SOC Analyst (L1) – Remote (Philippines/Vietnam)

SOC Analyst L1 – APAC Region Location Remote — preferably based in the Philippines or Vietnam for APAC time zone coverage. This role is suitable as a secondary professional engagement; however, active monitoring, responsiveness, and operational availability during assigned shifts are mandatory. Role Overview We are looking for a SOC Analyst (L1 / Junior L2) to support 24/7 security monitoring and incident triage within a modern MSSP environment. The role focuses on security alert monitoring, investigation, incident escalation, and basic response activities, while offering opportunities to grow into detection engineering, threat analysis, and advanced incident response. You will work with technologies including Elastic SIEM, AWS security services, and CrowdStrike, supported by automation and AI-assisted operational workflows. Key Responsibilities Monitor and triage security alerts from SIEM, EDR, and cloud security platforms Investigate suspicious activities and distinguish between true and false positives Escalate incidents according to severity, procedures, and operational playbooks Execute basic response actions, including endpoint isolation and account containment activities Analyze logs and telemetry from: Elastic SIEM / ELK AWS services (CloudTrail, GuardDuty, etc.) CrowdStrike Falcon Document incidents, findings, and actions clearly within ticketing and incident response systems Support continuous improvement of detection rules, alert quality, and SOC processes Participate in shift handovers and operational knowledge sharing Requirements 3+ years of experience in SOC operations, cybersecurity, or related IT/security roles Practical experience with at least one of the following: SIEM platforms (Elastic / ELK, Splunk, QRadar, etc.) EDR platforms (CrowdStrike preferred) Cloud security monitoring (AWS preferred) Good understanding of: Security monitoring and incident lifecycle processes Common attack techniques and MITRE ATT&CK fundamentals Networking fundamentals, log analysis, and endpoint telemetry Ability to work independently in a remote operational environment Strong written communication and incident documentation skills Nice to Have Experience with Elastic SIEM and/or Wazuh Exposure to AWS security services and cloud-native monitoring Basic scripting or automation skills (Python, Bash, PowerShell) Security certifications such as: CompTIA Security+ BTL1 GIAC AWS Security Similar industry-recognized certifications What We Offer Remote-first working environment Exposure to modern SOC technologies and AI-assisted triage workflows Opportunity to work with international clients across the EU and UK Learning, certification, and professional development support Clear growth path toward: SOC Analyst L2 Security Engineer Threat Hunter Detection Engineer Profile Summary You are a hands-on SOC analyst capable of independently triaging alerts, performing initial investigations, and escalating incidents effectively. You are operationally reliable, detail-oriented, and motivated to grow into deeper technical cybersecurity roles within a fast-moving MSSP environment.