Procter & Gamble Security Operations Center Analyst in National Capital, Philippines
Security Operations Center Analyst The Security Operations Center Analyst is responsible for the execution of incident response/security operations center/security information and event management technologies and the detection, triage, response, remediation and communication of security incidents. The Security Operation Center Analyst will utilize a deep understanding of the network security technologies, logging and settings coupled with alerts from SIEM tool and other monitoring capabilities to perform incident response, network surveillance, data mining and data manipulation. This role is responsible for supporting specific elements of the security monitoring program.
Essential Responsibilities Professional responsibilities may include:
Executing and maintaining incident, monitoring and response procedures.
Investigation and triage of security alerts, events and incidents.
Managing, reviewing and disseminating threat intelligence.
Monitoring indicators of compromise (IOCs) related to advanced, targeted attackers.
Detect and monitor malicious and/or anomalous activity which threatens the information security of P&G.
Identify and execute risk-based sequence of remediation actions to mitigate threats.
Perform thorough investigations, including root cause analysis, identifying ingress points, vulnerabilities exploited, actions taken by threat actors, data exfiltrated, persistence established, and all other pertinent facts.
Extract learnings from investigations to feed back into the threat intelligence process to enhance detection and mitigation capabilities.
Incidentally perform malware analysis and reverse engineering to extract intelligence needed for incident investigations, and identify potential mitigations and develop unique correlation techniques.
Employ advanced forensic tools.
Perform network traffic analysis.
Interfacing with external entities in an operational environment. Technical Competencies and Experience:
Experience designing and operating one or more of the following SOC solutions:
Service manager solutions: ServiceDesk, Remedy, Archer, ServiceNow
SOC/SIEM solutions: QRadar, Wazuh, ArcSight, LogRhythm, Fireeye, Splunk
Configuration management solutions: Solarwinds, Opsware, CVS
Forensics solutions: CAINE, EnCase, SIFT, Kali
Networking: Cisco, Juniper, Checkpoint; WAN/LAN network design; Application Firewalls
Operating Systems: Windows, Unix, Linux
Database: Oracle, SQL, MySQL
Other: PhishMe, Crowdstrike
Knowledge of application regulatory standards and frameworks:
Compliance frameworks and security management standards (e.g. ISO 27001/27002, COBIT, ITIL, NIST, and PCI)
Regulations (e.g. GDPR, HIPAA, Sarbanes-Oxley).
Knowledge of technology products and operating experience with Security Operations Centers:
Security Event and Information Management (SIEM)
Applications & Database Scanners, Penetration Testing Tools, Intrusion Detection/Prevention Tools Intrusion Prevention Tools
Monitoring Procedures Tools
Network Behavior Analysis tools (Snort, Suricata, Bro, Argus, SiLK, tcpdump, WireShark, McAfee IntruShield and ePolicy Orchestrator (EPO)), Netflow, DDOS & DOS Service Monitoring tools, Wireless Intrusion Detection/Prevention Systems, NGFW “ Next Generation Firewall’s”, Enterprise Antivirus, Antispyware Malware Analysis Kit
Vulnerability assessment and penetration testing tools such as Metasploit, CORE Impact, Immunity Canvas, or Kali Linux
TCP/IP or OSI network protocol stack, including major protocols such as IP, Internet Control Message Protocol (ICMP), TCP, User Datagram Protocol (UDP), Simple Mail Transfer Protocol (SMTP), Post Office Protocol 3 (POP3), Hypertext Transfer Protocol (HTTP), File Transfer Protocol (FTP), and SSH
Cryptography algorithms and protocols such as Advanced Encryption Standard (AES), Rivest, Shamir, and Adleman (RSA), MessageDigest Algorithm (MD5), Secure Hash Algorithm (SHA), Kerberos, Secure Socket Layer/ Transport Layer Security (SSL/TLS)
Programming and scripting languages and text manipulation tools such as Perl, Ruby, and Python
One or more of the following certifications: CISSP, GSEC, GISF, GCIA, GCIH, GREM, CCNA
Bachelor’s degree in Information Systems, Information Technology (IT), Computer Science, Engineering, or other technical/IT field and/or at least 2 years of relevant experience.
Available to work off hours during the evenings and weekends as required, sometimes with little advanced notice.
All Information Security roles require CISSP certification. Candidates without the certification must be able to pass the exam within the first 15 months of start of employment. P&G provides study preparation and exam cost coverage.
Role requires working from the Procter & Gamble office location in Manila, Philippines.
Job: Information Technology
Title: Security Operations Center Analyst
Location: PH-National Capital-Manila
Requisition ID: IT 00001392