Senior Information Security Engineer Analyst - SOC Analyst at Universal Health Group
Makati, National Capital District, Philippines -
Full Time


Start Date

Immediate

Expiry Date

04 Oct, 26

Salary

0.0

Posted On

06 Jul, 26

Experience

0 year(s) or above

Remote Job

Yes

Telecommute

Yes

Sponsor Visa

No

Skills

Security Monitoring, Alert Triage, Incident Identification, Log Analysis, Threat Detection, SIEM, EDR, MITRE ATT&CK, Incident Response, Microsoft Sentinel, Splunk, CrowdStrike, Microsoft Defender, Network Security, Analytical Skills, Communication Skills

Industry

Hospitals and Health Care

Description
Optum is a global organization that delivers care, aided by technology to help millions of people live healthier lives. The work you do with our team will directly improve health outcomes by connecting people with the care, pharmacy benefits, data and resources they need to feel their best. Here, you will find a culture guided by inclusion, talented peers, comprehensive benefits and career development opportunities. Come make an impact on the communities we serve as you help us advance health optimization on a global scale. Join us to start Caring. Connecting. Growing together. Primary Responsibilities: Security Monitoring & Alert Triage Monitor security events and alerts from SIEM, EDR, and other security tools Perform initial triage of alerts to determine severity and validity Identify false positives and escalate confirmed security incidents Continuously review dashboards and security feeds for suspicious activity Incident Identification & Escalation Validate potential security incidents using logs and contextual data Escalate confirmed or high-risk incidents to Incident Response or Security Engineering teams Follow established escalation procedures and incident severity guidelines Assist in maintaining situational awareness during active incidents Log Analysis & Investigation Support Analyze logs from multiple sources, including: Endpoint security tools (e.g., Microsoft Defender, CrowdStrike) Network devices (firewalls, IDS/IPS) Authentication systems (Active Directory, IAM) Correlate events across systems to identify suspicious behavior Assist in determining scope and impact of security events Threat Detection & Analysis Identify indicators of compromise (IOCs) such as malicious IPs, domains, and file hashes Assist in mapping alerts to attack patterns using frameworks like MITRE ATT&CK Support proactive identification of suspicious trends or anomalies Contribute to improving detection accuracy by identifying recurring false positives Documentation & Reporting Document investigation steps, findings, and escalation details clearly and accurately Maintain incident records in ticketing and case management systems Provide summaries of security events for internal reporting Ensure all actions are properly logged for audit and compliance purposes Incident Response Support Support Incident Response teams during active security incidents Assist with basic containment actions under guidance (e.g., account disablement requests, IP blocking recommendations) Participate in incident post-mortems and lessons learned sessions Follow established playbooks and runbooks during investigations Security Tool Usage & Maintenance Operate SIEM platforms (e.g., Microsoft Sentinel, Splunk, QRadar) Use EDR tools for endpoint visibility and investigation Assist in maintaining dashboards, alerts, and detection rules as needed Ensure monitoring coverage across all critical systems Continuous Improvement & Learning Stay current on emerging threats, vulnerabilities, and attack techniques Participate in SOC knowledge sharing and training sessions Contribute ideas to improve detection, response, and SOC workflows Assist in refining playbooks and alerting logic Comply with the terms and conditions of the employment contract, company policies and procedures, and any and all directives (such as, but not limited to, transfer and/or re-assignment to different work locations, change in teams and/or work shifts, policies in regards to flexibility of work benefits and/or work environment, alternative work arrangements, and other decisions that may arise due to the changing business environment). The Company may adopt, vary or rescind these policies and directives in its absolute discretion and without any limitation (implied or otherwise) on its ability to do so Required Qualifications: Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or related field (or equivalent experience) 1+ years of experience in IT, cybersecurity, or SOC environments Basic understanding of cybersecurity concepts (malware, phishing, network security, etc.) Familiarity with SIEM tools (e.g., Splunk, Microsoft Sentinel, Crowdstrike) Exposure to endpoint security tools (e.g., Microsoft Defender, CrowdStrike) Proven solid analytical and problem-solving skills Proven ability to work in a fast-paced, 24/7 monitoring environment (if applicable) Proven excellent written and verbal communication skills At UnitedHealth Group, our mission is to help people live healthier lives and make the health system work better for everyone. We believe everyone–of every race, gender, sexuality, age, location and income–deserves the opportunity to live their healthiest life. Today, however, there are still far too many barriers to good health which are disproportionately experienced by people of color, historically marginalized groups and those with lower incomes. We are committed to mitigating our impact on the environment and enabling and delivering equitable care that addresses health disparities and improves health outcomes — an enterprise priority reflected in our mission. Optum is a drug-free workplace. © 2026 Optum Global Solutions (Philippines) Inc. All rights reserved.

How To Apply:

Incase you would like to apply to this job directly from the source, please click here

Responsibilities
The role involves monitoring security events and performing initial triage of alerts from SIEM and EDR tools to identify and escalate security incidents. It also requires analyzing logs from multiple sources to determine the scope of threats and supporting incident response teams during active security events.
Loading...