Procter & Gamble Security Engineer – SOC/SIEM in National Capital, Philippines

Security Engineer – SOC/SIEM The Security Engineer - SOC/SIEM is responsible for the design, implementation and 24/7 support of the SIEM technology infrastructure that enables global incident response operations, analysis and coordination, and forensics. Additionally, the Security Engineer - SOC/SIEM is also responsible for developing and maintaining threat monitoring capabilities used by the Security Operations Center (SOC) team. The position requires experience implementing and maintaining security event monitoring and analysis solutions for large enterprises, with knowledge on large scale threat analysis of event data from commercial and open source infrastructure technology platforms. Essential Responsibilities This role enables the development of Threat and Security Incident monitoring capabilities through the following responsibilities: • Threat intelligence gathering • Cyber threat hunting, data analysis, and configuration of security monitoring platforms. • Designing, deploying and maintaining global event monitoring and incident response tools/technologies and processes. • Identifying and analyzing advanced threats. • Implementing and supporting SIEM products. • Participating in Security Incident response investigation requests and handling escalations for active incidents. • Developing mature and sustainable policies, parsers, and rules. • Creating and maintaining documentation such as scripts, knowledge base and how-to articles, etc. • Working in a lab environment to test system and develop use cases. • Maintaining the lab environment to ensure consistency and stability applicable to production systems. Technical Competencies and Experience:
Experience with 1 or more of the following in a technology set listed below:

o SIEM: ArcSight, ESM, Fortinet, Wazuh/ELK Stack, IBM Qradar, LogRythm, Splunk, Apache Metron o HOST OS - Windows, LINUX, Unix o OWASP Code Security Tools: Veracode, IBM AppScan, Fortify o Vulnerability scanning tools - Mcafee, Tenable.. etc o Firewalls: F5, Juniper, Check Point, Palo Alto, Cisco ASA;Firepower o Web Application Firewall: Akamai Kona, Arbor, Prolexic, AWS WAF, AZURE WAF, BlueCoat, Imperva o Security Tools: Nessus, BurpSuite, Kali, Retina, Snort, FireEye, Nexpose, Carbon Black, Rapid7, nmap, nikto, Metasploit o Programming: #shell/Powershell, perl, python, sql, ruby

Demonstrated experience and understanding of the following:

  • Logging and security event settings and controls of diverse platforms and operating systems, including current and emerging technologies.

  • Big Data storage techniques

  • Implementing security monitoring and response capabilities on cloud platforms

  • Implementing and supporting SIEM products and alignment with monitoring and incident response procedures

  • Technical knowledge of Internet security, networking protocols, and related technologies, including IDS/IPS, firewalls, content filtering, Network Behavior Analysis tool, Antivirus and packet inspection

  • Threat intel integration with SIEM Solutions

  • Macro and micro security analysis and experience with risk modeling, multiple event correlation

  • Endpoint security analysis with Windows, Mac, and Linux host event data and related tools

  • Business Impact Analysis, Business Continuity, and Incident Response, Investigations & Forensics, and System Recovery

  • Solid understanding of information, host and network security hardening and requirements; networking protocols; common intrusion techniques; and common risk management concepts

  • Basic knowledge of database architecture and maintenance

  • Directory services such as Microsoft Active Directory, Enterprise Directories like Radiant Logic.

  • Domain Name Services (DNS)

  • DHCP

  • SQL Database query languages, stored procedures, maintenance, and development

  • Virus detection, malware detection, intrusion detection, and prevention systems

  • File Integrity Monitoring Experience in Information Security policy framework development, maintenance and enforcement

  • A solid foundation in compliance frameworks and security management standards (e.g., ISO 27001:2013, COBIT, and NIST).

  • Management of information security policy, standard and procedure development, enhancement, and maintenance across the policy management lifecycle.

  • Exhibit a broad knowledge of security compliance and auditing frameworks and apply those to formulate policies, procedures and standards.

  • Conducting security reviews, risk analysis, and controls reviews in adherence to security policy

  • Auditing support and artifact documentation for ISO27001, PCI, SOC1 & SOC2 audit frameworks One or more of the following certifications: CISSP, CCNA, MCSE, HISP, GSEC, Red Hat Linux, Scripting

    Qualification Requirements

  • Bachelor’s degree in Information Systems, Information Technology (IT), Computer Science, Engineering, or other technical/IT field and/or at least 5 years of relevant experience.

  • Available to work off hours during the evenings and weekends as required, sometimes with little advanced notice.

  • All Information Security roles require CISSP certification. Candidates without the certification must be able to pass the exam within the first 15 months of starting the role. P&G provides study preparation and exam cost coverage.

  • Role requires working from the Procter & Gamble Manila, Philippines location.

Job: Information Technology

Title: Security Engineer – SOC/SIEM

Location: PH-National Capital-Manila

Requisition ID: IT 00001393