Information Security Engineer Analyst - SOC

Optum is a global organization that delivers care, aided by technology to help millions of people live healthier lives. The work you do with our team will directly improve health outcomes by connecting people with the care, pharmacy benefits, data and resources they need to feel their best. Here, you will find a culture guided by inclusion, talented peers, comprehensive benefits and career development opportunities. Come make an impact on the communities we serve as you help us advance health optimization on a global scale. Join us to start Caring. Connecting. Growing together.  

The Level 1 Security Operations Center (SOC) Analyst role supports the SecOps team by providing continuous monitoring, initial analysis, and triage of security alerts and events across the organization. This role serves as the first line of defense in detecting potential security incidents and ensuring timely escalation in accordance with defined incident response procedures.

The L1 SOC Analyst is responsible for Monitoring alerts from SIEM, EDR, email security, and other security monitoring tools to identify suspicious activity, validate true positives, and document findings. The analyst follows established playbooks and standard operating procedures to perform basic investigations, collect relevant logs and artifacts, and escalate incidents to higher-tier analysts when required.

This role also involves maintaining accurate incident records, supporting SOC workflows, and ensuring adherence to security policies, SLAs, and escalation criteria, while contributing to overall situational awareness and operational effectiveness of the SOC.

Primary Responsibilities:

• Continuously monitor security alerts and events across endpoint, network, cloud, email, and identity security tools in a 24×7 SOC environment
• Perform initial triage and validation of security alerts to identify false positives, benign activity, and potential security incidents in accordance with defined playbooks and SOPs
• Conduct basic investigation and analysis using SIEM- Sentinel & CrowdStrike, EDR, firewall, proxy, and cloud logs to determine event context, severity, and potential impact
• Collect and preserve initial forensic artifacts (logs, hashes, timestamps, alerts, screenshots) as part of triage activities, ensuring proper documentation for escalation
• Perform basic malware analysis tasks (e.g., hash lookups, reputation checks, sandbox AnyRun verdict reviews) using approved tools and threat intelligence sources
• Create and maintain clear, accurate incident tickets and alert documentation, capturing the who, what, when, and how in plain business language
• Escalate confirmed or suspected security incidents to SOC L2/L3 or Incident Response teams with well-documented findings and supporting evidence
• Assist senior analysts during incident response, containment, and eradication activities by providing timely data, logs, and analysis
• Support the creation and refinement of Indicators of Compromise (IOCs) and detection logic based on observed activity and investigation outcomes
• Follow incident handling SLAs, escalation criteria, and communication protocols to ensure timely response and business impact reduction
• Participate in security drills, tabletop exercises, and attack simulations to validate detection capabilities and SOC readiness
• Contribute to post-incident reviews and lessons learned by providing investigation inputs and observations
• Work closely with security control owners to support alert tuning, playbook updates, and continuous improvement of SOC processes
• Demonstrate awareness of risk acceptance and risk exception concepts, escalating identified risks in line with organizational policies
• Adhere to shift handover procedures, ensuring continuity of operations across 24×7 SOC shifts
• Comply with the terms and conditions of the employment contract, company policies and procedures, and any and all directives (such as, but not limited to, transfer and/or re-assignment to different work locations, change in teams and/or work shifts, policies in regards to flexibility of work benefits and/or work environment, alternative work arrangements, and other decisions that may arise due to the changing business environment). The Company may adopt, vary or rescind these policies and directives in its absolute discretion and without any limitation (implied or otherwise) on its ability to do so

Required Qualifications:

• Undergraduate degree or equivalent experience.
• 2+ years of experience in Security Operations, SOC monitoring, IT security, or related technology roles. (Internship, training, or lab-based experience is acceptable for entry-level candidates.)
• Basic understanding of information security concepts, including security monitoring, incident detection, alert triage, and escalation processes
• Foundational knowledge of networking and application protocols such as HTTP, HTTPS, DNS, FTP, TCP, UDP, and ICMP, with the ability to interpret security alerts related to these protocols
• Familiarity with SIEM-Sentinel & CrowdStrike, EDR, firewall, email security, and cloud security tools for alert review and investigation (hands-on depth not required)
• Exposure to basic malware analysis concepts, such as hash analysis, reputation checks, sandbox verdict interpretation, and threat intelligence lookups
• Basic understanding of operating systems (Windows/Linux) and common attack techniques such as phishing, malware delivery, and credential misuse
• Understanding of the technology risks that are inherent to a business and an ability to effectively communicate those risks
• Awareness of Indicators of Compromise (IOCs), including IPs, domains, URLs, file hashes, and how they are used in detection and investigations
• Demonstrated solid documentation and communication skills, with the ability to clearly record investigation findings and escalate issues in plain, business-friendly language
• Demonstrated ability to be creative and autonomous
• Basic project management skills and detail orientation
• Ability to perform initial log analysis using firewall, server, endpoint, and cloud logs to identify suspicious or anomalous activity
• Ability to work effectively in a 24×7 shift-based SOC environment, including following handover procedures and SLAs

At UnitedHealth Group, our mission is to help people live healthier lives and make the health system work better for everyone. We believe everyone-of every race, gender, sexuality, age, location and income-deserves the opportunity to live their healthiest life. Today, however, there are still far too many barriers to good health which are disproportionately experienced by people of color, historically marginalized groups and those with lower incomes. We are committed to mitigating our impact on the environment and enabling and delivering equitable care that addresses health disparities and improves health outcomes - an enterprise priority reflected in our mission.

Optum is a drug-free workplace. © 2026 Optum Global Solutions (Philippines) Inc. All rights reserved.