InfoSec Engineer Consultant (Security Incident Response)

Primary Responsibilities:

• Lead and conduct highly complex security incident investigations across endpoints (memory and disk), network traffic, and cloud environments, including Azure and Microsoft 365.
• Perform advanced incident investigation and in‑depth log analysis by correlating data from multiple sources such as SIEM, EDR, network security devices, and cloud platforms to accurately identify scope and impact.
• Act as the final escalation point for critical and high‑severity security incidents, providing expert guidance and decisive incident handling.
• Conduct static and dynamic malware analysis, including reverse engineering of exploits, and analyze adversary tactics, techniques, and procedures (TTPs) to understand attacker behavior.
• Map attacker activities and observed behaviors to industry‑recognized frameworks such as MITRE ATT&CK, NIST to ensure structured analysis and reporting.
• Perform digital forensic analysis across endpoints (Windows, Linux, and macOS), memory, and network data using established forensic methodologies and tools to support security incident investigations.
• Execute effective containment actions during incidents, including isolating compromised systems, blocking malicious traffic, disabling accounts, and applying emergency controls to limit spread and impact.
• Validate that eradication activities are fully completed and ensure affected systems are securely restored to normal operations without residual risk.
• Prepare comprehensive incident reports detailing timelines, root cause analysis, impact assessment, indicators of compromise (IOCs), and remediation actions taken.
• Collaborate with Security and Engineering teams to automate repetitive tasks such as alert enrichment, containment workflows, response actions, and ticket creation to improve efficiency and consistency.
• Leverage internal and external threat intelligence feeds to enrich investigations with contextual insights, including known malicious IPs, domains, threat actor profiles, and attacker methodologies.
• Work closely with cross‑functional teams to ensure coordinated and timely execution of incident response activities.
• Continuously enhance detection and response capabilities by recommending improvements to SIEM and EDR platforms, tuning detection rules, developing better queries, and identifying logging gaps.
• Handle Priority 1 (P1), Priority 2 (P2) and other critical incidents with urgency, ensuring rapid response, clear stakeholder communication, and minimal business disruption.
• Monitor and report on key performance indicators (KPIs) such as Mean Time to Detect (MTTD) and Mean Time to Respond (MTTR) to measure and improve incident response effectiveness.

Job Qualifications

Must Have Skills:

• 5–8 years of hands‑on experience in Major Security Incident Management, including:
• Case management
• War room facilitation
• Paging / on‑call coordination
• Security bridge management
• Strong log analysis experience across multiple security domains, including:
• SIEM platforms
• Endpoint security
• Perimeter/network security
• Threat intelligence feeds
• Email security solutions
• Proven experience in Sandbox Analysis for malware and suspicious file investigation
• Hands‑on Digital Forensics experience, including evidence collection, analysis, and reporting
• Solid understanding and application of security frameworks, including:
• MITRE ATT&CK
• MITRE D3FEND
• NIST (incident response, security controls, or related standards)
• Practical experience with forensic tools, such as:
• Magnet AXIOM Forensics
• REMnux
• X‑Ways Forensics
• EnCase
• Forensic Toolkit (FTK)
• Or equivalent forensic tools

What we offer

• Laptop/Computer Provided by the Company
• Market Total Rewards Package
• Retirement Plan
• Medical Plan (HMO) from Day 1 of employment
• Dental, Medical, and Optical Reimbursements
• Life and Disability Insurance
• Paid Time-Off Benefits
• Sick Leave Conversion
• Tuition Fee Reimbursement
• Employee Assistance Program (EAP)
• Annual Performance Based Merit Increases
• Employee Recognition
• Training and Staff Development
• Employee Referral Program
• Employee Volunteerism Opportunity
• All Mandatory Statutory Benefits

Who we are

• Optum is the health care technology and innovation company of the UnitedHealth Group enterprise along with UnitedHealthcare.
• As part of a Fortune 5 enterprise, we are improving the health care experience of over 125 million people around the world.
• We’re a diverse team with operations across North America, South America, Europe, Asia Pacific and the Middle East.
• This includes our over 25,000 employees in the Philippines. Elevate your career with a leading health care company while improving lives.