Remotery

SOC Analyst, Level 2

Posted 59 min ago

This is a fully remote position, open to applicants in Philippines.

📋 Description

• Handle escalations from L1 and conduct thorough investigations: analyze hypotheses, validate evidence, assess scope, evaluate impact, and develop timelines.

• Integrate telemetry across endpoints (EDR), Windows/Linux systems, Active Directory, firewall/proxy/DNS/IDS, and cloud logs when applicable.

• Recommend and/or facilitate containment measures (such as host isolation, credential resets, IOC blocks, and temporary changes to controls) in accordance with change control and governance policies.

• Assess severity and communicate effectively in English with technical stakeholders; provide succinct executive-style updates when necessary.

• Identify detection deficiencies and drive enhancements: minimize false positives, address false negatives, and suggest new rules or use cases.

• Maintain evidence integrity and thorough documentation, coordinating handoffs with Incident Response, IT Operations, Network, and Cloud teams.

• Generate post-incident reports including probable root causes, lessons learned, and recommended preventive measures.


⛳️ Requirements

• 2–5 years of experience in SOC/IR/Blue Team (or equivalent demonstrated incident-handling expertise). Strong foundational knowledge in networking: TCP/IP, DNS, HTTP/S, VPN, NAT.

• Experience with EDR investigations (including process trees, persistence, LOLBins behavior, and containment workflows).

• Proficiency in Windows/AD triage (including authentication patterns, suspicious logon behavior, and account activity) as well as Linux triage.

• Network analysis and security controls expertise (firewall/IDS/proxy/DNS), with the ability to identify anomalous patterns.

• Demonstrated capability to create defensible scopes and timelines based on evidence gathered.

• High standards for documentation and the ability to perform effectively under pressure.

• Experience in threat hunting and mapping to the MITRE ATT&CK framework.

• Exposure to detection engineering (Sigma/YARA at a basic to intermediate level), use-case design, and SIEM correlation strategies.

• Basic forensic skills (including acquisition concepts, triaging artifacts, and understanding memory/disk fundamentals).

• Certifications relevant to Blue Team / IR (e.g., GCIH/GCIA, BTL2, SC-200, etc.).

• Proficient spoken and written English (B2-High/C1 preferred) — capable of leading technical discussions, drafting incident summaries, and writing investigation notes.


🏝️ Benefits

• Competitive salary and performance-based bonuses.

• Opportunities for professional development and training.

• Comprehensive health and wellness benefits.

• Flexible working hours and remote work options.

• A collaborative and inclusive work environment.

People also viewed

Binance1 hour ago

SOC Engineer – Incident Response

SG flagSingapore OnlyFull-timeSecurity Operations
ApplyView job
Twilio2 hours ago

Global Security Operations Center Operator

US flagCalifornia, +5 more statesFull-timeSecurity Operations$26 – $38/hour
ApplyView job
RapDev1 day ago

Senior Security Operations Center (SOC) Analyst

US flagHawaii OnlyFull-timeSecurity Operations$110k – $150k/year
ApplyView job
Cooperativa Central Ailos1 day ago

Information Security Analyst II – SecOps

Anywhere in the WorldFull-timeSecurity Operations
ApplyView job
TaskUs1 day ago

Security Operations Center Associate

CO flagColombia OnlyFull-timeSecurity Operations
ApplyView job
Rula1 day ago

Manager, Security Operations

US flagHawaii OnlyFull-timeSecurity Operations$193.8k – $216.6k/year
ApplyView job

Never miss a great job!

Get handpicked remote jobs straight to your inbox weekly.

Trusted by 7,400+ designers