Title:  Cyber SOC Incident Response Analyst

At JTI we celebrate differences, and everyone truly belongs. 46,000 people from all over the world are continuously building their unique success story with us. 83% of employees feel happy working at JTI.

To make a difference with us, all you need to do is bring your human best.

What will your story be? Apply now!  

Learn more: jti.com

Reporting to: Infosec & Risk Management Manager

Duty Post: GBS Manila, Taguig, Philippines

Application Duration: This job posting will remain open until the vacancy is filled. 

Cyber SOC Incident Response Analyst

With growing number of Security Incidents and in order to improve Incident Response process, the Security Operations Center needs to assign a Tier 1 Cyber SOC Incident Response Analyst who will be able to quickly identify the true cause of a cyber incident, determine the span of a compromise and provide practical advice to fix and prevent the threats and if required, to assist with recovering critical data and services.

Within its main functions, the Cyber SOC Incident Response Analyst will: 

• Act as first line of defense handling low and medium security incidents.
• Escalate to the Tier 2 and Tier 3 Cyber Incident Response Managers high severity incidents, providing information about first analysis and contribute to the resolution.
• Follow IR security standards and plyabooks, properly document IR actions and coordinate IR tasks with other functions within SOC and rest of the organization.

Responsibilities:

• Cyber Incident Response
  • Respond to low and medium Security Incidents, mainly but not exclusively to Phishing, Malware and Web Attacks related Security Incidents.
  • Assess, triage, categorize and prioritize Security Incidents and escalate to higher tiers when severity is elevated.
  • Derive immediate mitigation measures for containment, eradication, and recovery of Security Incident in line with JTI internal SLAs and track progress.
    • Coordinate Incident Response task forces with different IT functions and end users according to established playbooks.
  • Estimate the scope of impacted asset, ensure that remediation is properly address to all scope identified during the Analysis stage.
  • Collect forensics malicious payloads, forensics artifacts and IOCs according to JTI SOPs and for further analysis by JTI SOC personnel.
  • Concisely summarize the analysis and actions carried out during the Incident Response handling in the Review phase and provide lessons learn recommendations if any.
  • Provide basic malware analysis using sandboxing solutions.
• Support
  • Support Security Incident Managers during relevant security incidents by following their ad-hoc instructions during the incident handling. 
• Documentation
  • Contribution to the creation, maintenance and improvement of Security Incident playbooks and SOPs in scope of Incident Response daily activities.
  • To provide support on reporting activities
• Knowledge management:
  • Monitor Security Industry trends on new threats and share knowledge with rest of the team.

Requirements:

• 1 year of experience in Information Security or 2 years of experience in system or network administration.
• 1 year working within a SOC team is a plus.
• Knowledge of information security principles and best practices.
• Familiarity with tools and techniques used in incident detection and response.
• Experience with Microsoft security products is a plus. E.g. Microsoft Defender for Endpoint.
• University degree in Computer Sciences, Information Systems, or related field or relevant experience
• Fluent English - written and spoken
• Reading/Speaking Japanese language would be useful
• Analytical/problem solving ability
• Understanding of fundamentals of OS and Networking
• Good understanding EDR/XDR solutions, SIEM platforms and Ticketing systems
• Knowledge of security santandar (e.g. NIST 800-61) and MITRE ATT&CK framework
• Ability to work under constantly changing conditions and tight deadlines
• Communications skills and capable of focusing on the important and the details.
• Scripting abilities are a plus (Powershell or Python desirable)

Are you ready to join us? Build your success story at JTI. Apply now!

Next Steps:

After applying, if selected, please anticipate the following within 1-3 weeks of the job posting closure: Phone screening with TA > Assessment tests > Interviews > Offer. Each step is eliminatory and may vary by role type.

At JTI, we strive to create a diverse and inclusive work environment. As an equal-opportunity employer, we welcome applicants from all backgrounds. We are committed to providing reasonable adjustments to applicants with special needs. If you require any accommodations, please let the Talent Advisor know during the selection process.