SOC L2 Incident Responder

I. PURPOSE

Participate and support activities that will help improve the existing operations and operationalize new service portfolio to achieve service excellence, operational efficiency, and retention of customers.

Investigate, analyze, and respond to incidents or crises within the pertinent domain to mitigate immediate and potential threats. Uses mitigation, preparedness, and response and recovery approaches, as needed, to minimize impact of incident and maximize survival of information security. 

II. DUTIES AND RESPONSIBILITIES

Accomplish all assigned tasks by the management in a timely and effective manner as deemed necessary for the betterment of the organization.

Ensure effective and efficient processes are followed.

Comply with escalation protocols.

Report process inefficiencies and non-compliance with agreed standards and processes. 

To promote and contribute to TOC's information and knowledge repository. 

Collaborate with other teams to improve workflows, documentations, standards, and processes. 

Participate in activities promoting a harmonious working environment such as demonstrating trust and respect and practicing open communication.

Comply with company policies, guidelines, standards, and procedures.

Professionally represent Trends management; enriching client relationships and providing expertise, composure, and competence. 

Perform all other duties and tasks as assigned by the Shift Manager and Operations Senior Manager.

Availability Management

Escalate availability and capacity-related issues and provide suggestions.

 Capacity Management

Ensure that resources of managed devices are within the acceptable thresholds.

Escalate threshold breaches.

 IT Service Continuity Management

Understand Role in Business Continuity Plan (BCP) and ensure compliance once executed. 

Risk Management

Report risks to people and processes needed for Operations that may impact clients, Sales Groups, and other relevant stakeholders.  

Service Level Management

Comply with processes, procedures, guidelines, and policies to ensure SLAs are met or exceeded. 

Configuration Management

Provide feedback during functional testing.

 Client Support 
  

Triage received events and incidents, and handle cases assigned.

Undertake immediate efforts to restore a failed service of a Managed Service client as quickly as possible. 

Handles escalation and follow-ups until resolution.

Processes Service Requests within agreed Service Level Agreement.

Follows best practices and applicable frameworks for Events Management, Incident Management, and Service Requests.

Collect relevant data and create Incident and Root-Cause-Analysis (RCA) Reports.  

Participates in vendor/supplier feedback if applicable.

 Client Incident Management

Guide Analysts in the monitoring of security events for proper categorization and prioritization eliminating false positives and irrelevant information.

Perform analysis of escalated SOAR and SIEM events to respond to threats and accurately distinguish actionable recommendations.  

Perform fixes and solutions on incidents based on the context of the incident and documented procedures. 

Perform cyber defense trend analysis and reporting. 

Create established reporting procedures and requirements for documentation and draft technical summary of findings. 

Follow playbooks and procedures in the analysis, containment, eradication, remediation, and recovery from client cybersecurity and quality of service incidents.

Update incident tickets and inform Shift Manager.

Create RCA Reports and execute Compromise Assessment/Preventive Action (CA/PA).

 Client Access Management 
  

Essentially executes Terms and Conditions of the client.

 Client IT Asset Management 
  

Ensure that clients’ managed assets are accounted for, maintained, upgraded if within scope.

Monitors the clients’ managed assets lifecycle and provides reports and recommendations to the Client, Service Delivery Manager/s, and other relevant stakeholders. 

Report discovered risky, non-compliant, new, broken assets.

 Client Problem Management 
  

Provide necessary data and implement Corrective Action/Preventive Action (CA/PA).

Comply with contractual problem management deliverables. 

Investigate the underlying causes, manage client recurring incidents, and help determine the best method to eliminate the root causes.  

 Process Management   

Follow documented processes of Operations.

  Knowledge Management 
  

Update the knowledge and information pertaining to existing Clients and clients’ Managed ICT assets.

Contribute to the enrichment of the MICTS Knowledge Base and Incident Response playbooks. 

 Continual Service Improvement Management 
  

Suggest and follow new processes, comply, and execute assigned improvement plans.

Provide quality data and ticket content.

III.    QUALIFICATIONS

A.    Minimum Education

Must be a graduate of any IT related bachelor’s degree such as:

Computer Studies

Computer Engineering

Information Technology

Electronics Engineering

B.    Minimum Experience/Training

Have at least 1-2 years of experience in Security Operations, particularly in Incident handling.

Trainings and/or certifications on any of the following domains are required:

IT Service Management

IT Infrastructure (Network, Servers, Cloud, etc.)

Cybersecurity and/or Information Security

INE Security Certified Incident Responder (eCIR)

EC-Council Certified Incident Handler (ECIH)

GIAC Certified Incident Handler (GCIH)

CompTIA Cybersecurity Analyst (CySA+)

Certified Computer Security Incident Handler (CSIH)

C.    Competency

(F) - Familiar / 0-12 months 
(N) - Novice / 1-2 years 
(I) - Intermediate / 3-4 years 
(A) - Advanced / > 5 years 

KNOWLEDGE 

(N) Knowledge of cybersecurity and privacy principles. 

(N) Knowledge of computer networking concepts and protocols, and network security methodologies. 

(N) Knowledge of risk management processes (e.g., methods for assessing and mitigating risk). 

(N) Knowledge of cyber threats and vulnerabilities. 

(N) Knowledge of specific operational impacts of cybersecurity lapses. 

(N) Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth). 

(N) Knowledge of system administration, network, and operating system hardening techniques. 

(N) Knowledge of MITRE ATT&CK Framework and NIST SP800-61 

SKILL 

(N) Skill in using SIEM (McAfee ESM is a plus) and SOAR (Siemplify is a plus) platforms 

(N) Skill of identifying, capturing, containing, and reporting malware. 

(N) Skill to design incident response procedures. 

(N) Skill to collaborate with different teams and communicate thoughts and ideas. 

ABILITY 

(N) Ability to apply SOAR playbooks and SIEM correlation rules for investigating host and network-based intrusions. 

COMMUNICATION SKILLS 

(N) Speaks clearly and can be easily understood. 

(N) Expresses & speaks ideas in a logical and organized sequence. 

(N) Writes clearly, concisely, and effectively. 

(N) Expresses ideas in a logical and organized sequence in written form. 

IV.    WORKING CONDITIONS

Reporting to the company’s main office in Makati City.

Shifting schedule.

Collaborate physically and/or virtually with internal and external stakeholders.

May travel for face-to-face client meetings/incident response, company-sponsored conferences, and related marketing events.

Attend training and acquire certifications that are applicable to the role.