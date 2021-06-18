Cyber Security Manager

Jun 18, 2021

  • Develop and implement Cyber security operations programme to mitigate potential cyber-attacks that are directed to the organisation. Maintenance of all cyber security technologies.
  • Assess, improve and support the implementation of the cloud security controls.
  • Develop cyber SOC detection, response and intelligence technical capability strategies and plans.
  • Conduct Red teaming and threat hunting exercises to proactively identify and mitigate potential vulnerabilities or cyber-attacks that may affect the organisation network and systems.
  • Lead, plan and perform Black box, Grey box and White box penetration testing exercises to test the effectiveness of the security controls.
  • Lead, plan and conduct vulnerability assessments on internal, web-facing and cloud hosted applications and infrastructure.
  • Ensure that vulnerability management tools are deployed, and remediation activities are prioritized appropriately.
  • Lead and implement DevSecOps life cycle programme.
  • Perform source code reviews to identify and remediate potential security flaws.
  • Improve cyber security resilience and assist the organisation with better preparation and response to cyber security incidents and emerging threats that may interrupt the organisation’s day to day business operations.
  • Plan and execute cyber crisis simulations exercises.
  • Mentor and train staff on various cyber security operations activities, including attack techniques, exploitation, threat hunting, source code reviews and intelligence analysis
  • Report to and advise the Management Team on the organisation cyber security posture
  • Analyse and design appropriate security solutions related to the maturity of the SOC to enable business requirements.
  • Hands on experience working with implementing and administering various security solutions related to SOC such as SIEM, writing queries, scripting, EDRs, Syslog, etc
  • Knowledge and experience with malware analysis/forensics, network forensics, and computer forensics.
  • Hands-on experience or working knowledge of network security monitoring solutions such as IDS, IPS, NetFlow and packet capture technologies.
  • Hands-on experience performing threat hunting activities using related techniques and tools.
  • Exposure to threat intel activities and integration to existing technologies.
  • Utilizes emerging threat intelligence (IOCs, updated rules, etc.) to identify affected systems and the scope of the attack
  • Identify and enable application, system, and security logs across the enterprise to support incident investigations.
  • Identify and integrate critical logs (application, security, system) into the Security Information and Event Management (SIEM) solution.
  • Undertake incident analysis, tracking, recording, and response, with the ability to operate as an incident manager when required.
  • Analyse network activity logs to identify anomalies and respond accordingly. Activate the Computer Emergency Response Team for all high or critical anomalies that are identified.
  • Research attack/fraud tactics, techniques, and procedures and design detection patterns (correlation rules) from various security tools (SYSMON, AV, EDR, SIEM & Syslog) .
  • Interface with IT stakeholders and ensure that the hosting environment meets security and service requirements.
  • Develop Standard Operating Procedures for the SOC environment.
  • Form part of a 24/7 operational support structure for security services systems.
  • Performs root cause analysis, performance tuning, optimisation and other service improvement activities ensuring optimal security environment performance. Continuously identifies areas for improvement for efficiency.
  • Log and act on all security incidents according to business expectations and escalate all critical statuses and issues as well as provides recommendations
  • Proactively identifies interconnected problems and develops and models alternative solutions and suggests contingency plans to resolve value chain conflicts.
  • Participate in major technology infrastructure initiatives, monitor security technology roadmaps and recommend feature enhancements or new solutions to address business risks/requirements.

QUALIFICATION ,SKILLS AND EXPERIENCE REQUIREMENTS

  • Relevant tertiary qualification.
  • At least 8 years’ working experience in network management network security or cyber operations administration.
  • Understanding of SIEM & Security technologies across multiple platforms an advantage.
  • Data Analytics – understanding events in sequence for cyber incident management.
  • Relevant Information Security certification (e.g., CySA+, ECSA , CISSP) an advantage.
    (ISC)2 SCCP
    (ISC)2 CISSP
    (ISC)2 ISSAP
  • Knowledge of IT Architecture, Networking (TCP/IP), Firewall technology, Intrusion Sensor technology, Dartrace, Fortinet, Denial of service technologies, Domain Name System, Routing,
  • Network devices (Routers and Switches), Network Access technology, SIEM, Proxy technology,
  • Virtual Private Network/Remote Access
  • Scripting using languages such as Windows PowerShell, Perl, or Python an advantage
  • Familiarity with any SIEM and AI and EDR technologies and SOAR capabilities.
  • Technical support strategies and approaches.
  • Technical documentation creation and maintenance.
  • Incident Management and Problem Management procedures.
  • Expert knowledge of Cloud Infrastructures (e.g., Azure & AWS) to manage SOC environments is an added advantage.

Desired Skills:

  • It architect
  • Networking
  • Problem Solving
  • Security technologies
  • Security controls

Desired Work Experience:

  • More than 10 years Clinic & Hospital
  • More than 10 years Systems / Network Administration

Desired Qualification Level:

  • Diploma

