SOC Engineer Supervisor

Team: Security

Location: Taguig City, Metro Manila, Philippines

Commitment: Full-time Employee

Workplace Type: hybrid

Key Responsibilities:

• Security Operations Center (SOC) Management
• Lead security monitoring operations for cryptocurrency exchange infrastructure, trading platforms, and digital wallet systems.
• Oversee real-time analysis of security events, alerts, and anomalies across blockchain networks, trading engines, and customer-facing applications.
• Coordinate incident response activities for security breaches, suspicious trading activities, and potential fraud attempts.
• Manage and optimize SIEM platforms, security orchestration tools, and automated response systems.
• Develop and maintain security playbooks specific to cryptocurrency exchange operations and digital asset protection.
• Collaborate with Data and Application Security teams to ensure end-to-end protection of data pipelines, APIs, and application architectures within the exchange ecosystem.


• Insider & Threat Intelligence Analysis
• Monitor dark web marketplaces, criminal forums, and threat actor communications for indicators targeting cryptocurrency businesses.
• Conduct tactical, operational, and strategic threat assessments specific to digital asset platforms.
• Develop threat intelligence feeds and indicators of compromise (IoCs) relevant to cryptocurrency security.
• Collaborate with external threat intelligence providers and cryptocurrency security communities.
• Design and implement comprehensive insider threat detection programs tailored to cryptocurrency exchange environments.
• Analyze user behavior patterns to identify potential malicious insider activities or account compromises.
• Conduct investigations into suspicious employee activities, unauthorized access attempts, and data exfiltration.
• Work closely with the Data Security team to validate data protection controls and ensure secure handling of sensitive user and transaction data.


• Incident Response & Forensics
• Lead incident response efforts for security breaches, fund theft attempts, and system compromises.
• Conduct digital forensics investigations on cryptocurrency-related security incidents.
• Coordinate with law enforcement, regulatory bodies, and external security firms during major incidents.
• Develop and maintain incident response procedures specific to cryptocurrency exchange operations.
• Create post-incident reports and recommendations for security improvements.
• Collaborate with Application Security teams to remediate vulnerabilities and strengthen overall system resilience post-incident.


• AI and Advanced Analytics Integration
• Leverage AI Agents and automation to enhance security analysis, incident triage, and anomaly investigation.
• Develop and deploy AI-driven solutions to enhance security monitoring, anomaly detection, and threat prediction capabilities.
• Utilize machine learning models for behavioral analysis, event correlation, and automated alert triage across SOC operations.
• Partner with engineering, data, and security teams to embed AI technologies into incident response workflows and fraud prevention systems.
• Evaluate emerging AI security tools and frameworks to continuously improve the organization’s detection accuracy and response efficiency.
• Ensure that all AI-driven systems adhere to security, privacy, and compliance standards relevant to cryptocurrency and digital asset environments.

Required Qualifications:

• Experience: Minimum 5+ years in Security Operations Center (SOC) management or operations, preferably within financial services, fintech, or cryptocurrency exchange environments.
• Certifications: CISSP, GCIH, GCFA, GNFA, GCTI, CEH, or equivalent security certifications required.
• SIEM Expertise: Advanced proficiency with leading SIEM platforms such as Sumo Logic, Splunk, QRadar, or Microsoft Sentinel, including the development of custom correlation rules and dashboards.
• Threat Intelligence: Proven experience using threat intelligence platforms (MISP, ThreatConnect, Anomali) and frameworks such as MITRE ATT&CK and the Diamond Model for threat analysis and response.
• Programming & Automation: Strong proficiency in Python, PowerShell, or similar scripting languages for automation, data analysis, and integration with SOC tools.
• Cloud Security: Hands-on experience securing cloud infrastructures (AWS, Azure, GCP) and containerized environments (Docker, Kubernetes).
• AI & Machine Learning: Practical experience applying AI and machine learning techniques in cybersecurity operations, such as automated anomaly detection, predictive threat modeling, and behavioral analytics. Familiarity with AI-driven security tools, data science workflows, or integrating ML models into SOC environments is highly preferred.
• Collaboration: Ability to work cross-functionally with Data and Application Security teams to enhance overall security posture and ensure protection of digital assets across systems and applications.