Information Security Centre Analyst Level 3

SUMMARY:
Information Security Operations Centre Analyst

POSITION INFO:

Main Purpose:

To analyse security events and alerts and to gather and carry out remediation tasks on console for T-systems clients through its toolsets, operational monitoring, preventative actions and crisis management.

Description of responsibilities:

• Conduct cyber intelligence operations including intelligence collection, tracking threat actors, identifying malicious behaviors and operations.
• Works with customers, vendors and internal resources for problem resolution and security advisories.
• Standardizes process and procedures and provides continual improvement.
• Develops and maintain comprehensive documentation on incidents and analysis for clients and internal.
• Compile security advisories for internal and external in document format with technical recommendations.
• Use case writing, development and refinement for detection of threats.
• Proactively search for rogue behavior, malicious attacks & suspicious activity.
• Training of junior analysts.
• Analyze threat feeds to produce daily/weekly/monthly Threat Intelligence brief and regular threat trend reporting.
• Analyse security events/alerts and recommend remedial actions.
• Analyse vulnerability scan data and recommend remedial actions.
• Analyse trends across time and clients for remedial actions.
• Provide analysis in contracted reports.
• Healthchecks on monitored devices.
• Analyse Network flow data & investigate deviations from baseline.
• Pro-actively hunt for threats, vulnerabilities & suspicious activity.
• Investigate suspicious emails for phishing attacks.

Qualifications and Experience Required: 

• Grade 12 (essential). 
• Certification in IBM QRadar essential.
• Experience analyzing phishing attacks
• CISSP, CEH, GPEN, OSCP or similar security certifications.
• Experience producing reports and briefs on the current threat landscape and associated risks.
• Experience monitoring third party security related websites, forums and social media sites for information regarding vulnerabilities and exploits.
• Experience conducting malware analysis – usage of VirusTotal etc.
• Experience replicating reported vulnerabilities in a safe and contained environment to develop proof of concept and/or exploit tools.
• Working Knowledge with the folloiwng technologies: Windows and Active Directory, Unix and Linux, Routers & Switches, Anti-Malware Systems, Relational Databases, Open Source Intelligence, Firewall, IDS/IPS, Vulnerability Management & Proxy management or solid understanding of these technologies.
• 5 – 8 years work related experience as a Level 1/2 Analyst.
• SOC/SIEM systems Certifications – IBM Qradar essential.
• Formal training in Networking and networking protocols – CCNA advantageous.
• Experience in malware investigation advantageous.
• Experience in server/network/firewall/ips administration.
• Experience in a Security Operations Centre environment & a Network Monitoring environment.
• Relevant Courses eg  Security +, introduction to information security an advantage.
• Understanding of the different types of Cyber Security Attacks & how to prevent them.

 Key competencies:

• How to analyse data
• IBM – QRadar experience
• Must have an understanding of use cases
• Must have excellent problem-solving skills.
• Detailed technical knowledge of technology protocols (TCP/IP, SMB, SSH etc)
• Good knowledge of scripting languages
• Communication skills (verbal and written - report writing, email and presentation)
• Problem solving skills
• Customer orientation
• Planning and organising skills
• Analysing skills
• Writing and Reporting
• Learning and Researching
• Creating & Innovating
• Delivering Results & Meeting Customer Expectations

NB! This job is now closed. You can apply for other jobs by uploading your CV.