Role Purpose:
The primary role of the Cyber Security Analyst within the Managed Security Services (MSS) division is to perform security monitoring and incident handling to ensure the confidentiality, Integrity, and availability of information assets.

Additionally, the off-site Cyber Security Analyst is to deliver a specific Statement of Work as contracted with the client, by being based at the client to provide such services. The Cyber Security Analyst needs to deliver a high level of quality client service and be a support and escalation channel into the company for the client.

Qualifications and Education

  • Grade 12
  • Broad knowledge of Security technologies and products
  • Product Certifications in SIEM, Security Analytics, AV, Log Management
  • A+, S+, N+, Linux +
  • ITIL Proven skills in a SOC functional unit
  • Must have the ability to understand large, complex systems and be able to focus on specific details or subsystems, their vulnerabilities, and linkages.
  • Experience dealing with malware, attack vectors and the ability to perform pattern analysis.
  • Requires basic knowledge in IT operations with a focus on governance, risk, and compliance.

Key performance areas

  • Provide consistent quality client service.
  • Maintain quality delivery.
  • Personal development
  • Successful delivery of contracted services (Statement of Work) – safe clients

Responsibilities:
Provide consistent quality client service.

  • Makes clients and their needs a primary focus of one’s actions and attention, while developing / maintaining productive client relationships.
  • Seeks to understand client environment to ensure realistic and effective recommendations and/or solutions.
  • Seeks to understand client circumstances, problems, expectations and needs, while resolving problems quickly.

Output:

  • Meeting client expectations / deliverables in line with SOW.
  • Number of complaints / compliments from clients.

Maintain quality delivery:

  • Complies with the company and client standards, policies and procedures.
  • Comply with the company and client change control processes so that no changes are deployed without the necessary approvals.
  • Initiate and perform peer reviews to drive quality in all documentation submitted internally and to client.
  • Meet deliverables’ timelines or manage expectations accordingly.
  • Where applicable, provide standby support by being available on a 24/7 basis as per standby schedule.

Output

  • Number of deviations from the company and client processes / policies / procedures.
  • Documentation / monthly reports / updates (accuracy, quality and deadlines met).
  • Feedback from team / colleagues received from Peer Reviews.
  • Number of instances where deployments were made with / without necessary approvals.
  • Number of times not reachable for support / standby.

Personal development:

  • Achieve relevant Vendor Certifications aligned to immediate/assigned job requirements and Personal Development Plan (PDP).
  • Identify and act on own development and knowledge advancement needs and actively seek out opportunities to expand relevant knowledge to apply to the work environment.

Output

  • Certifications are current.
  • Training and upskilling take place as indicated in PDP.
  • Ability to apply personal growth areas within the work environment, thereby improving quality of service provision.

Successful delivery of contracted services (Statement of Work) – safe clients.

  • The following debatable points will outlay the tasks that the interns will perform during their time at the company Security Operations Centre.
  • The aim of the role is to limit business impact by the use of the company processes and technologies to create visibility through the detection, containment and remediation of IT and Cyber threats. This is a monitoring and operational role with regards to Security Operations (SOC) practices.
  • The role of the interns is to remediate incidents received from the company SOC.
  • The foremost technology that will be used is the SIEM (McAfee Nitro) and the company incident management ticketing system. Security technologies that support these namely Forcepoint Web Security, McAfee ePO Suite, McAfee TIE/ATD, SCCM, CyberArk, Cisco ISE, Checkpoint, Active Directory, Radware, Extra Hop and other technologies within the company security sphere.

Duties are as follows:

  • Remediation of IT threats using the technologies stated above.
  • Advise the company SOC which activities to monitor.
  • Monitoring of the technologies directly e.g., ePO and Forcepoint to automate resolution as well as additional info required for investigation purposes.
  • Logging of incidents and tracking resolutions (Work within the ticketing system provided the company).
  • Active and proactive response to vulnerabilities (e.g., installing Anti-virus when not present and or notify relevant teams to patch critical systems).
  • Aid in root cause investigations and problem management remediation activities.
  • Context aware threat intelligence approach to be more effective in the resolution processes.
  • Basic level troubleshooting knowledge and analytical skills.
  • Investigate incident tickets and use internal resources to help resolve basic security issues (Security incidents e.g., DOS attacks and alerts from the SIEM).

