) to the SOC team during the run phase of the service
• Providing subject matter expertise and guidance on Sentinel design, implementation, log sourcing integration, UseCase development and trouble shooting
• Providing subject matter expertise and guidance on incident response management and coordinating efforts across client and Accenture teams
• Managing escalations, managing Daily Operations, resources, incident management and
• Reporting and review of contractual metrics – KPI/SLA
• Implement & support security for client environments including implementation of technological solutions
• Participate in business development activities (including responses to RFP/I/Q)
• Champion continuous service improvement and drive automation efforts
• Contribute to people-related activities, including development, coaching, recruiting, training, and retention. Foster a culture of learning, continuous improvement

SOC L3 Analyst

Job Summary:

In addition to leading incident response efforts, the SOC L3 Analyst conducts advanced, periodic threat hunting using a variety of tools, techniques, and intelligence sources to proactively identify malicious activity. The role requires close collaboration with engineering teams, threat intelligence units, incident responders, and client stakeholders to continuously enhance detection, investigation, and response capabilities.

Key Responsibilities:

• Lead investigations of complex security incidents and provide expert-level support to clients and junior SOC analysts
• Conduct proactive, intelligence-driven threat hunting to detect advanced threats and stay ahead of the evolving threat landscape.
• Develop, refine, and optimize detection use cases and correlation rules based on new log sources and threat insights.
• Provide SIEM/SOAR tuning recommendations to improve detection accuracy and reduce false positives.
• Maintain and enhance incident response playbooks and SOPs to ensure alignment with operational and client needs.
• Mentor and train L1/L2 analysts on detection techniques, response procedures, and new SOC tools or workflows.
• Act as a senior technical contact during major incidents and deliver clear, actionable incident reports and recommendations.
• Drive enhancements in SOC operations by reviewing SLAs, refining workflows, and supporting log learning and detection capability development.

SOC Level 2 Analyst

Job Summary:

The SOC Level 2 Analyst is responsible for conducting in-depth investigations, root-cause analysis, and responding to complex security incidents escalated by Intrusion Analysts. This role includes validating and analyzing security logs, providing expert guidance and mentorship, and collaborating closely with IT, security teams, and Content Engineers to improve and fine-tune detection use-cases.

• Continuously monitor and analyze security alerts and events from SIEM, IDS/IPS, firewalls, and endpoint protection platforms, providing 9x5 support with on-call availability as needed.
• Perform deep-dive investigations of escalated incidents, determining root cause, impact, and appropriate response. Own the end-to-end resolution process and escalate to Level 3 analysts when required.
• For validated high or critical incidents, initiates the Major Incident Management process, engage CSIRT and/or external incident response teams, and act as the Singe Point of Contact (SPOC) during the initial response phase.
• Conduct basic retroactive threat hunting using an Indicator of Compromise (IoC) driven approach to proactively identify potential threats.
• Work closely with engineering teams to request case updates, whitelisting, and resolve parsing issues. Escalate complex or unresolved issues promptly.
• Supervise and mentor Intrusion Analysts, conduct quality assurance (QA) reviews of incidents they handle, and guide them on best practices.
• Maintain clear, concise documentation of incidents, findings, and response actions. Ensure accurate shift handovers and update playbooks, SOPs, and reaction plans regularly.
• Provide recommendations for enhancing detection logic, SOC processes, and tools. Support the tuning and creation of detection rules and use cases in collaboration with Content Engineers.
• Generate ad-hoc reports based on client or management requests and ensure effective communication with relevant stakeholders throughout the incident lifecycle.

