Senior Cyber Security Specialist (Blue Team) (Hybrid) at Datafin Recruitment

Mar 2, 2023

ENVIRONMENT:

THE technical expertise of a solutions-driven Senior Cyber Security Specialist (Blue Team) with a bloodhound approach to security is sought by a reputable Retail Group. Your core role will entail supporting the execution of the Cyber Security strategy and roadmap with a primary focus on Blue and Purple Teaming. Playing a leading role in a vulnerability and patch management program, you will also help to improve the security posture, plus support and transform SOC capabilities by coordinating operational tasks and delivering key programs. This is a senior technical role requiring excellent experience in building, delivering, improving, and validating defensive processes, solutions, and tooling. You will require 7 years hands-on practical experience working in Cyber Security operations with the focus on Incident Response and Blue Teaming including have led small Cyber teams; experience with security technologies and processes covering identity & access management, data security, vulnerability management and general infrastructure (network, platform, cloud, and endpoint) security & experience in defence tools such as EDR, Microsoft & SIEM.

DUTIES:

  • Oversee incident response – provide guidance and oversight in the identification and response to security incidents, including containment and investigation. Ensure that high quality standards are maintained during the entire incident response process.
  • Maintain and enhance existing (like XDR) and new toolsets required for mature active defence. Investigate new approaches, technology, and automation to challenge traditional thinking and raise the level of security.
  • Mature the security S.H.I.E.L.D – enable mature active defence processes through continual validation and verification of infrastructure, platform, applications, and data asset controls.
  • Enhance defence continuously – work with the team to update defence capabilities in line with threats, vulnerabilities and exploits identified during Red Teaming and Threat Hunting. Automate trumping manual.
  • Manage threat intelligence – contribute towards building and running threat intelligence capabilities.
  • Hunt for the needle in the needle stack – proactively search for and identify advanced threats that evade existing security solutions and feed this learning into Blue Team defence capability.
  • Blue Team reporting and metrics – responsible for building, enhancing, and maturing blue team reporting mechanisms such as dashboards and key cyber metrics.
  • Mature vulnerability and patch management – improve vulnerability management processes and drive patching processes.
  • Establish relationships with key stakeholders for effective cross-team collaboration and implementation of security operations processes.

Additional Responsibilities –

  • Support the broader Cyber SecOpsTeam – collaboration to drive and support various operational and strategic initiatives.
  • Champion or co-champion internal security solutions and/or processes.
  • Help define and set security standards.
  • Provide context and guidance to implement security improvements.

REQUIREMENTS:

Mandatory –

  • Minimum of 7 years hands-on practical experience working in Cyber Security operations with the focus on Incident Response and Blue Teaming.
  • Experience in effectively leading small Cyber teams.
  • Experience with security technologies and processes covering identity & access management, data security, vulnerability management and general infrastructure (network, platform, cloud, and endpoint) security.
  • Experience in defence tools such as EDR, Microsoft and SIEM.
  • Some leadership skills to provide oversight over technical processes executed by the Blue team.
  • Deep technical skills and ability to automate manual processes.
  • Practical scripting experience.
  • Working with data (flows, integration, correlation and visualisation).
  • Relevant research and translation into defence.
  • Ability to perform malware analysis.
  • Able to engage with and contribute to the Information Security community.
  • Can play in the Matrix.

Advantageous –

  • Experience with attack tools such as Burp Suite, Cobalt Strike and Metasploit.
  • Relevant Blue Team and Incident Response qualifications and Certifications such as SANS – Cyber Defence and CREST – Incident Response.

ATTRIBUTES:

  • Relentless pursuit of threat identification and remediation.
  • Very good people skills to engage with the various stakeholders across the business, while ensuring that professionalism is maintained.
  • Is aware of and responsive to internal and external events and influences on the technical landscape.
  • Appropriately derives and organises the essence of information to draw solid conclusions.
  • Looks beyond symptoms to uncover root causes of problems to be solved.
  • Synthesises data from different sources to identify trends.
  • Presents problem analysis and a recommended solution rather than just identifying and describing the problem itself.
  • Proactively approaches others to obtain missing information.
  • Demonstrates a results-oriented mindset in planning and implementing activities/projects.
  • Clearly defines objectives and translates them into workable activities.
  • Monitors and tracks progress to ensure delivery of all planned commitments, and keeps the appropriate people informed.
  • Prepares written reports and briefs and communicates ideas clearly.
  • Speaks fluently in team meetings when presenting information.
  • Manages existing partnerships within established agreements or contracts; negotiates adjustments when mutually beneficial to do so.
  • Genuinely cultivates personal bonds with colleagues in order to enhance performance throughout the organisation.
  • Adjusts to work effectively within new work structures, processes, requirements, or cultures.
  • Demonstrates resourcefulness in acquiring necessary knowledge, skills and competencies to adapt to change.

While we would really like to respond to every application, should you not be contacted for this position within 10 working days please consider your application unsuccessful.

COMMENTS:

When applying for jobs, ensure that you have the minimum job requirements. OnlySA Citizens will be considered for this role. If you are not in the mentioned location of any of the jobs, please note your relocation plans in all applications for jobs and correspondence. Apply here [URL Removed] OR e-mail a Word copy of your CV to [Email Address Removed] and mention the reference number of the job.

Desired Skills:

  • Senior
  • Cyber
  • Security

Learn more/Apply for this position