CDC Engineer

SUMMARY:
Business Department: Cyber Security

PURPOSE:
 
To analyse security events and alerts and to gather and carry out remediation tasks on console for Gijima clients through its toolsets, operational monitoring, preventative actions and crisis management
 

POSITION INFO:
FORMAL EDUCATION:

• Grade 12 (essential)
• IT Certificate/Diploma/Degree

• IBM Qradar Certification
• CISSP, CEH, GPEN, OSCP or similar security certifications
• CCNA advantageous
• Security +
• Introduction to information security an advantage

• Experience analysing phishing attacks
• Experience producing reports and briefs on the current threat landscape and associated risks
• Experience monitoring third party security related websites, forums and social media sites for information regarding vulnerabilities and exploits
• Experience conducting malware analysis – usage of VirusTotal etc
• Experience replicating reported vulnerabilities in a safe and contained environment to develop proof of concept and/or exploit tools
• Working Knowledge with the following technologies: Windows and Active Directory, Unix and Linux, Routers & Switches, Anti-Malware Systems, Relational Databases, Open-Source Intelligence, Firewall, IDS/IPS, Vulnerability Management & Proxy management or solid understanding of these technologies.
• 5 – 8 years' work-related experience as a Level 1/2 Analyst
• Formal training in Networking and networking protocols
• Experience in malware investigation advantageous
• Experience in server/network/firewall/ips administration
• Experience in a Security Operations Centre environment & a Network Monitoring environment
• Understanding of the different types of Cyber Security Attacks & how to prevent them

• Conduct cyber intelligence operations including intelligence collection, tracking threat actors, identifying malicious behaviours and operations.
• Works with customers, vendors and internal resources for problem resolution and security advisories
• Standardizes process and procedures and provides continual improvement
• Develops and maintain comprehensive documentation on incidents and analysis for clients and internal
• Compile security advisories for internal and external in document format with technical recommendations
• Use case writing, development and refinement for detection of threats
• Proactively search for rogue behaviour, malicious attacks & suspicious activity
• Training of junior analysts
• Analyse threat feeds to produce daily/weekly/monthly Threat Intelligence brief and regular threat trend reporting
• Analyse security events/alerts and recommend remedial actions
• Analyse vulnerability scan data and recommend remedial actions
• Analyse trends across time and clients for remedial actions
• Provide analysis in contracted reports
• Health checks on monitored devices
• Analyse Network flow data & investigate deviations from baseline
• Pro-actively hunt for threats, vulnerabilities & suspicious activity.
• Investigate suspicious emails for phishing attacks

• How to analyse data
• IBM – QRadar experience
• Must have an understanding of use cases
• Must have excellent problem solving skills.
• Detailed technical knowledge of technology protocols (TCP/IP, SMB, SSH etc)
• Good knowledge of scripting languages

• Communication skills (verbal and written - report writing, email and presentation)
• Problem solving skills
• Customer orientation
• Planning and organising skills
• Analysing skills
• Writing and Reporting
• Learning and Researching
• Creating & Innovating
• Delivering Results & Meeting Customer Expectations

• Presenting and Communicating Information
• Deciding and Initiating Action
• Coping with Pressures and Setbacks
• Applying Expertise and Technology
• Following Instructions and Procedures
• Ability to work well independently & productively with minimal supervision.