Cyber Security Specialist at Datafin Recruitment

May 21, 2021

ENVIRONMENT:A rapidly growing UK-based tech company seeks a forward-thinking Cyber Security Specialist to serve as the technical lead of their Cyber Security Operations Centre (CSOC), managing and improving all SIEM and security platforms. You are expected to think beyond a conventional SIEM approach and seek to enhance the security suite to a comprehensive automation and orchestration capability. You will require experience with a variety of SIEM platforms & monitoring tools, EDR, DLP, AV, Snort, Wireshark, TCPdump, working knowledge & experience of core security and infrastructure tech including firewall logs, network security tools, malware detonation devices, proxies, IPS/IDS, a strong awareness of Cyber-Attack techniques & in-depth knowledge of log formats, log transports and log analysis as well as automating log ingestion and normalisation in a SOC [URL Removed] a technical lead / SME for the CSOC and SIEM service offering by managing and improving the platforms to meet the requirements of the business and/or client.

  • Configure and develop SIEM tooling, and associated tool sets, to deliver effective and efficient SOC services through automation and orchestration, and to improve MTTD and MTTR whilst reducing false positives and negatives.
  • Ensure all security platforms are optimised to detect and prevent security threats across all on-prem and cloud environments to meet business objectives and regulatory requirements.
  • Provide technical oversight and support for the identification, triage and response to events or incidents of a suspicious or malicious nature, and apparent security breaches.
  • Work collaboratively with infrastructure teams and key stakeholders inside and out of the business ensuring security and monitoring requirements are determined and implemented through onboarding or continuous improvement activities.
  • Actively support the onboarding of new clients throughout the transition to service delivery lifecycle.
  • Conduct project activities including planning and execution of changes, documentation, training / skills / knowledge transfer to the team and clients.
  • Maintain a continuous understanding of the threat landscape with in-depth knowledge around threat actors, TTPs and vulnerabilities.
  • Be a technical mentor to the CSOC Specialists and Analysts, providing technical knowledge and training to the team.

    • REQUIREMENTS:Essential

    • Experience with a variety of SIEM platforms and monitoring tools, configuration management tools, host virtualisation, containerisation, vulnerability scanners, proxies, WAFs.
    • Significant experience with intrusion analysis and investigation.
    • Demonstrable technical knowledge, skills and/or experience in intrusion analysis, and network and security investigation using a variety of security tools (EDR, DLP, AV, Snort, Wireshark, TCPdump etc.).
    • Working knowledge and experience of core security and infrastructure technologies (e.g., firewall logs, network security tools, malware detonation devices, proxies, IPS/IDS).
    • Technical experience in a Security Operations Centre, Incident Response Team or similar environment.
    • An in-depth knowledge of log formats, log transports and log analysis as well as automating log ingestion and normalisation in a SOC environment.
    • Strong awareness of cyber-attack techniques and how protective monitoring systems can be used for detection, mitigation, remediation and protection.
    • Awareness of risk management and the ability to contextualise technical issues into business risk relevant to the business and clients.

    Desirable

    • Having achieved at least a BSc or MSc in Cyber Security incorporating Ethical Hacking, Digital Forensics or Information Security; OR One or more of the following industry certifications: CEH, GCIA, GCIH, GSEC, Security+, GCTI.
    • Experience in secured cloud architectures (Azure, AWS) and engineering solutions.
    • Formal experience in Digital Forensics or experience using EnCase, FTK Imager or similar.
    • An understanding of multiple operating systems and their programming interfaces such as UNIX Shell and PowerShell.
    • An awareness of Cyber Security-related standards and regulations, for example, NIST, CIS, ISO 27001 and PCI DSS.

    ATTRIBUTES:

    • Team player.
    • Problem-solving.
    • Strong communication skills.
    • Self-starter who is able to demonstrate excellent customer service and can collaborate effectively.

    While we would really like to respond to every application, should you not be contacted for this position within 10 working days please consider your application unsuccessful.COMMENTS:When applying for jobs, ensure that you have the minimum job requirements. OnlySA Citizens will be considered for this role. If you are not in the mentioned location of any of the jobs, please note your relocation plans in all applications for jobs and correspondence. Please e-mail a word copy of your CV to [Email Address Removed] and mention the reference numbers of the jobs. We have a list of jobs on [URL Removed] Datafin IT Recruitment – Cape Town Jobs.

    Learn more/Apply for this position