The Role: Essential function:
- Monitor, Manage and configure of Security Tools
- Monitor User, Network, Threat and other events from security tools to identify abnormal activity indicating security incidents
- Review and correlate incident information escalated from Tier 1 Analysts to determine and assess their urgency and impact
- Evaluate the incident, identify the cause, and implement required actions to mitigate, prevent and/or recover from the incident
- Proactively research and monitor security trends and information to identify potential threats and implement capabilities to proactively detect and respond
- Creating, maintaining and optimizing of SIEM Rules to reduce false positive, improve accuracy and improve detection capabilities
- Establish a detailed understanding of client??s infrastructure
- Establish a detailed understanding of clients incidence response processes
- Research and understand and stay abreast with the Mitre Att&ck Framework
- Create and update Security incidents in ITSM platform with detailed information of logs relevant to the incident
- Update and track incidents and requests based on analysis results and incident response updates
- Escalate validated and confirmed Incidents to TIER 2 and designated incident response teams
- Work Closely with other security teams and designated incident response teams
- Establish and document root cause and remediation responses
- Create client request for information elements and reports
- Identify and address gaps and/or omissions in security detection and posture.
- Perform Purple team exercises and develop rules around said exercises.
- Develop Run-book and Playbooks
- Automate Run-books and Playbooks for response and remediation processes.
- Support and assist senior analysts
Skills and Experience: Essential Qualification:
- Grade 12
- Industry recognised (vendor neutral) security certification (e.g. CISSP, CEH, Security+, GIAC, etc.)
Preferred Qualification:
- Hold an industry recognised (vendor neutral) security certification (e.g. CISSP, CEH, Security+, etc.)
- Degree (or equivalent) in Information Technology/Security, Engineering or related field of study preferred (alternatively an equivalent combination of education and experience).
- Min 5 years in a hands-on security role, with a strong background in security tools including but not limited to firewalls, IDS/IPS, proxy servers and endpoint protection
- Holds a recognised SIEM Tool Certification
Experience required:
- 5+ Years of experience with Information Security with experience in a SOC environment, with demonstrable expertise in SIEM (LogPoint, QRadar, Splunk McAfee or ArcSight)
- 5+ Years of experience in an operations focused information security role, with a strong background in security controls and risk management frameworks
- Mitre Attack Framework (or equivalent) understanding as well as security and data compliance requirements,
- Demonstrable understanding of operating systems, applications and information technology systems along with their purpose and logging capabilities