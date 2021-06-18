- Develop and implement Cyber security operations programme to mitigate potential cyber-attacks that are directed to the organisation. Maintenance of all cyber security technologies.
- Assess, improve and support the implementation of the cloud security controls.
- Develop cyber SOC detection, response and intelligence technical capability strategies and plans.
- Conduct Red teaming and threat hunting exercises to proactively identify and mitigate potential vulnerabilities or cyber-attacks that may affect the organisation network and systems.
- Lead, plan and perform Black box, Grey box and White box penetration testing exercises to test the effectiveness of the security controls.
- Lead, plan and conduct vulnerability assessments on internal, web-facing and cloud hosted applications and infrastructure.
- Ensure that vulnerability management tools are deployed, and remediation activities are prioritized appropriately.
- Lead and implement DevSecOps life cycle programme.
- Perform source code reviews to identify and remediate potential security flaws.
- Improve cyber security resilience and assist the organisation with better preparation and response to cyber security incidents and emerging threats that may interrupt the organisation’s day to day business operations.
- Plan and execute cyber crisis simulations exercises.
- Mentor and train staff on various cyber security operations activities, including attack techniques, exploitation, threat hunting, source code reviews and intelligence analysis
- Report to and advise the Management Team on the organisation cyber security posture
- Analyse and design appropriate security solutions related to the maturity of the SOC to enable business requirements.
- Hands on experience working with implementing and administering various security solutions related to SOC such as SIEM, writing queries, scripting, EDRs, Syslog, etc
- Knowledge and experience with malware analysis/forensics, network forensics, and computer forensics.
- Hands-on experience or working knowledge of network security monitoring solutions such as IDS, IPS, NetFlow and packet capture technologies.
- Hands-on experience performing threat hunting activities using related techniques and tools.
- Exposure to threat intel activities and integration to existing technologies.
- Utilizes emerging threat intelligence (IOCs, updated rules, etc.) to identify affected systems and the scope of the attack
- Identify and enable application, system, and security logs across the enterprise to support incident investigations.
- Identify and integrate critical logs (application, security, system) into the Security Information and Event Management (SIEM) solution.
- Undertake incident analysis, tracking, recording, and response, with the ability to operate as an incident manager when required.
- Analyse network activity logs to identify anomalies and respond accordingly. Activate the Computer Emergency Response Team for all high or critical anomalies that are identified.
- Research attack/fraud tactics, techniques, and procedures and design detection patterns (correlation rules) from various security tools (SYSMON, AV, EDR, SIEM & Syslog) .
- Interface with IT stakeholders and ensure that the hosting environment meets security and service requirements.
- Develop Standard Operating Procedures for the SOC environment.
- Form part of a 24/7 operational support structure for security services systems.
- Performs root cause analysis, performance tuning, optimisation and other service improvement activities ensuring optimal security environment performance. Continuously identifies areas for improvement for efficiency.
- Log and act on all security incidents according to business expectations and escalate all critical statuses and issues as well as provides recommendations
- Proactively identifies interconnected problems and develops and models alternative solutions and suggests contingency plans to resolve value chain conflicts.
- Participate in major technology infrastructure initiatives, monitor security technology roadmaps and recommend feature enhancements or new solutions to address business risks/requirements.
QUALIFICATION ,SKILLS AND EXPERIENCE REQUIREMENTS
- Relevant tertiary qualification.
- At least 8 years’ working experience in network management network security or cyber operations administration.
- Understanding of SIEM & Security technologies across multiple platforms an advantage.
- Data Analytics – understanding events in sequence for cyber incident management.
- Relevant Information Security certification (e.g., CySA+, ECSA , CISSP) an advantage.
(ISC)2 SCCP
(ISC)2 CISSP
(ISC)2 ISSAP
- Knowledge of IT Architecture, Networking (TCP/IP), Firewall technology, Intrusion Sensor technology, Dartrace, Fortinet, Denial of service technologies, Domain Name System, Routing,
- Network devices (Routers and Switches), Network Access technology, SIEM, Proxy technology,
- Virtual Private Network/Remote Access
- Scripting using languages such as Windows PowerShell, Perl, or Python an advantage
- Familiarity with any SIEM and AI and EDR technologies and SOAR capabilities.
- Technical support strategies and approaches.
- Technical documentation creation and maintenance.
- Incident Management and Problem Management procedures.
- Expert knowledge of Cloud Infrastructures (e.g., Azure & AWS) to manage SOC environments is an added advantage.
Desired Skills:
- It architect
- Networking
- Problem Solving
- Security technologies
- Security controls
Desired Work Experience:
- More than 10 years Clinic & Hospital
- More than 10 years Systems / Network Administration
Desired Qualification Level:
- Diploma