- Assist with digital forensics and incident response investigations, acting as a technical resource.
- Investigate, analyze and contain malware incidents.
- Lead the resolution of security issues through working with resolver groups.
- Evaluate and recommend new security practices and solutions.
- Ensure detection controls and underlying security architecture and solutions correctly configured and maintained to provide necessary input feeds into the SOC.
- Develop, maintain and implement SOC processes and procedures including use cases, indicators of compromise, run books etc.
- Act as an escalation point for Level 2 analysts and provide coaching and mentoring.
- Act as a security expert to provide advice to resolver groups.
- Analyze information from threat intelligence sources and recommend and implement requisite actions in line with this information.
- Contribute to the continuous improvement of security processes, tools and techniques to counter threats faced by SITA and our customers.
8+ years experience in an IT environment, with at least 5 years in a SOC or security analyst capacity.
KNOWLEDGE & SKILLS
- Expert knowledge of configuration and operation of security solutions, including Firewalls, IDS, Internet Filters, DLP, Vulnerability Scanners, Anti-Malware Solutions etc.
- Excellent understanding of Operating System, and Application logs from a variety of platforms.
- Strong knowledge of configuration and operation of SIEM Solutions preferably McAfee Enterprise Security Manager (formerly Nitro).
- Strong knowledge of Windows and Unix/Linux operating systems, and TCP/IP networking.
- Strong ability to play a leading role in the development, set up and documentation of SOC processes and procedures as well as on-boarding devices and data sources, and SIEM configuration.
- Strong knowledge of computer forensic tools
- Strong communication skills, especially in taking technical security information and communicating it to a non-security audience.
- Good knowledge of Elasticsearch, Logstash and Kibana (ELK) in a security analysis context.
- Good knowledge of DevSecOps concepts.
- Good knowledge of malware investigation/reverse engineering.
- Good ability to perform data analytics.
- Information Security
- Technical Communication
- Adhering to Principles & Values
- Creating & Innovating
- Customer Focus
- Results Orientation
- Impact & Influence
- Leading Execution
EDUCATION & QUALIFICATIONS
- Degree in a technical discipline (e.g. Information Security, Computer Science, Engineering, Mathematics, etc.) or sufficient work experience to demonstrate proficiency at this level.
- Professional security designation such as:
- Certified Information Systems Security professional (CISSP)
- Certified Ethical Hacker (CEH)
- Global Information Assurance Certifications (GIAC) e.g. Certified Incident Handler (GCIH), Certified Intrusion Analyst (GCIA), Certified Enterprise Defender (GCED), Certified Forensic Analyst (GCFA)
- Previous experience in network engineering considered an asset.
- Previous experience in system administration considered an asset.