Senior Security Analyst [SOC]

JOB SUMMARY:
The Role:

Essential function:

• Monitor, Manage and configure of Security Tools
• Monitor User, Network, Threat and other events from security tools to identify abnormal activity indicating security incidents
• Review and correlate incident information es...
  
  

  JOB DESCRIPTION:
  

  The Role:

  Essential function:

  • Monitor, Manage and configure of Security Tools
  • Monitor User, Network, Threat and other events from security tools to identify abnormal activity indicating security incidents
  • Review and correlate incident information escalated from Tier 1 Analysts to determine and assess their urgency and impact 
  • Evaluate the incident, identify the cause, and implement required actions to mitigate, prevent and/or recover from the incident
  • Proactively research and monitor security trends and information to identify potential threats and implement capabilities to proactively detect and respond 
  • Creating, maintaining and optimizing of SIEM Rules to reduce false positive, improve accuracy and improve detection capabilities
  • Establish a detailed understanding of clientâ??s infrastructure
  • Establish a detailed understanding of clients incidence response processes 
  • Research and understand and stay abreast with the Mitre Attck Framework 
  • Create and update Security incidents in ITSM platform with detailed information of logs relevant to the incident
  • Update and track incidents and requests based on analysis results and incident response updates
  • Escalate validated and confirmed Incidents to TIER 2 and designated incident response teams
  • Work Closely with other security teams and designated incident response teams
  • Establish and document root cause and remediation responses 
  • Create client request for information elements and reports
  • Identify and address gaps and/or omissions in security detection and posture. 
  • Perform Purple team exercises and develop rules around said exercises. 
  • Develop Run-book and Playbooks 
  • Automate Run-books and Playbooks for response and remediation processes. 
  • Support and assist senior analysts

  Skills and Experience:

  Essential Qualification:

  • Grade 12
  • Industry recognised (vendor neutral) security certification (e.g. CISSP, CEH, Security+, GIAC, etc.)

  Preferred Qualification:

  • Hold an industry recognised (vendor neutral) security certification (e.g. CISSP, CEH, Security+, etc.)
  • Degree (or equivalent) in Information Technology/Security, Engineering or related field of study preferred (alternatively an equivalent combination of education and experience).
  • Min 5 years in a hands-on security role, with a strong background in security tools including but not limited to firewalls, IDS/IPS, proxy servers and endpoint protection 
  • Holds a recognised SIEM Tool Certification

  Experience required:

  • 5+ Years of experience with Information Security with experience in a SOC environment, with demonstrable expertise in SIEM (LogPoint, QRadar, Splunk McAfee or ArcSight)
  • 5+ Years of experience in an operations focused information security role, with a strong background in security controls and risk management frameworks 
  • Mitre Attack Framework (or equivalent) understanding as well as security and data compliance requirements,
  • Demonstrable understanding of operating systems, applications and information technology systems along with their purpose and logging capabilities

  Other:

  Work environment:

  • Security Operations Centre

  Physical demands:

  • Office Based in the Security Operations Centre Ad-Hoc Remote support

  Travel:

  • Potential travel after hours/weekends for breach incidents

   

  NB! This job is now closed. You can apply for other jobs by uploading your CV.

  
  

  ---

   

  New users - Upload your CV

  Existing users - Login here