Specialist: Cybersecurity Analyst

Details of the offer

ROLE PURPOSE

As part of the Customer-facing Nexio SOC team, the Specialist: Cybersecurity Analyst plays a critical role in monitoring, detecting, and responding to cybersecurity incidents within a Security Operations Center. The Cybersecurity Analyst utilizes incident handling methodologies to validate security events, assess severity levels, and provide guidance to SOC Analysts. By leveraging threat intelligence and conducting in-depth analysis, the Cybersecurity Analyst identifies the scope of attacks, impacted systems, and potential perpetrators. The Cybersecurity Analyst ensures metrics are monitored, offers recommendations, and advises on containment and recovery steps. The Cybersecurity Analyst documents incidents, updates relevant documentation, and supports the development of analytic methods for threat detection.
He/She should ideally have competency in security incident handling analysis experience in an established SOC environment and contribute to risk management, participate in Blue Team exercises, and develop playbooks for incident scenarios. The Cybersecurity Analyst monitors network traffic, investigates incidents, and collaborates with the SOC team to respond to threats or intrusions.

ROLE REQUIREMENT

Adheres to the standard operating procedure and playbooks in the SOC.Impacts on Customer satisfaction and confidence in the SOC Service and service level performance.Validate and declare security incidents based on incident handling methodologies.Confirm severity levels (S0 to S4) using SLA severity classification.Provide guidance and support to SOC Analysts during incident response.Utilize threat intelligence, updated rules, and IOCs to identify affected systems and the extent of attacks.Conduct in-depth threat intelligence analysis to uncover attack types, data/systems impacted, and potential perpetrators.Make recommendations to incident managers regarding additional analysis and required remediation.Determine the impact on critical systems or data sets and advise on remediation steps.Validate false positives, policy violations, intrusion attempts, security threats, and potential compromises.Suggest containment and recovery steps based on analysis findings.Formally document learnings and update relevant documentation such as tickets and run books.Provide support for analytic methods to detect threats and conduct further triage based on defined run books.Consolidate data through alert triage, providing necessary context before escalating to Operations and Security Engineering Teams for deeper analysis.Manage security events, incidents, and service requests via the ticketing systems.Identify alarms by intent and method, including reconnaissance, system compromises, and ingested log sources:Firewalls and network devicesInfrastructure server and end-user systemsThreat intelligence platformsWeb proxiesCloud and hybrid-IT provisioning, access, and infrastructure systems (Amazon Web Services)Antivirus systemsIntrusion detection and prevention systemsSimilar in Scope source systemsApply the MITRE ATT&CK framework for anomaly analysis and conduct additional analysis using correlation rules and SIEM alerts.Validate and update initial tickets in the SIEM platform and Service Desk.Monitor event queues, investigate potential incidents, and escalate or close events as necessary.Validate investigation results and pass relevant details to the SOC Team Lead.Assess security controls based on cybersecurity principles and frameworks (e.g., CIS CSC, NIST SP 800-53).Analyze network traffic, characterize threats, and coordinate with cyber defense staff for validation.Document and escalate incidents, perform trend analysis, and report findings.Review security architecture, identify gaps, and recommend risk mitigation strategies.Provide timely detection, identification, and alerting of possible attacks, intrusions, and anomalous activities.Utilize cyber defense tools for monitoring and analyzing system activity, identifying and analyzing malicious behavior.Conduct analysis of network traffic, including network mapping, OS fingerprinting, and identification of compromised credentials.Assist in the development of signatures for cyber defense tools.Notify stakeholders of suspected cyber incidents, articulate event details, and follow the organization's incident response plan.Analyze and report on organizational and system security posture trends.Assess access controls and monitor external data sources for emerging threats. Additional Information:
Individuals at this level are competent in best practices in security incident handling in an established SOC.Able to build strong interpersonal relationships with the SOC team and customer stakeholders.Competent communication skills and communication of complex information to non-technical stakeholders.Competent in producing and presenting work.Good understanding of security incident analysis and incident handling practices, proficient knowledge of networking protocols, operating systems, and security architecture in an established SOC.Proficiency in security tools such as SIEM, IDS/IPS, EDR, and network analyzers. JOB SPECIFIC REQUIREMENT

Adhere to operational processes in the NIST CSF, CIS CSC, NIST SP 800-53, and MITRE ATT&CK framework.Proficient in incident triage methodologies and techniques to identify and investigate potential security threats and apply playbooks.Prior experience to advise, plan, deploy, configure, manage, and monitoring large-scale and complex cyber defence and IT risk management and information or cybersecurity solutions. QUALIFICATIONS & EXPERIENCE

Grade 12One or more of these industry Cybersecurity Certifications: such as CISSP, GCIH, GCIA, or relevant vendor-specific certificationsMinimum of four (4) years of work experience, and three (3) years of relevant experience in an established SOC and information security/cybersecurityAbility to partake in exercises, assist in developing playbooks, and automate processes.Experience with a ticketing system such as BMC Remedy.Proficient understanding of cybersecurity principles, technologies, and best practices.Experience working with cloud environments (Amazon Web Services Security) is desirable.Analytical, problem-solving, and critical-thinking skills.Proficient communication and collaboration abilities with various stakeholders.Proficient in security event analysis and incident response.Experience in working across security frameworks and technologies.Familiarity with security tools and technologies, such as SIEM, IDS/IPS, EDR, and vulnerability scanners.Proficient analytical and problem-solving skills with attention to detail. LEADERSHIP COMPETENCY REQUIREMENTS

Ethics: Maintain integrity, professionalism, and promote ethical behavior.Crisis Management: Effectively respond to and manage cybersecurity incidents.Responsive to Requests: Responsiveness to reasonable customer, supplier, and management requests.Attention to Detail: Pay attention to detail and ensure deliverables undergo quality reviews.Proactive and Reliable: Be proactive, innovative, and demonstrate reliability.Customer-Centric Approach: Put the customer first and go the extra mile in the company's best interest.High-Performance Team Player: Positively contribute to the high-performance team.Emotional Intelligence and Integrity: Demonstrate emotional intelligence and act with integrity.Teamwork and Collaboration: Work well with others and maintain a high-performance team ethic.Willingness to Learn: Be open to learning a range of security technologies and platforms.Positive Attitude: Maintain a positive attitude in the face of challenges.Leadership Potential: Exhibit the potential for leadership by taking ownership of assigned tasks, demonstrating a sense of responsibility, and displaying a strong work ethic. Show willingness to share knowledge and contribute to the development of the team and its capabilities.
#J-18808-Ljbffr


Nominal Salary: To be agreed

Source: Jobleads

Requirements

Service And Parts Administrator

Job Summary: We are looking for a reliable and detail-oriented Service and Parts Administrator to join our team. Key responsibilities: Purchase Orders Proble...


Webuycars - Gauteng

Published 19 days ago

Senior Data Engineer

Data Engineer Are you a talented data engineer looking for your Dream Developer Job? OfferZen, the developer jobs marketplace, reverses the job search proces...


Offerzen Ltd - Gauteng

Published 19 days ago

First Line Technical Support

A well established company based in Irene is seeking a First Line Technical Support. Duties: Logging Support Calls on Manage Engine Service Desk ( ticketing ...


Placement Point - Gauteng

Published 19 days ago

Data Analyst

A well-known insurer is seeking a dynamic Data Analyst with strong business analysis skills to join their team This company has over 30 years of experience a...


Network Recruitment - Gauteng

Published 19 days ago

Built at: 2024-12-04T14:20:34.348Z