Key Responsibilities:
Security Monitoring
Perform log ingestion, define use cases, and create alerts for critical assets.
Perform daily SIEM health checks and remediate accordingly.
Monitor security alerts and events using various tools and technologies.
Analyze and investigate security incidents to identify potential threats.
Collaborate with team members to develop and implement effective monitoring strategies.
Using IOCs and threat intelligence, perform threat hunting across the environment.
Incident Response
Respond promptly to security incidents, provide initial analysis, conduct business impact assessment, isolate, eradicate and recover from threats.
Document and report incidents, ensuring accurate and comprehensive records.
Follow established incident response procedures, playbooks and contribute to their enhancement.
EndPoint Protection
Manage and maintain endpoint security and EDR solutions.
Perform daily health checks of endpoint security and EDR solutions and remediate accordingly.
Conduct regular scans and assessments to identify and mitigate potential vulnerabilities.
Work with IT teams to ensure endpoint security configurations align with organizational standards.
Vulnerability Management
Assist in the identification and prioritization of vulnerabilities within the organization's infrastructure.
Collaborate with system owners and IT teams to remediate identified vulnerabilities.
Stay informed about the latest security threats and vulnerabilities.
Email Security
Monitor and analyze email traffic for potential security threats.
Respond to and mitigate email-borne security incidents.
Work with email security solutions to enhance protection against phishing and malware attacks.
Qualifications and Experience:
Relevant degree or advanced diploma in Computer Science, Information Systems, Business or related field, or equivalent combination of education/experience.
One or more certifications in: EC-Council SOC, Security+, AWS Certifications, Microsoft Certifications, Google Certifications.
Must have 3-6 years' experience in a Cybersecurity related role.
Practical experience with system monitoring SIEM, assessment, and reporting tools (ArcSight, IBM QRadar, Splunk, Sentinel, Exabeam, SIEMonster, AlienVault etc.).
Practical experience with EDR and XDR tools.
Proficiency in network security, operating systems, and security technologies.
Experience with common information technologies (Windows, VMware, and Cisco as well as some UNIX, Linux).
Experience with Vulnerability and Malware Analysis (threat and attack analysis).
Experience with security tools (WAF, Proxy, DNS, IDS, firewalls, anti-virus, data loss prevention, etc.).
Knowledge of Cloud Security Operations (SaaS, PaaS, IaaS), Mobile Architecture, Network and Application Security and/or Data Protection.
Technology experience to be considered; Security+; Microsoft Security Certifications (MS-SC200); Azure Certifications, Recognised SOC certification.
Skills:
Ability to work in independent environments under aggressive timelines.
Ability to develop and maintain working relationships in a global environment.
Excellent analytical and problem-solving skills.
Outstanding written skills for preparing reports and briefings.
Behaviours:
Communicates Effectively - conveys information and communicates ideas in a clear, concise and impactful manner.
Decision Quality - consistently makes timely, well-rounded and informed decisions.
Ensures Accountability - takes accountability and ensures others are held to account on agreed upon performance targets.
Manages Complexity - interprets and simplifies complex and contradictory information when resolving organisational problems.
Tech Savvy - leverages new technology to enhance productivity, improve problem solving, and support business growth.
#J-18808-Ljbffr