Old Mutual is a firm believer in the African opportunity and our diverse talent reflects this.Job DescriptionThe SOC Analyst Tier 2 forms part of the Old Mutual SOC & Threat intel team. The SOC Team will identify, analyse, and react to cyber security threats using a reliable set of processes and security technologies. The SOC Team provides a critical layer of analysis needed to seek out any irregular activity that could suggest a security incident.The job role includes actively participating in the incident detection process as follows:Possesses in-depth knowledge of network, endpoint, threat intelligence, as well as the functioning of specific applications or underlying IT infrastructureClosely involved in developing, tuning, and implementing threat detection analyticsActs as the 1st escalation for Tier 1 SOC AnalystsResponds to and oversees the remediation of a declared security incidentCompletes the Root Cause Analysis Report for IncidentsUses threat intelligence such as updated rules and Indicators of Compromise (IOCs) to pinpoint affected systems and the extent of the attackMonitors shift-related metrics ensuring applicable reporting is gathered and disseminated to the Head of SOC and Threat IntelOversees the analysis on running processes and configs on affected systemsUndertakes in-depth threat intelligence analysis to find the perpetrator, the type of attack, and the data or systems impactedProvides support for analytic methods for detecting threatsUndertakes threat intelligence researchValidates false positives, policy violations, intrusion attempts, security threats and potential compromisesUndertakes security incident triage to provide necessary context prior to escalating to relevant Security Specialists to perform deeper analysis when necessaryFurther analyses alarms by method e.g. credentials compromised and by asset classBased on the correlation rules and alarms within the SIEM and run books, further analyses anomaly tactic using the MITRE ATT&CK frameworkManages security incidents using the SIEM platform and defined operational procedures.Key Performance Indicators:Azure Sentinel SIEM Platform MonitoringMicrosoft Defender 0365 Policy Management and deploymentStandard SOC ReportingIncident Service Level ManagementVarious Security platforms administration and configuration, policy configurationSecurity platforms with SIEM integration and participate in the security incident and event investigations and remediationEnsure IT policies are met with regards to data security and IntegrityEnsure IT policies are met with regards to network securityRole Requirements:Experience:Strong knowledge and experience working with SIEM Solutions, QRadar, McAfee ESM, Azure Sentinel.2 to 4 years' experience in IT Infrastructure Support, and a further 2 to 4 years' track record as a Tier 2 SOC Analyst or Threat Hunter in an established SOCExperience working with Mimecast, Microsoft Defender 0365Experience working KnowB4 & PhishMeGood knowledge of networks technologies (protocols, design concepts, access control)Good knowledge of various security technologies (firewalls, web gateway, endpoint protection, vulnerability management, network infrastructure, etc.)Good experience working with Nessus or QualysGood understanding of the MITRE ATT&CK frameworkGood understanding of the ITIL Framework.Good report writing skills. PowerBI or QlikViewBrilliant with a support ticketing system and experience in meeting SLA targets.Familiarity with risk management and quality assurance control.Excellent interpersonal skills and professional demeanorExcellent verbal and written communication skillsCandidate must be eligible to obtain National Security ClearanceQualifications:Grade 12 (Matric) (Compulsory)Degree or Diploma in Computer TechnologySIEM Technology certification (QRadar, McAfee ESM, Azure Sentinel)MCSE, MCSA.Microsoft SC-200, AZ500ITIL Foundation qualificationCompTIA A+, N+ S+CNNA or equivalentCompTIA CySa and CASP+ advantageousClosing Date: 19 October 2024The appointment will be made from the designated group in line with the Employment Equity Plan of Old Mutual South Africa and the specific business unit in question.Old Mutual Limited is pro-vaccination and encourages its workforce to be fully vaccinated against Covid-19.All prospective employees are required to disclose their vaccination status as part of the recruitment process.Please refer to the Old Mutual's Covid-19 vaccination policy for further detail. Kindly note that Old Mutual reserves the right to reinstate the requirement to vaccinate at any point if it is of the view that it is imperative to do so.
#J-18808-Ljbffr