Sr Security Analyst — OneAxiom (via Remotesome)

About OneAxiom

Founded in 2017, OneAxiom has emerged as a premier provider of cybersecurity solutions, expertly specializing in comprehensive monitoring and alerting for all types of data, structured or unstructured. As an integral extension of your team, we provide real-time insights into your cybersecurity risks, threats, and active attacks.

Our flagship solution offers a holistic view of your critical IT and security data through a seamless, unified platform. Forget the inefficiencies of juggling multiple tools that slow your detection (MTTD) and response times (MTTR). The OneAxiom platform serves as your definitive source of truth, delivering unmatched visibility across both on-premise and cloud environments to safeguard your data, endpoints, and infrastructure.

Role Overview

We are seeking a Senior Security Analyst, Threat Detection Engineering to join our Security Operations team as an experienced individual contributor. This role is primarily focused on threat detection engineering, with additional senior analyst responsibilities across SOC operations, detection tuning, alert quality improvement, investigation support, and threat hunting.

The ideal candidate has strong hands-on SOC experience, sound analytical judgment, and the ability to independently research threats, develop and improve detection logic, validate rule performance, document triage guidance, and support high-quality security monitoring outcomes across customer environments.

This role requires hands-on experience with YAML. Experience developing and maintaining detection rules in Sigma format is preferred. The analyst will be expected to work independently, manage priorities, collaborate with SOC and incident response teams, and help improve detection coverage and operational effectiveness over time.

Key Responsibilities

Threat Detection Engineering

• Conduct threat research based on customer industry verticals, relevant adversary behavior, emerging threats, and applicable threat intelligence.

• Identify detection opportunities and translate threat research into actionable detection logic.

• Develop new detection rules and update existing rules using YAML-based detection content; Sigma rule experience is preferred.

• Test detection logic before production deployment to validate expected behavior, telemetry coverage, and false positive potential.

• Move validated detection content into production through the established detection lifecycle process.

• Add clear triage steps, investigation context, known false positives, and recommended analyst actions to detection rules.

• Tune new and existing detections to reduce noise while preserving meaningful detection coverage.

• Review alert trends, analyst feedback, and customer telemetry to identify detection improvement opportunities.

• Maintain detection documentation and contribute to the detection engineering backlog.

Threat Hunting

• Support structured threat hunting activities designed to identify suspicious behavior, validate detection coverage, and improve detection and response capabilities.

• Develop hunt hypotheses based on customer risk, industry-specific threats, new detection content, emerging campaigns, suspicious trends, or known visibility gaps.

• Use available customer telemetry to search for relevant indicators, behaviors, and patterns of concern.

• Validate and deconflict potential findings against expected user, administrative, business, or infrastructure activity.

• Document hunt scope, approach, findings, confidence level, limitations, and recommended follow-up actions.

• Escalate confirmed or high-confidence suspicious activity through the standard SOC or incident response process.

• Convert valuable hunt findings into detection improvements, rule tuning recommendations, playbook updates, or customer recommendations.

Senior SOC Analyst Functions

• Provide senior-level support for complex alert triage, investigation, and escalation.

• Assist SOC analysts with investigation methodology, evidence review, detection context, and incident interpretation.

• Support quality improvement of SOC workflows, alert handling, triage procedures, and escalation practices.

• Help improve SOC playbooks, runbooks, triage instructions, and analyst-facing documentation.

• Mentor junior and mid-level analysts on effective investigation techniques and threat-informed analysis.

• Identify recurring false positives, operational gaps, telemetry issues, and opportunities to improve SOC effectiveness.

Requirements

Required Qualifications

Strong hands-on experience working in a Security Operations Center or comparable security monitoring environment.

Experience as a senior SOC analyst, detection engineer, threat hunter, or similar security operations role.

Experience with YAML is required; experience writing, modifying, testing, and maintaining Sigma rules is preferred.

Strong understanding of detection engineering concepts, including detection logic, alert fidelity, false positive reduction, and detection lifecycle management.

Experience performing threat research and translating findings into practical detections or investigation guidance.

Experience tuning detections based on telemetry, false positives, analyst feedback, and customer-specific context.

Experience documenting triage steps, known false positives, investigation guidance, and response recommendations.

Strong understanding of common security telemetry: endpoint, identity, authentication, network, email, cloud, and detection alert data.

Familiarity with MITRE ATT&CK and common attacker TTPs.

Ability to operate independently as an individual contributor with minimal supervision.

Strong written and verbal communication skills.

Preferred Qualifications

Experience in an MSSP, MDR, or multi-customer SOC environment.

Experience with SIEM, EDR, XDR, OpenSearch, log management, or security analytics platforms.

Experience with detection-as-code workflows, version control, peer review, and controlled production release processes.

Experience conducting or supporting threat hunting exercises.

Experience with IOC and IOA analysis, detection backtesting, and retrospective searches.

Experience with query or scripting languages such as KQL, SPL, Lucene, SQL, Python, PowerShell, or Bash.

Experience with cloud security telemetry from AWS, Azure, Google Cloud, Microsoft 365, or other SaaS platforms.

Relevant certifications such as GCIA, GCIH, GCDA, GCFA, GNFA, CySA+, Security+, CISSP, or similar.

Required Skills

• SOC — Advanced

Compensation

$30K – $50K/year

Location: Philippines

Timezone: UTC+8 to UTC+7