Key Responsibilities:Security MonitoringPerform log ingestion, define use cases, and create alerts for critical assets.Perform daily SIEM health checks and remediate accordingly.Monitor security alerts and events using various tools and technologies.Analyze and investigate security incidents to identify potential threats.Collaborate with team members to develop and implement effective monitoring strategies.Using IOCs and threat intelligence, perform threat hunting across environment.Incident ResponseRespond promptly to security incidents, provide initial analysis, conduct business impact assessment, isolate, eradiate and recovery from threats.Document and report incidents, ensuring accurate and comprehensive records.Follow established incident response procedures, playbooks and contribute to their enhancement.EndPoint ProtectionManage and maintain endpoint security and EDR solutions.Perform daily health checks endpoint security and EDR solutions and remediate accordingly.Conduct regular scans and assessments to identify and mitigate potential vulnerabilities.Work with IT teams to ensure endpoint security configurations align with organizational standards.Vulnerability ManagementAssist in the identification and prioritization of vulnerabilities within the organization's infrastructure.Collaborate with system owners and IT teams to remediate identified vulnerabilities.Stay informed about the latest security threats and vulnerabilities.Email SecurityMonitor and analyze email traffic for potential security threats.Respond to and mitigate email-borne security incidents.Work with email security solutions to enhance protection against phishing and malware attacks.Qualifications and Experience:Relevant degree or advanced diploma in Computer Science, Information Systems, Business or related field, or equivalent combination of education/experience.One or more certifications in: EC-Council SOC, Security+, AWS Certifications, Microsoft Certifications, Google CertificationsMust have 3-6 years' experience in a Cybersecurity related role.Practical experience with system monitoring SIEM, assessment, and reporting tools (ArcSight, IBM QRadar, Splunk, Sentinel, Exabeam, SIEMonster, AlientVault etc.)Practical experience with EDR and XDR tools.Proficiency in network security, operating systems, and security technologies.Experience with common information technologies (Windows, VMware, and Cisco as well as some UNIX, Linux).Experience with Vulnerability and Malware Analysis (threat and attack analysis).Experience with security tools (WAF, Proxy, DNS, IDS, firewalls, anti-virus, data loss prevention, etc.).Knowledge of Cloud Security Operations (SaaS, PaaS, IaaS), Mobile Architecture, Network and Application Security and/or Data ProtectionTechnology experience to be considered; Security+; Microsoft Security Certifications (MS-SC200); Azure Certifications, Recognised SOC certificationSkills:Ability to work in independent environments under aggressive timelines.Ability to develop and maintain working relationships in a global environment.Excellent analytical and problem-solving skillsOutstanding written skills for preparing reports and briefings.Behaviours:Communicates Effectively - conveys information and communicates ideas in a clear, concise and impactful mannerDecision Quality - consistently makes timely, well-rounded and informed decisionsEnsures Accountability - takes accountability and ensures others are held to account on agreed upon performance targetsManages Complexity - interprets and simplifies complex and contradictory information when resolving organisational problemsTech Savvy - leverages new technology to enhance productivity, improve problem solving, and support business growth
#J-18808-Ljbffr