SOC Analyst

Who is Collaboration Betters the World

We create and deliver technology and business solutions that help organizations grow, innovate, and transform. With over 3,000 people in 21 countries, we operate across Strategy & Governance, Product Design & Growth, Software Engineering, Data Analytics & AI, Cloud & Enterprise Platforms, Cyber Security, Banking Technology Solutions, Smart Industrial Solutions, and Life Sciences Solutions.

As part of our commitment to building a better world, CBTW allocates 3% of our 2025 revenue to support education projects within and around our communities. This contributes to a brighter future for our teams, our partners, and our shared planet.

Website:
https://collaborationbetterstheworld.com/

We are looking for a SOC Analyst with hands-on experience in monitoring, investigation, and response to cyber threats across client environments. In this role, you will work closely with our SOC team and stakeholders to detect suspicious activity, triage alerts, investigate incidents, and help improve overall security operations.

You will play a key role in day-to-day cyber defense to identify anomalous behavior, prioritize threats, support incident response, and continuously refine monitoring use cases and operational workflows. This is an opportunity to contribute to the growth of our new Cybersecurity service line while collaborating closely with our SOC team and broader cybersecurity stakeholders.

Key Responsibilities

Security Monitoring & Incident Triage

• Monitor client environments using a range of security monitoring platforms, detection tools, and telemetry sources.
• Review, triage, and prioritize security alerts based on severity, business impact, and likelihood of malicious activity.
• Investigate suspicious network, email, cloud, identity, endpoint, or SaaS activity.
• Escalate validated incidents in accordance with defined SOC procedures and incident response playbooks.
• Support containment and remediation activities by providing timely analysis, findings, and practical recommendations.

Incident Investigation & Response

• Conduct in-depth investigations into potential threats, including lateral movement, credential misuse, phishing, malware, insider activity, and data exfiltration.
• Correlate alerts with logs, endpoint telemetry, network traffic, firewall data, and other relevant sources.
• Document incident timelines, root causes, affected assets, and recommended actions.
• Collaborate with internal and client technical teams during active incidents and post-incident reviews.
• Contribute to lessons learned and continuous improvement of incident handling processes.

Operations & Optimization

• Operate and maintain monitoring use cases within established SOC workflows.
• Tune alerting, model interpretation, and investigation processes to improve detection fidelity and reduce false positives.
• Implement integrations between monitoring platforms, SIEM, EDR/XDR, ticketing systems, and other security tooling.
• Deliver reporting on threat trends, operational metrics, and platform effectiveness.

Collaboration & Continuous Improvement

• Contribute to runbooks, knowledge base articles, standard operating procedures, and analyst guides.
• Participate in shift handovers, case reviews, threat discussions, and knowledge-sharing sessions.
• Stay current on cyber threat trends and attacker techniques.

Required Skills & Experience

Technical Expertise

• Proven experience in a SOC Analyst, Security Analyst, or similar blue-team role.

• Strong experience working with SIEM/SOAR platforms such as Microsoft Sentinel, Splunk, IBM QRadar, Cortex XSOAR, or similar tools.

• Strong understanding of security operations processes, including alert handling, incident triage, escalation, and response.
• Good knowledge of networking fundamentals and protocols such as TCP/IP, DNS, HTTP/S, SMTP, and common authentication mechanisms.
• Familiarity with common attack techniques, phishing, malware behaviors, credential abuse, and lateral movement.
• Experience working with complementary security technologies such as SIEM, EDR/XDR, firewalls, email security, and ticketing platforms.
• Ability to analyze logs and telemetry from multiple sources to support investigations.

Analytical & Operational Skills

• Strong investigative mindset with the ability to distinguish true positives from benign activity.
• Ability to assess risk, prioritize incidents, and communicate clear recommendations.
• Experience documenting incidents, analysis outcomes, and response actions accurately and clearly.
• Comfortable working in a fast-paced SOC environment with shifting priorities.

Communication Skills

• Strong written and spoken English.
• Ability to communicate effectively with both technical teams and non-technical stakeholders.
• Clear documentation and reporting skills for incidents, findings, and handovers.

Preferred Qualifications

• Experience working in an MSSP, MDR, or enterprise SOC environment.
• Familiarity with Darktrace across multiple modules, such as network, email, cloud, identity, or endpoint.
• Industry certifications such as CDSA, OSDA, Security+, SC-200, GCIA, GCIH, CISSP, or similar.
• Darktrace-specific training or certifications, where available.
• Exposure to cloud platforms such as AWS, Azure, or GCP.
• Knowledge of APAC cybersecurity regulations (e.g., PDPA, Notifiable Data Breach scheme).

Nice to Have

• Hands-on experience using Darktrace for alert monitoring, triage, and investigation.
• Experience with threat hunting and detection improvement.
• Exposure to automation, playbooks, or case management workflows.
• Experience contributing to SOC process improvement and analyst knowledge sharing.
  
  

Perks and Benefits:

• HMO Benefits – Employee and dependent on day 1
• Paid Time Off – On day 1
• Insurance - From day 1
• Company Events & Team Building
• Hybrid Work Setup – Twice a week Onsite

Work Location

One E-com Center, Harbor Drive Corner Palm Coast Avenue,

Mall of Asia Complex, Pasay City, Philippines