Über neue Stellenangebote auf dem Laufenden bleiben:
    Werden Sie Teil unserer Talent Community

    Cyber Defence - Global SOC Level 3 Analyst

    Taguig, Metro Manila, Philippines

    Cyber Defence - Global SOC Level 3 Analyst

    • 202403607
    • Taguig, Metro Manila, Philippines
    • Closing on: Dec 31 2024

    Description

    The Role

    Technical:

    • Oversee the monitoring, investigation, containment, and eradication to cyber security threats against our business.
    • Lead the GSOC team in seeking out potential security issues through log analysis, and use of tools such as SIEM, UEBA, EDR, etc.
    • Responsible in determination of response that should be put into action to mitigate damage and prevent spread of security threats.
    • Escalate high priority or high severity alerts/incidents to escalations team and make sure they are monitored and handled according to prescribed processes.
    • Ensure that there is a timely response to any cyber incidents to minimise the impact to the business, including interacting with different technical teams and business areas where needed.
    • Represent GSOC to incident stand-up calls to assist GSOC Manager.
    • Using the latest threat intelligence to adapt your approach to detect the latest threats.
    • Ensure the team is working efficiently by identifying tuning opportunities, creating automation playbooks, and optimal use of technology.
    • Review and provide technical advice on tuning recommendations submitted by Level 1s and Level 2s. Also, to improve the businesses’ security posture against attackers and threats through fine tuning and rule creation.
    • Escalation point to provide process and/or technical advice for Level 1 and Level 2 analysts.
    • Perform quality audit for tickets that were handled by Level 2s ensure incidents were handled according to prescribed processes.
    • Attend handover calls to support Level 1s and Level 2s, provide advice (process/technical aspect) on alerts/incidents for consultation.
    • May also be asked to lead teams/sub teams within the GSOC, as needed.
    • Provide on-call support (in rotation with other L3 Analysts). Will be called only when a high priority or high severity alert/incident arise.

    Non-Technical:

    • Ensures there is a balanced capacity and workforce to maintain delivery of a 24 x 7 SOC service.
    • Create and produce required regular report for leadership team and meaningful reports to articulate security posture, trends, and patterns.
    • Assist L3 Manager to generate raw data for KPIs, submit calculations, record results, and recommend measures to maintain quality performance.
    • Line management responsibilities for Level 1s and Level 2s such as performing necessary mentoring, coaching, and corrective actions.
    • Help Level 2 analysts to deliver training to mature skills of new joiners or colleagues.
    • Conduct regular review of knowledgebases, processes, and runbooks to ensure they are up to date.
    • Regularly contribute to the SOC playbooks and knowledgebase with findings from investigations such as different attacker tools, tactics, and procedures which can be applied to future investigations.

    Qualifications

    The Requirements

    • You will be working as part of a 24/7 SOC across different locations and therefore you must be a true team player, with the ability and desire to engage with different internal stakeholders and colleagues to deliver the very highest standards of service and support.
    • 6+ Years’ Experience working as part of a mature cyber defence centre or security operations centre.
    • To be effective, you need to have great troubleshooting skills, the ability to research problems and the ability to effectively communicate during stressful times, while keeping a cool, calm, and friendly approach when dealing with stakeholders and colleagues.
    • Solid time management skills and be dependable.
    • Hands on experience of using a SIEM, UEBA, and EDR as a Level 3 security analyst.
    • Leading Investigations and comfortable talking to stakeholders and colleagues on both a technical and non-technical level.
    • Great verbal and written communication skills, and the ability to write reports in a structured methodology.
    • MSc in a security field or equivalent experience working within a security related function.
    • To be inquisitive, with a strong sense of personal responsibility for learning and self-development.
    • Being able to identify common attack techniques within the context of specific technologies.
    • Working knowledge of networking protocols/technologies (e.g. TCP, IP, HTTP/HTTPS).
    • Working knowledge of Unix, Linux, and Windows operating systems.
    • Exposure to attack and penetration methods and tools.
    • Working knowledge or ability to build scripts, tools, or methodologies to enhance our incident investigation and processes (such as Python, PowerShell, Wireshark, etc.).
    • Have experience of advanced investigation techniques able to demonstrate 1 or 2 of the following:
    • Network forensic acquisition and analysis (using tools such as Deep Packet Analysis, Wireshark, NetWitness)
    • End-point forensic acquisition and analysis (using tools such as EnCase, X-Ways, Axiom, IEF, FTK)
    • Memory Analysis
    • Analysis of various security logs (endpoint, security appliances, SIEM)
    • Reverse Malware Engineering

    Beneficial:

    • Any relevant security certifications (CISSP, CISM, SSCP, OCSP, Security+, CySA+, CASP+, GREM, GCIA, etc.).
    • Any relevant network certifications (Network +, CCNA, etc.).
    • Knowledge of other key IT fields (such as Web Applications, databases, Active Directory, network security systems such as web proxies, firewalls & data loss protection).

    WTW is an Equal Opportunity Employer

    Apply Now

    Nicht du?

    Danke

    Initiativebewerbungen

    Jegliche Initiativbewerbungen/Kandidatenprofile, die über unsere Website oder persönliche E-Mail-Konten von Mitarbeitern bei Willis Towers Watson eingehen, werden als Eigentum von Willis Towers Watson betrachtet und sind von der Zahlung von Vermittlungsgebühren ausgenommen. Eine Agentur, die für Willis Towers Watson als autorisierter Personalvermittler/Headhunter tätig werden möchte, muss eine offizielle schriftliche, durch einen Personalreferenten von Willis Towers Watson unterschriebene Vereinbarung und eine aktive Arbeitsbeziehung mit dem Unternehmen haben. Bewerbungen müssen gemäß unserem Bewerbungsverfahren für Kandidaten eingereicht werden und setzt eine aktive Beteiligung an der jeweiligen Personalsuche voraus. Ebenso gilt für unsere autorisierten Personalvermittler/Headhunter, dass bei Nichtbefolgen des Bewerbungsverfahren für Kandidaten keine Vermittlungsgebühren von Willis Towers Watson entrichtet werden. Willis Towers Watson ist ein Arbeitgeber, der sich für die Chancengleichheit engagiert. Wenn wir Ihre Kontaktdaten für zukünftige Zwecke speichern sollen, senden Sie bitte eine E-Mail an: Agency.inquiries@willistowerswatson.com .

    Unsere Büros

    Unsere Kollegen betreuen Kunden in mehr als 140 Ländern und Märkten auf der ganzen Welt. Aufgrund der globalen Dimension unserer Tätigkeiten eröffnen sich Ihnen unzählige spannende Kooperations- und Wachstumsmöglichkeiten. Auf der unten stehenden Karte können Sie nachsehen, wohin Sie Ihre Karriere führen könnte.

    Lernen Sie unsere Mitarbeiter kennen