
SOC Analyst, Level 1
Posted Jun 25

Posted Jun 25
This is a fully remote position, open to applicants in Philippines.
• Oversee security events and alerts utilizing SIEM and defensive tools; carry out initial triage and classification (benign / false positive / suspicious / incident).
• Gather and assess basic evidence: endpoint telemetry, Windows/Linux logs, firewall/IDS, DNS/proxy; conduct initial correlation (host/user/IP/IOC/process).
• Implement runbooks/playbooks (e.g., password reset requests, IOC block requests, host isolation requests) when authorized and in accordance with procedures.
• Generate and sustain high-quality tickets with a clear narrative: detailing what occurred, supporting evidence, potential impact, actions taken, and suggested next steps.
• Escalate to L2/L3/IR when there is evidence of compromise, material risk, lateral movement, or uncertainty necessitating a more in-depth investigation.
• Provide organized shift handovers (case status, findings, hypotheses, next steps, blockers).
• Adhere to operational SLAs and maintain documentation quality standards.
• 0–2 years of experience in SOC/NOC/IT Security operations or equivalent practical experience demonstrated through labs/casework.
• Strong foundational knowledge in networking: TCP/IP, DNS, HTTP/S, VPN, NAT.
• Basic proficiency in Windows and Linux (processes, authentication, logging concepts).
• Capability to interpret log fields (source/destination, user, process, hash, URL, action, result).
• Proficient spoken and written English (minimum B2) — must be able to engage in technical calls and compose clear tickets and summaries in English.
• Exceptional attention to detail, organized thinking, prioritization skills, and the ability to work effectively under pressure and through repetitive workflows without compromising quality.
• Familiarity with SIEM/EDR/IDS tools (e.g., Wazuh, Splunk, Sentinel, QRadar; Defender/CrowdStrike; Suricata/Snort). (Nice to have)
• Basic query skills (KQL/SPL/Lucene/DQL) and understanding of MITRE ATT&CK concepts. (Nice to have)
• Entry-level certifications (e.g., Security+, BTL1, CySA+) or equivalent evidence of competence. (Nice to have)
• [Insert benefit details here]
• [Insert additional benefit details here]
CACI International Inc
World Wildlife Fund
Apogee Engineering, LLC
MRO
Get handpicked remote jobs straight to your inbox weekly.