AMS-PH-Security-ID168-SOC CTI L1 (7 of 7)

Posted:
7/25/2024, 12:49:32 PM

Location(s):
Taguig, Metro Manila, Philippines ⋅ Metro Manila, Philippines

Experience Level(s):
Junior

Field(s):
IT & Security

Job Description:

Job scope/summary:

DXC Managed Security Services (MSS) is the specialist, Digital Security division within DXC Technology.  Our team provides a broad portfolio of security services offering end-to-end operational management of market-leading technologies and security services for local and multinational clients. As part of our continued focus on the Americas market, we are enhancing the Security Monitoring team who work within the Cyber Security Operations Centre on a rotational basis to deliver security services at the highest standard for our customers. 

The Tier 2 Senior Security Analyst is responsible for conducting 24/7 monitoring of our customers. As part of this role, the analyst will be required to undertake reviews of alerts received into the SIEM platform. This will involve investigating alerts that have been escalated to them by the Tier 1 Security Analyst which require more detailed investigation before declaring an incident or escalating outside the Security Monitoring team. 

For this role we are seeking candidates who have had exposure to network and security technologies and have experience of delivering high standards within a technical or service-oriented environment. As a Senior Security Analyst, you will be a senior point of contact for key MSS customers therefore a proactive and professional attitude are essential for MSS to successfully deliver.  

The role will require participation in a 24/7/365 shift pattern where both daytime and out of hours work will be required, including weekends, subject to appropriate compensation.

Job specifics/responsibilities:

  • Monitor client networks and endpoints for security alerts relating to compromise or intrusion.
  • Perform detailed investigation into security alerts from the SIEM platforms as escalated by Tier 1. 
  • Own alerts through the incident lifecycle to resolution or escalate to Incident managers, Engineers or Customers as appropriate.
  • Update tickets adhere to documented standards allowing for incidents to be handed over cleanly. 
  • Monitor the components of the Security Monitoring service for operational issues and escalate as required. 
  • Incident investigation and response for frequently occurring or more common security alerts.
  • Monthly reporting on trends of security alerts. 
  • Make recommendations for tuning activities. 
  • Provide input into developing processes/procedures, runbooks for security alerts. 

Key deliverables/accountabilities:

  • Ongoing support activities to be performed according to SLAs and defined timelines
  • Tasks to be performed with the highest quality and according to predefined timelines

Key Skills and Experience:

  • 2+ years experience as a security analyst or working in a cyber security operations centre
  • 2+ years experience working with standard operating systems (Windows, Unix)
  • Hands-on experience with one or more SIEM systems (Micro Focus ArcSight, Splunk, Microsoft Azure Sentinel, IBM Qradar, SumoLogic)
  • Demonstrated security knowledge of Windows/Linux/Unix platforms and networking protocols
  • Strong understanding of TCP/IP and networking concepts (OSI Model)
  • Experience assisting the development and maintenance of tools, procedures, and documentation.
  • Experience with reviewing raw log files, data correlation, and analysis (i.e. firewall, network flow, IDS, system logs)
  • Experience qualifying and documenting indicators of compromise (IOC’s). 
  • Solid and demonstrable comprehension of Information Security including malware, emerging threats, attacks, and vulnerability management
  • Demonstrated understanding of the MITRE ATT&CK framework
  • Knowledge of IT security controls (Network IPS, Vulnerability Scanning, Endpoint Protection, Firewalls, Cloud Access Security Brokers)
  • Diploma/Certificate/Degree in Information Technology (Security preferred)
  • Relevant industry certifications such as CEH, GCIH, Security+, Network+, MCSP, CCNA)
  • (Desirable) Cloud services (Amazon Web Services, Azure, Google Cloud)
  • Strong deductive reasoning, critical thinking, problem solving, and prioritization skills
  • Excellent written and verbal communication and organizational skills.
  • Understanding of ITIL Framework
  • Ability to follow detailed process and procedure documentation 
  • Customer service experience including the resolution of customer escalations, incident handling, and response 
  • Strong team player that collaborates well with others to solve problems and actively incorporate input from various sources

Recruitment fraud is a scheme in which fictitious job opportunities are offered to job seekers typically through online services, such as false websites, or through unsolicited emails claiming to be from the company. These emails may request recipients to provide personal information or to make payments as part of their illegitimate recruiting process. DXC does not make offers of employment via social media networks and DXC never asks for any money or payments from applicants at any point in the recruitment process, nor ask a job seeker to purchase IT or other equipment on our behalf. More information on employment scams is available here.