Cyber Security Incident Response Analyst

Pasig, Metro Manila, Philippines

DFI Digital

DFI Retail Group is a leading pan-Asian retailer. The Group operates under a number of well-known brands across food, health and beauty, home furnishings, restaurants and other retailing in the region.

View company page

DFI Company Brief
DFI Retail Group (the ‘Group’) is a leading pan-Asian retailer. At 31st December 2021, the Group and its associates and joint ventures operated over 10,200 outlets and employed some 230,000 people. The Group had total annual sales in 2021 exceeding US$27 billion.
DFI Retail Group is a leading pan-Asian retailer and operates across four broad formats: Food (including Supermarkets, Hypermarkets and Convenience stores), Health & Beauty, Home Furnishings, and Restaurants. The Group has operations in 12 markets and operates multiple formats in most markets to satisfy different customer segments and trades under well recognised brands. DFI digital is a new entity by DFI retail group to provide more advanced online shopping experience.

About the role:
We are expanding and looking for a Cyber Security Analyst to join our IT Security Team. This position is the Level 2 blue team within the Cyber Security Incident Response Team (CSIRT) for cyber security investigations and incident handling. Your background should include hands-on security incident response and exposure to security technologies including firewalls, IPS/IDS, EDR, DLP, Vulnerability management, logging, monitoring, detection, security incident response, exposure to digital forensics and Threat hunting. You should have a good understanding of network security, system administration and Production Support of Security platforms. To execute your expertise with excellent stakeholder management while problem solving will be a top priority for you.

Core Responsibilities:

  • Responsible, interpreting, conducting analysis, enhancing, and making recommendations for resolution from security logs sources and alerts from the (SIEM, SOAR, IAM, CASB, EDR, SEG & other security tools) and other threat detection systems for threats activity from our managed services Security Operations Centre (SOC).
  • Act as team leader and responsible for cyber security incidents arising (e.g. for end-point devices such as laptops, desktops, servers, firewalls, routers, O365, SEG, security devices, etc), including those escalated by Security Operations Centre (SOC). This involves following up with the respective end users and IT personnel to ensure incidents are effectively closed.
  • Lead and Implement data loss prevention (DLP) measures (e.g. on end-point devices and email system), as well as monitor alerts and take necessary follow-up and remediation actions as required.
  • Oversee tracking, follow-up and closures of issues/incidents to achieve 100% SLA completion.
  • Cyber Threat Hunting and Incident Response
  • Performs proactive threat hunting within on-premise and cloud environments to uncover indicators of threat activities.
  • Performs digital forensic preservation, legal documentation and electronic discovery for incidents and investigations.
  • Report incident statistics and provide analysis of incidents.
  • Prepare regular cyber security status reports for submission to Leadership team.
  • Plan and conduct annually Cyber Security drill.



  • Degree in Information technology or equivalent
  • Minimum 5 to 7 years' experience in IT/Cyber Security Incident Response, Security monitoring, SOC functions, computer forensics, cybercrime investigations, Threat intelligence or Threat Hunting.
  • Thorough understanding of security technologies and concepts, with knowledge and hands-on experience in SIEM and Soar products and security incident management
  • Experience performing security monitoring and incident response activities in an advanced Security Operations Center (SOC) environment, including log analysis, event analysis, incident investigation, and reporting
  • Ability to investigate incidents, remediate, track, and follow up for incident closure with concerned teams and stakeholders • Strong program and project management expertise, with the ability to take initiative, be proactive, and run decision-making processes autonomously
  • Excellent communication and advocacy skills, both verbal and written, with the ability to express complex technical issues in an easily understood manner
  • Analytical skills with the ability to interpret complex situations and develop appropriate solutions proactively
  • Flexibility to adapt to a fast-paced, changing environment while maintaining a focus on rigor and accuracy in deliverables
  • Knowledge in OWASP and common attack vectors in different platforms (Windows, Linux, Network, etc)
  • Knowledge and experience in Qualys, PAM, Netscope, Minecast, SentinelOne, Asure Security Centre is preferred
  • Experience and understanding of IT operations and processes
  • Knowledge of Security Standards and Frameworks including MITRE & ATT&CK, ISO 27001:2013, NIST, PCI-DSS, Data Protection etc ., cyber security threats, tools and best practices

Experience in working with managing external vendor supporting SOC

Professional Certifications
Preferred Certifications: CISSP, CEH, GCIH, GIAC, SANS certifications or equivalent


  • Demonstrated project exposure from previous work experience
  • Ability to co-ordinate many dependencies and multiple demands in a fast-paced, fast changing operating environment
  • Ability to work Independent with less supervision
  • Excellent oral, written communication and presentation skills


  • A vibrant and international team with multi-cultural and diverse backgrounds
  • Solving challenges with inspiring colleagues in an all hands-on deck environment
  • Management team that recognizes top performers, welcome our newbies, and shares a love for good food
  • Competitive package, incentives, allowances, food perks, insurance, pension and more
Apply now Apply later
  • Share this job via
  • or

* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰

Tags: Blue team CEH CISSP Cloud CSIRT Cyber crime EDR Firewalls Forensics GCIH GIAC IAM IDS Incident response IPS ISO 27001 Linux Log analysis Monitoring Network security NIST OWASP Qualys SANS SIEM SOAR SOC Threat detection Threat intelligence Vulnerability management Windows

Perks/benefits: Equity Health care

Region: Asia/Pacific
Country: Philippines
Job stats:  9  1  0

More jobs like this

Explore more InfoSec / Cybersecurity career opportunities

Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.