A vacancy exists for a Cyber Security Manager based at Head Office, within the Information Management Department. The IT Security Manager performs two core functions for the enterprise-the first is overseeing the operations of the enterprises security solutions through management of the organizations security analysts. The second is establishing an enterprise security stance through policy, architecture and training processes. Secondary tasks will include the selection of appropriate security solutions, and oversight of any vulnerability audits and assessments.
The IT Security Manager is expected to interface with peers in the Systems and Network departments as well as with the leaders of the business units to both share the corporate security vision with those individuals and to solicit their involvement in achieving higher levels of enterprise security through information sharing and co-operation.
- Develop and implement Cyber security operations programme to mitigate potential cyber-attacks that are directed to the organisation. Maintenance of all cyber security technologies.
- Assess, improve and support the implementation of the cloud security controls.
- Develop cyber SOC detection, response and intelligence technical capability strategies and plans.
- Conduct Red teaming and threat hunting exercises to proactively identify and mitigate potential vulnerabilities or cyber-attacks that may affect the organisation network and systems.
- Lead, plan and perform Black box, Grey box and White box penetration testing exercises to test the effectiveness of the security controls.
- Lead, plan and conduct vulnerability assessments on internal, web-facing and cloud hosted applications and infrastructure.
- Ensure that vulnerability management tools are deployed, and remediation activities are prioritized appropriately.
- Lead and implement DevSecOps life cycle programme.
- Perform source code reviews to identify and remediate potential security flaws.
- Improve cyber security resilience and assist the organisation with better preparation and response to cyber security incidents and emerging threats that may interrupt the organisation’s day to day business operations.
- Plan and execute cyber crisis simulations exercises.
- Mentor and train staff on various cyber security operations activities, including attack techniques, exploitation, threat hunting, source code reviews and intelligence analysis.
- Report to and advise the Management Team on the organisation cyber security posture.
- Analyze and design appropriate security solutions related to the maturity of the SOC to enable business requirements.
- Hands on experience working with implementing and administering various security solutions related to SOC such as SIEM, writing queries, scripting, EDRs, Syslog, etc.
- Knowledge and experience with malware analysis/forensics, network forensics, and computer forensics.
- Hands-on experience or working knowledge of network security monitoring solutions such as IDS, IPS, NetFlow and packet capture technologies.
- Hands-on experience performing threat hunting activities using related techniques and tools.
- Exposure to threat intel activities and integration to existing technologies.
- Utilizes emerging threat intelligence (IOCs, updated rules, etc.) to identify affected systems and the scope of the attack,
- Identify and enable application, system, and security logs across the enterprise to support incident investigations.
- Identify and integrate critical logs (application, security, system) into the Security Information and Event Management (SIEM) solution.
- Undertake incident analysis, tracking, recording, and response, with the ability to operate as an incident manager when required.
- Analyze network activity logs to identify anomalies and respond accordingly. Activate the Computer Emergency Response Team for all high or critical anomalies that are identified.
- Research attack/fraud tactics, techniques, and procedures and design detection patterns (correlation rules) from various security tools (SYSMON, AV, EDR, SIEM & Syslog).
- Interface with IT stakeholders and ensure that the hosting environment meets security and service requirements.
- Develop Standard Operating Procedures for the SOC environment.
- Form part of a 24/7 operational support structure for security services systems.
- Performs root cause analysis, performance tuning, optimisation and other service improvement activities ensuring optimal security environment performance. Continuously identifies areas for improvement for efficiency.
- Log and act on all security incidents according to business expectations and escalate all critical statuses and issues as well as provides recommendations,
- Proactively identifies interconnected problems and develops and models alternative solutions and suggests contingency plans to resolve value chain conflicts.
- Participate in major technology infrastructure initiatives, monitor security technology roadmaps and recommend feature enhancements or new solutions to address business risks/requirements.
|Qualifications & Experience:
- Relevant tertiary qualification.
- At least 8 years working experience in network management network security or cyber operations administration.
- Understanding of SIEM & Security technologies across multiple platforms an advantage.
- Data Analytics understanding events in sequence for cyber incident management.
- Relevant Information Security certification (e.g., CySA+, ECSA , CISSP) an advantage.
- (ISC)2 SCCP
- (ISC)2 CISSP
- (ISC)2 ISSAP
- Knowledge of IT Architecture, Networking (TCP/IP), Firewall technology, Intrusion Sensor technology, Dartrace, Fortinet, Denial of service technologies, Domain Name System, Routing, Network devices (Routers and Switches), Network Access technology, SIEM, Proxy technology, Virtual Private Network/Remote Access
- Scripting using languages such as Windows PowerShell, Perl, or Python an advantage
- Familiarity with any SIEM and AI and EDR technologies and SOAR capabilities.
- Technical support strategies and approaches.
- Technical documentation creation and maintenance.
- Incident Management and Problem Management procedures.
- Expert knowledge of Cloud Infrastructures (e.g., Azure & AWS) to manage SOC environments is an added advantage.
- Planning and organizing
- Deadline driven
- Team leader
- Ability to handle pressure
- Building relationships
- Attention to detail
Learn more/Apply for this position