Job Requirements
Role & responsibilities
-
Works as part of a global Cyber Defense Centre (CDC) team that works 24/7 on rotational shifts.
-
Works with client stakeholders and relevant internal teams to tune the MSSP platform and client SIEM to enable more efficient detection, analysis and reporting.
-
Monitors security tools to review and analyse security logs from client environments.
-
Generates continuous improvement ideas for supported security tools/technologies, to enable improvements to the company services, employee experience and client experience.
-
Adheres to SOPs, customer Run Books, and standard processes to ensure a globally consistent delivery whilst also proposing changes and improvements to these standards.
-
Utilizes and documents best practices and amends existing documentation as required.
-
Identifies opportunities to make automations which will help the clients and security delivery teams.
-
Performs security incident handling and response from several vectors including End Point Protection and Enterprise Detection and response tools, attack analysis, malware analysis, network forensics, computer forensics.,
-
Utilizes a broad range of skills in LAN technologies, Windows and Linux O/Ss, and general security infrastructure.
-
Ensures usage of knowledge articles in incident diagnosis and resolution and assists with updating as and when required.
-
Performs defined tasks to inform and monitor service delivery against service level agreements and maintain records of relevant information.
-
Undertakes threat hunting activities across both individual client estates, as well as cross client hunting.
-
Manages unresolved incidents and follows up until incidents are resolved.
-
Works closely with client delivery teams to support their activities related to client delivery.
-
Cooperates closely with colleagues to share knowledge and build a cohesive and effective team environment, benefiting the individual, the business and the client.
-
Performs any other related task as required.
Knowledge and Attributes:
-
Seasoned knowledge on implementation and monitoring of a company supported SIEM or security tools/technologies/concepts.
-
Seasoned knowledge on security architecture, worked across different security technologies.
-
Seasoned knowledge and understanding of the operation of modern computer systems and networks and how they can be compromised.
-
Displays excellent customer service orientation and pro-active thinking.
-
Displays problem solving abilities and is highly driven and self-organized.
-
Excellent attention to detail.
-
Excellent analytical and logical thinking.
-
Excellent spoken and written communication abilities.
-
Team player with the ability to work well with others and in group with colleagues and stakeholders.
-
Ability to remain calm in pressurized situations.
-
Ability to keep current on emerging trends and new technologies in area of specialization.
Academic Qualifications and Certifications:
-
Bachelor's degree or relevant qualification in Information Technology or Computing or a related field.
-
Security certifications such as (but not limited to) AZ-500, SC-200, Security+, CEH, CISSP, CISM or similar Certification in different networking technologies such as CCNA, JNCIA, ACCA, PCNSA, CCSA is advantageous.
Required experience:
-
Should have at least 6+ years of experience in SOC
-
Seasoned experience in SOC Analysis Operations.
-
Seasoned experience in SIEM usage for investigations.
-
Seasoned experience in Security technologies such as (but not limited to) Firewall, IPS, IDS, Proxy.
-
Seasoned experience in dealing with technical support to clients.
-
Seasoned experience in handling security incidents end to end.
-
Seasoned experience in configuring/managing security controls, such as SIEM, Firewall, IDS/IPS, EDR, NDR, UTM, Proxy, SOAR, Honeypots and other security tools.
-
Seasoned experience in Security Analysis or Engineering preferably gained within a global services organization.
