Senior L1 Analyst - Security Operations Centre

About Us

At ANZ, we're applying new ways technology and data can be harnessed as we work towards a common goal: to improve the financial wellbeing and sustainability of our millions of customers.

About the Role

As a Senior L1 Analyst in our Security Operations Centre (SOC), you’ll play a key role in helping to identify and respond to Computer Security Incidents which have been identified within the ANZ environment. This role requires the individual to work as part of the Global Security Operations Centre and be able to action a series of steps to perform initial assessment, investigation,  remediation and where necessary, help Junior Analysts in handling complex incidents to remediation

The role will provide Intermediate level of expertise and strong technical focus in Security Incident Response and Management in their day-to-day work. The successful candidate is expected to monitor health of the security tools and platforms to ensure availability of event source logging, other security controls and tools, and coordinate with platform teams issues that impacts Security Operations Center's Incident Response and Management.

Banking is changing and we’re changing with it, giving our people great opportunities to try new things, learn and grow. Whatever your role at ANZ, you’ll be building your future, while helping to build ours.

Role Type: Permanent, Full-time
Role Location: MDC 100 Building, Eastwood, Libis, Quezon City
Work Hours: 24/7 shifting schedules

What will your day look like?

As a Senior L1 Analyst, you will also be responsible for the following:

• Provide Intermediate level expertise on triage, investigation and response to security incidents and actively monitor and protect the environment. This includes handling of computer security related incidents occurring at ANZ with specific focus on incidents originating from within the ANZ network and impacting or threatening other ANZ internal systems or threats which are identified outside of the ANZ environment and specifically targeting ANZ.
• Participate in continuous improvement initiatives to uplift and mature the Security Operations Centre (Level 1) function
• Identification of and proposing of amendments of any playbook work instructions or processes which need to be updated for day-to-day process optimization or regulatory requirements.
• Investigating major security compromises end-to-end and coordinating a cohesive response involving multiple teams across ANZ.
• Participate in the on-going uplift and maintenance of rulesets in the various security toolsets operating within ANZ by updating detection tuning for false positives / additional detection and alerting for new threats
• Assist in Request for URL review for blocking / unblocking and other escalations during the shift.  
• Participate in the on-going development and maintenance of rulesets in the various security toolsets operating within ANZ.
• Perform threat hunting for unknown cyber threats using profiling techniques to find unusual or anomalous activity which has not been detected by vendor signatures. 

What will you bring?

To grow and be successful in this role, you will ideally bring the following:

• Considerable years of experience working in Threat Hunting, Security Operations, Incident Response or Threat Intelligence.
• Considerable years of experience in responding to Security incidents or Major Security Incidents by performing host based and network forensics as well investigation of security appliance and application logs to determine what activities an attacker has performed in order to: (1) ensure the attacker is successfully removed from the network and (2) provide an understanding of exposure to senior executives where it is required e.g Representing SOC in Event Incident Technical Bridge
• Intermediate understanding of best practices in network security, security operations, systems security, policy, and incident response
• Intermediate Technical understanding of application security, infrastructure security, digital forensics, malware analysis, or some combination
• Intermediate Understanding of security vulnerabilities, attacker exploit techniques, and methods for their remediation
• Knowledge of general Cyber/Information Security concepts, particularly security in the cloud
• Basic to Intermediate scripting skills (e.g., Python, C, C++, Java, Ruby, or PowerShell) 

You’re not expected to have 100% of these skills. At ANZ a growth mindset is at the heart of our culture, so if you have most of these things in your toolbox, we’d love to hear from you.

So why join us?

ANZ provides banking and financial services and operates across more than 30 markets. We are among the top 4 banks in Australia, the largest banking group in New Zealand and Pacific, and among the top 50 banks in the world. With more than 2,000 people, our team in Manila plays a critical role in executing our strategy and delivering what matters most to our customers and the bank. We continue to grow our professional services capabilities to support our customers around the world.  Our expertise and services make us a bank, and our people, purpose, and culture makes us ANZ. We're proud of the inclusive culture we're renowned for where 90 percent of our people feel they belong. 

We provide our people with a range of benefits including access to health and wellbeing services.  We also have flexible working options so that our people can 'make work, work for them'.

We welcome applications from everyone and encourage you to talk to us about any adjustments you may require to our recruitment process or the role itself. If you are a candidate with a disability, let us know how we can provide you with additional support.

To find out more about working at ANZ visit  https://www.anz.com/careers/. You can apply for this role by visiting ANZ Careers and searching for reference number 86834.

Posting will end on 20 February 2025