Title:  Cyber Incident Response Analyst

We’re JTI, Japan Tobacco International, and we believe in freedom. 

 
We think that the possibilities are limitless when you’re free to choose. We’ve spent the last 20 years innovating and creating new and better products for our consumers to choose from. It’s how we’ve grown to be present in 130 countries, and how we’ve grown from 40 to 4,000+ employees in the Philippines since 2009.
 

But our business isn’t just business, our business is our people. Their talent. Their potential. We believe that when they’re free to be themselves, to grow, travel and develop, amazing things can happen for our business. That’s why our employees, from around the world, choose to be a part of JTI. It’s why 9 out of 10 would recommend us to a friend, and why we’ve been recognized as INVESTORS IN PEOPLE in the Philippines

It’s the perfect moment for you to #JoinTheIdea. We’re opening our Global Business Service center in the heart of BGC Manila and looking for more than 300 bright minds to join a global multinational with an exciting start-up vibe.

Local applicants only.
Department: Global IT
Location: Taguig, Philippines
Reporting to: Cyber Detection & Response Manager

Cyber SOC Incident Response Analyst

With the growing number of Security Incidents and in order to improve Incident Response process, the Security Operations Center needs to assign a Tier 1 Cyber SOC Incident Response Analyst who will be able to quickly identify the true cause of a cyber incident, figure out span of a compromise and provide practical advice to fix and prevent the threats and if required, to assist with recovering critical data and services. Within its main functions, this person will: 

1. Act as first line of defense handling low and medium security incidents.
2. Raise to the Tier 2 and Tier 3 Cyber Incident Response Managers high severity incidents, providing information about first analysis and contribute to the resolution.
3. Follow IR security standards and playbooks, properly document IR actions and coordinate IR tasks with other functions within SOC and rest of the organization.

What will you do?

• Cyber Incident Response
  • Respond to low and medium Security Incidents, mainly but not exclusively to Phishing, Malware and Web Attacks related Security Incidents.
  • Assess, triage, categorize and prioritize Security Incidents and raise to higher tiers when severity is elevated.
  • Derive immediate mitigation measures for containment, eradication, and recovery of Security Incident  in line with JTI internal SLAs and track progress.
  • Coordinate Incident Response taskforces with different IT functions and end users according to established playbooks.
  • Estimate the scope of impacted asset , ensure that remediation is properly address to all scope identified during the Analysis stage.
  • Collect forensics malicious payloads, forensics artifacts and IOCs according to JTI SOPs and for further analysis by JTI SOC personnel.
  • Concisely summarize the analysis and actions carried out during the Incident Response handling in the Review phase and provide lessons learn recommendations if any.
  • Provide basic malware analysis using sandboxing solutions.
• Support Security Incident Managers during relevant security incidents by following their ad-hoc instructions during incident handling. 
• Contribution to the creation, maintenance and improvement of Security Incident playbook and SOPs in scope of Incident Response daily activities abd provide support on reporting activities
• Monitor Security Industry trends on new threats and share knowledge with rest of the team.

Who are we looking for?

• University degree in Computer Sciences, Information Systems, or related field or relevant experience
• 1 year of experience in Information Security or 2 years of experience in system or network administration.
• 1 year working within a SOC team preferred
• Knowledge of information security principles and best practices.
• Familiarity with tools and techniques used in incident detection and response.
• Experience with Microsoft security products preferred E.g. Microsoft Defender for Endpoint.
• Fluent English written and spoken skills.
• Analytical/problem solving ability
• Understanding of fundamentals of OS and Networking
• Good understanding EDR/XDR solutions, SIEM platforms and Ticketing systems
• Knowledge of security santandar (e.g. NIST 800-61) and MITRE ATT&CK framework
• Ability to work under constantly evolving conditions and tight deadlines
• Communications skills and capable of focusing on the important and the details.
• Scripting abilities are a plus (Powershell or Python desirable)
• Desirable:
  • Certifications (any security certification like but not exclusive to the following): CEH, CND, CSA, CompTIA Security+

What's in it for you?

•    Work at our JTI Global Business Services office in McKinley West Campus, Taguig.
•    Be part of a truly international and diverse company with over 40,000 employees in 130 countries.
•    Experience the culture of an Investors in People certified company
•    Find out most of our employees recommend us to a friend.
•    Understand why most our our employees say they feel free to be themselves.

What are the next steps?

Thank you very much for your interest in the role. You are welcome to apply. We will make sure every candidate will receive a reply within 2 weeks after the application deadline.