Overview

Security Specialist – Incident Response Jobs in Philippines at Executive Operations, LLC

Title: Security Specialist – Incident Response

Company: Executive Operations, LLC

Location: Philippines

Executive Operations is seeking a skilled Security Specialist to support and optimize incident management, on-call operations, security tooling, and SOC workflows across internal and client environments.

This role is ideal for someone with hands-on experience managing incident response platforms such as PagerDuty, Opsgenie, FireHydrant, or incident.io, along with strong expertise in security operations, threat detection, security tooling, and documentation.

The Security Specialist will help improve incident response processes, reduce alert fatigue, enhance escalation workflows, support SOC operations, and ensure critical security platforms are properly configured, monitored, and continuously improved.

Key Responsibilities:

Incident Management & Response Platforms

  • Configure, administer, and optimize incident management platforms such as PagerDuty, Opsgenie, FireHydrant, and incident.io.
  • Design and manage escalation policies, on-call schedules, routing rules, service dependencies, and severity classifications.
  • Develop incident workflows, response playbooks, runbooks, and post-incident review processes.
  • Integrate incident management platforms with Microsoft Defender, CrowdStrike, Cloudflare, Microsoft Sentinel, Slack, Microsoft Teams, and other security tools.
  • Create automation and alert-routing logic to reduce manual triage and improve response efficiency.
  • Monitor platform health, user access, and operational effectiveness.
  • Generate reporting on incident trends, escalation effectiveness, alert quality, and response performance.

Security Operations & Tool Administration

  • Manage and optimize security platforms across endpoint, identity, email, DNS, and cloud environments.
  • Configure and maintain Cloudflare Gateway, WARP, DNS Firewall, and related security controls.
  • Develop and refine KQL-based detection logic, threat hunting queries, and alerting rules within Microsoft Sentinel.
  • Support EDR onboarding, endpoint coverage monitoring, health validation, and security tool integrations.
  • Assist with tuning alerts and reducing false positives across security monitoring platforms.

Incident Response & SOC Support

  • Serve as a Tier 2/3 escalation point for SOC analysts during active security incidents.
  • Investigate phishing attacks, endpoint compromises, suspicious activity, account takeovers, malware events, and other security incidents.
  • Perform root-cause analysis and support remediation efforts.
  • Prepare incident reports, executive summaries, lessons learned documentation, and remediation recommendations.
  • Support incident command and coordination during high-severity security events.

Documentation & Continuous Improvement

  • Create and maintain SOPs, technical documentation, configuration guides, and security runbooks.
  • Identify gaps in security monitoring, incident response processes, and tooling configurations.
  • Track and report operational metrics including alert volume, escalation rates, MTTD, MTTR, false positives, and security coverage.
  • Recommend improvements to incident response workflows, alert management, and operational resilience.

Required Qualifications:

  • 3+ years of experience in Security Operations, Incident Response, Security Engineering, or SOC environments.
  • Strong hands-on experience with PagerDuty, Opsgenie, FireHydrant, incident.io, or similar incident management and on-call platforms.
  • Experience designing escalation policies, on-call schedules, service dependencies, alert routing, and incident workflows.
  • Strong experience with Microsoft Defender for Endpoint, Defender for Office 365, Microsoft Sentinel, and Entra ID.
  • Experience writing KQL queries for threat hunting, detection engineering, and log analysis.
  • Familiarity with Cloudflare Gateway, WARP, DNS Firewall, or comparable network security solutions.
  • Understanding of MITRE ATT&CK, threat actor TTPs, incident severity classification, and SOC best practices.
  • Strong troubleshooting, analytical, and documentation skills.
  • Excellent written and verbal communication skills.

Preferred Qualifications:

  • Experience supporting 24×7 SOC operations.
  • Configure, administer, and optimize incident management platforms such as PagerDuty, Opsgenie, FireHydrant, and incident.io.
  • Experience with CrowdStrike, Splunk, Sentinel, or other SIEM/XDR platforms.
  • Familiarity with automation and workflow orchestration within incident management platforms.
  • Security certifications such as Security+, SC-200, SC-300, CySA+, GCIH, or similar.

To Apply:

Please apply through LinkedIn with your updated resume.

  • Shortlisted candidates will be contacted for the next steps.

Apply

Upload your CV/resume or any other relevant file. Max. file size: 800 MB.