Job Qualifications:

SOC Manager Job Requirements:

• Bachelor or college degree in Computer Science, Telecommunications or Information Security or equivalent work experience
• At least 10 years of experience an information/cyber security role focused on security monitoring and analysis
• Knowledge of IT security solutions (Security Information and Event Management, Cloud Access Security Broker, Data Leakage Prevention, Web Application Firewall, Multi Factor Authentication, Data Rights Management, Identity Access/Privileged Access Management, etc.)
• At least 3 years of experience in leading teams of varying sizes teams of varying sizes and resource management
• Extensive experience of working directly with client stakeholders as a single point of contact, managing escalations and driving remediation initiatives
• Understanding of frameworks such as ISO 27001/27002, COBIT, and other relevant compliance such PCI, HIPAA, SOX, FISMA
• Experience with and knowledge of Data Loss Prevention (DLP)
• Either possess (or have the eligibility to obtain) a Canadian security clearance
• English is required for this position as this role will regularly interact with stakeholders across Canada, US and other countries across our Global footprint where English is the common language. Due to the significant high volume of interactions with these English-speaking stakeholders, which is inherent to this position, it is not possible to reorganize the company's activities to avoid this requirement.

Nice to have skills:

• Certifications in public cloud (level of architect, security engineer/specialist) or Security Certifications in CISSP, CISM, CCSP or CCSK, CEH, CISA, Azure Security Engineer, Azure Solution Architect Expert, AWS Solution Architect Associate/Professional
• Familiarity with industry standards, guidelines, and regulatory compliance requirements related to information security and cloud computing such as GDPR, ISO 27001, Cloud Security Alliance, NIST 800-53, PCI DSS, ISA/IEC 62443, NERC CIP, HIPAA, etc.
• Scripting experience using either Shell, Python, Perl, JavaScript, PowerShell, Azure-CLI, AWS-CLI, GCP CLI, etc.
• Certifications for product or vendor security solutions such as: AZ-500, SC-200
• Knowledge of public cloud environments (Azure, AWS or Google Cloud), preferred to currently possess foundational certification

SOC L3 Job Requirements:

• 6-8 years of experience in cybersecurity, including a minimum of 2 years in a SOC Level 3 or equivalent senior incident response/threat detection role.
• Advanced hands-on experience with SIEM platforms, EDR tools, and cloud-native security solutions.
• Deep understanding of network protocols, intrusion detection/prevention systems (IDS/IPS), malware behavior, and packet-level traffic analysis.
• Proficient in system administration and security for Unix/Linux, Windows, and mobile operating systems, with the ability to assess platform-specific threats and vulnerabilities.
• Experience with scripting or programming languages for automation, threat detection logic, or custom tooling.
• Must understand threat actor behaviors, TTPs, and indicators of compromise, and be able to apply frameworks like MITRE ATT&CK.
• Should be familiar with common system and application vulnerabilities such as buffer overflows, injections, and XSS.
• Experience in threat hunting, adversary simulation, and digital forensics is required to detect hidden or emerging threats.
• Should have a working knowledge of malware behavior and basic reverse engineering techniques.
• Demonstrated ability to stay up to date with the latest security threats, tools, and defensive techniques is expected.
• Preferred certifications include CISSP, GCIH, CEH, CySA+, or Security+, validating industry-recognized skills.

SOC L2 Job Requirements:

• Candidates should hold a degree in a relevant field and have at least 2 years of experience in a SOC or similar security environment
• They must understand core network protocols and security technologies and be skilled in using SIEM tools for threat detection.
• Proficiency in analyzing network traffic and logs to detect and investigate signs of compromise is required.
• Understanding of authentication, authorization, and access control methods is essential.
• Candidates should be able to identify, contain, and report malware related incidents.
• Strong skills in conducting deep incident investigations and determining root cause are necessary.
• Should be able to categorize incidents and respond effectively within defined timelines.
• Ability to perform trend and behavioral analysis to detect emerging threats is a key requirement.
• Understanding of attack techniques, threat vectors, and cryptography fundamentals is important.
• They must work well with internal teams to coordinate responses and improve detection and response processes.
• A sharp analytical mindset and the ability to remain calm under pressure are crucial for effective incident response.

Preferred Qualifications:

• Certifications such as CEH, CompTIA Security+, or GIAC.
• Experience with scripting languages like Python or PowerShell to automate tasks, analyze data, or support incident investigations.
• Familiarity with cloud security principles and monitoring tools to detect and respond to threats in cloud environments.

Additional Requirements:

• Must be willing to work on a shifting schedule and report 3x a week to daily onsite at Cyberpark, Cubao or Ayala IT Park, Metro Cebu