Output

  • Half yearly feedback from client.
  • Number of complaints / compliments from client.
  • Half yearly feedback from peers, product leads, project managers based on delivery.

Technical Knowledge / Competencies

  • Be familiar will current SOC operational methodologies
  • Knowledge of NIST 800 – (any SP in the 800 range)
  • Knowledge of firewalls, IDS, IPS, VLANS, AD, LDAP, routers and switches
  • Knowledge of SIEM technologies
  • Knowledge of root cause analysis and escalation procedures
  • Industry specific “technical” knowledge, detailed understanding and application
  • Knowledge of CVE, Google Hacking and threat intelligence
  • Knowledge of ITIL
  • Reporting skills, being able to articulate technical reports into business language to provide situational awareness and specialist advisory
  • Troubleshooting and problem solving

Behavioral Competencies

  • Team player and Team building (creation of a cohesive division)
  • Able to clarify and issue and/or follow instructions in the current role – job familiarity.
  • Must be effective in communication – written and verbal and listening skills.
  • Openness of mind and curiosity
  • Structured thinking
  • Teachability – (having a positive attitude and a willingness to learn)
  • Individual thinking within the current role
  • Collaboration – willingness and ability to collaborate with other Team Leaders / Supervisors
  • Action oriented – production of desired outcomes within the required timeframes
  • Work pro-actively – both independently and with peers
  • Assertive and confident
  • Ability to handle conflict.
  • Ability to plan and organize work tasks.
  • Strong sense of felt accountability and responsibility

Role Purpose:
The primary role of the Cyber Security Analyst within the Managed Security Services (MSS) division is to perform security monitoring and incident handling to ensure the confidentiality, Integrity, and availability of information assets.

Additionally, the off-site Cyber Security Analyst is to deliver a specific Statement of Work as contracted with the client, by being based at the client to provide such services. The Cyber Security Analyst needs to deliver a high level of quality client service and be a support and escalation channel into the company for the client.

Qualifications and Education

  • Grade 12
  • Broad knowledge of Security technologies and products
  • Product Certifications in SIEM, Security Analytics, AV, Log Management
  • A+, S+, N+, Linux +
  • ITIL Proven skills in a SOC functional unit
  • Must have the ability to understand large, complex systems and be able to focus on specific details or subsystems, their vulnerabilities, and linkages.
  • Experience dealing with malware, attack vectors and the ability to perform pattern analysis.
  • Requires basic knowledge in IT operations with a focus on governance, risk, and compliance.

Key performance areas

  • Provide consistent quality client service.
  • Maintain quality delivery.
  • Personal development
  • Successful delivery of contracted services (Statement of Work) – safe clients

Responsibilities:
Provide consistent quality client service.

  • Makes clients and their needs a primary focus of one’s actions and attention, while developing / maintaining productive client relationships.
  • Seeks to understand client environment to ensure realistic and effective recommendations and/or solutions.
  • Seeks to understand client circumstances, problems, expectations and needs, while resolving problems quickly.

Output:

  • Meeting client expectations / deliverables in line with SOW.
  • Number of complaints / compliments from clients.

Maintain quality delivery:

  • Complies with the company and client standards, policies and procedures.
  • Comply with the company and client change control processes so that no changes are deployed without the necessary approvals.
  • Initiate and perform peer reviews to drive quality in all documentation submitted internally and to client.
  • Meet deliverables’ timelines or manage expectations accordingly.
  • Where applicable, provide standby support by being available on a 24/7 basis as per standby schedule.

