
SOC Analyst, Level 2
Posted 59 min ago

Posted 59 min ago
This is a fully remote position, open to applicants in Philippines.
• Handle escalations from L1 and conduct thorough investigations: analyze hypotheses, validate evidence, assess scope, evaluate impact, and develop timelines.
• Integrate telemetry across endpoints (EDR), Windows/Linux systems, Active Directory, firewall/proxy/DNS/IDS, and cloud logs when applicable.
• Recommend and/or facilitate containment measures (such as host isolation, credential resets, IOC blocks, and temporary changes to controls) in accordance with change control and governance policies.
• Assess severity and communicate effectively in English with technical stakeholders; provide succinct executive-style updates when necessary.
• Identify detection deficiencies and drive enhancements: minimize false positives, address false negatives, and suggest new rules or use cases.
• Maintain evidence integrity and thorough documentation, coordinating handoffs with Incident Response, IT Operations, Network, and Cloud teams.
• Generate post-incident reports including probable root causes, lessons learned, and recommended preventive measures.
• 2–5 years of experience in SOC/IR/Blue Team (or equivalent demonstrated incident-handling expertise). Strong foundational knowledge in networking: TCP/IP, DNS, HTTP/S, VPN, NAT.
• Experience with EDR investigations (including process trees, persistence, LOLBins behavior, and containment workflows).
• Proficiency in Windows/AD triage (including authentication patterns, suspicious logon behavior, and account activity) as well as Linux triage.
• Network analysis and security controls expertise (firewall/IDS/proxy/DNS), with the ability to identify anomalous patterns.
• Demonstrated capability to create defensible scopes and timelines based on evidence gathered.
• High standards for documentation and the ability to perform effectively under pressure.
• Experience in threat hunting and mapping to the MITRE ATT&CK framework.
• Exposure to detection engineering (Sigma/YARA at a basic to intermediate level), use-case design, and SIEM correlation strategies.
• Basic forensic skills (including acquisition concepts, triaging artifacts, and understanding memory/disk fundamentals).
• Certifications relevant to Blue Team / IR (e.g., GCIH/GCIA, BTL2, SC-200, etc.).
• Proficient spoken and written English (B2-High/C1 preferred) — capable of leading technical discussions, drafting incident summaries, and writing investigation notes.
• Competitive salary and performance-based bonuses.
• Opportunities for professional development and training.
• Comprehensive health and wellness benefits.
• Flexible working hours and remote work options.
• A collaborative and inclusive work environment.
Binance
Twilio
RapDev
Cooperativa Central Ailos
Get handpicked remote jobs straight to your inbox weekly.