# Cyber Security Analyst > CallTek · Philippines (Remote) · Full-time · Posted 2026-06-19 **Workplace:** remote ## Description The Mid-Level Cyber Defense Analyst uses defensive measures and information collected from a variety of sources to identify, analyze, and report vulnerabilities and malicious events. This role focuses on maintaining the integrity of our internal and cloud networks by conducting deep-dive analysis of security data, recognizing operational trends, and leading initial incident containment efforts. Responsibilities: - Investigate security alerts escalated by SOC Level 1 analysts. - Perform deeper analysis of suspicious activity across SIEM, EDR, network, identity, cloud, and email security platforms. - Validate whether security events represent false positives, suspicious behavior, policy violations, or confirmed cybersecurity incidents. - Correlate events across multiple log sources to identify attack patterns, affected assets, compromised accounts, lateral movement, malware activity, or unauthorized access. - Determine the scope, severity, business impact, and urgency of security incidents. - Recommend containment, eradication, and remediation actions to the appropriate technical teams. - Create and maintain accurate incident timelines, investigation notes, evidence records, and escalation summaries. - Support phishing investigations, endpoint compromise analysis, suspicious login reviews, malware alerts, brute-force attacks, data exfiltration indicators, and cloud security events. - Review and improve SOC playbooks, investigation procedures, and escalation criteria. - Provide technical guidance, coaching, and feedback to SOC Level 1 analysts. - Identify recurring false positives and recommend tuning improvements for SIEM, EDR, and other detection platforms. - Participate in post-incident reviews and provide recommendations to improve detection, response, and prevention. - Support shift handovers by documenting open incidents, pending actions, and important operation contexts. ## Requirements - 2 to 4 years of experience in SOC operations, cybersecurity monitoring, incident response, security operations, network security, endpoint security, or infrastructure security. - Previous experience as a SOC Analyst L1 or equivalent role. - Experience investigating real security alerts and documenting incident findings. - Practical knowledge of SIEM, EDR, identity logs, firewall logs, email security alerts, and endpoint events. - Experience escalating incidents and recommending remediation actions. - Preferred Certifications: CompTIA CySA+, Blue Team Level 1 / BTL1, Blue Team Level 2 / BTL2, Microsoft AZ-500, CompTIA Security+, CompTIA Network+, Cisco CCNA, Fortinet FCP / NSE, Microsoft AZ-500, as a plus for cloud/security environments, eCIR . - Language: English C1 is required ## Apply [Apply at CallTek](https://apply.workable.com/staff4me/j/19CCB7B224/apply) --- Powered by [Workable](https://www.workable.com)