Output

  • Number of deviations from the company and client processes / policies / procedures.
  • Documentation / monthly reports / updates (accuracy, quality and deadlines met).
  • Feedback from team / colleagues received from Peer Reviews.
  • Number of instances where deployments were made with / without necessary approvals.
  • Number of times not reachable for support / standby.

Personal development:

  • Achieve relevant Vendor Certifications aligned to immediate/assigned job requirements and Personal Development Plan (PDP).
  • Identify and act on own development and knowledge advancement needs and actively seek out opportunities to expand relevant knowledge to apply to the work environment.

Output

  • Certifications are current.
  • Training and upskilling take place as indicated in PDP.
  • Ability to apply personal growth areas within the work environment, thereby improving quality of service provision.

Successful delivery of contracted services (Statement of Work) – safe clients.

  • The following debatable points will outlay the tasks that the interns will perform during their time at the company Security Operations Centre.
  • The aim of the role is to limit business impact by the use of the company processes and technologies to create visibility through the detection, containment and remediation of IT and Cyber threats. This is a monitoring and operational role with regards to Security Operations (SOC) practices.
  • The role of the interns is to remediate incidents received from the company SOC.
  • The foremost technology that will be used is the SIEM (McAfee Nitro) and the company incident management ticketing system. Security technologies that support these namely Forcepoint Web Security, McAfee ePO Suite, McAfee TIE/ATD, SCCM, CyberArk, Cisco ISE, Checkpoint, Active Directory, Radware, Extra Hop and other technologies within the company security sphere.

Duties are as follows:

  • Remediation of IT threats using the technologies stated above.
  • Advise the company SOC which activities to monitor.
  • Monitoring of the technologies directly e.g., ePO and Forcepoint to automate resolution as well as additional info required for investigation purposes.
  • Logging of incidents and tracking resolutions (Work within the ticketing system provided the company).
  • Active and proactive response to vulnerabilities (e.g., installing Anti-virus when not present and or notify relevant teams to patch critical systems).
  • Aid in root cause investigations and problem management remediation activities.
  • Context aware threat intelligence approach to be more effective in the resolution processes.
  • Basic level troubleshooting knowledge and analytical skills.
  • Investigate incident tickets and use internal resources to help resolve basic security issues (Security incidents e.g., DOS attacks and alerts from the SIEM).

Output

  • Half yearly feedback from client.
  • Number of complaints / compliments from client.
  • Half yearly feedback from peers, product leads, project managers based on delivery.

Technical Knowledge / Competencies

  • Be familiar will current SOC operational methodologies
  • Knowledge of NIST 800 – (any SP in the 800 range)
  • Knowledge of firewalls, IDS, IPS, VLANS, AD, LDAP, routers and switches
  • Knowledge of SIEM technologies
  • Knowledge of root cause analysis and escalation procedures
  • Industry specific “technical” knowledge, detailed understanding and application
  • Knowledge of CVE, Google Hacking and threat intelligence
  • Knowledge of ITIL
  • Reporting skills, being able to articulate technical reports into business language to provide situational awareness and specialist advisory
  • Troubleshooting and problem solving

Behavioral Competencies

  • Team player and Team building (creation of a cohesive division)
  • Able to clarify and issue and/or follow instructions in the current role – job familiarity.
  • Must be effective in communication – written and verbal and listening skills.
  • Openness of mind and curiosity
  • Structured thinking
  • Teachability – (having a positive attitude and a willingness to learn)
  • Individual thinking within the current role
  • Collaboration – willingness and ability to collaborate with other Team Leaders / Supervisors
  • Action oriented – production of desired outcomes within the required timeframes
  • Work pro-actively – both independently and with peers
  • Assertive and confident
  • Ability to handle conflict.
  • Ability to plan and organize work tasks.
  • Strong sense of felt accountability and responsibility

Desired Skills:

  • Security technologies and products
  • A+
  • S+
  • N+
  • Linux +
  • SOC functional unit
  • ITIL Proven skills
  • IT operations
  • a focus on governance
  • risk
  • and compliance.

Learn more/Apply for this position