Senior Security Analyst [SOC]
  • South Africa Johannesburg
  • iOCO
1 year before
31.12.2023
Protect and Defend
Cyber Defense Analysis
Job Description

About the job
We are recruiting a Senior Security Analyst [SOC] for a permanent opportunity.

Our ideal candidate must be willing to work standard 8 hours a day 5 days a week, Standby will be required overtime will be expected as well.

Qualification Required

Grade 12
Industry recognized (vendor neutral) security certification (e.g. CISSP, CEH, Security+, GIAC, etc.)

Preferred Qualification

Hold an industry recognized (vendor neutral) security certification (e.g. CISSP, CEH, Security+, etc.)
Degree (or equivalent) in Information Technology/Security, Engineering or related field of study preferred (alternatively an equivalent combination of education and experience).
3 to 5 years in a hands-on security role, with a strong background in security tools including but not limited to firewalls, IDS/IPS, proxy servers and endpoint protection
Holds a recognized SIEM Tool Certification

Experience Required

2+ Years of experience with Information Security with experience in a SOC environment, with demonstrable expertise in SIEM (Log Point, Q Radar, Splunk McAfee or Arc Sight
5+ Years of experience in an operations focused information security role

Duties/Responsibilities

Monitor, Manage and configure of Security Tools
Monitor User, Network, Threat and other events from security tools to identify abnormal activity indicating security incidents
Review and correlate incident information to determine and assess their urgency and impact
Perform Threat Intel Research and understand current Cybersecurity Threats, Tactics and techniques
Establish a detailed understanding of client's infrastructure
Establish a detailed understanding of clients incidence response processes
Research and understand and stay abreast with the Mitre Attack Framework
Create and update Security incidents in ITSM platform with detailed information of logs relevant to the incident
and track incidents and requests based on analysis results and incident response updates
Escalate validated and confirmed Incidents to TIER 2 and designated incident response teams
Work Closely with other security teams and designated incident response teams
Create client request for information elements and reports
Identify gaps and/or omissions in security detection and posture.
Provide input into Run-book and playbook development
Assist in automation of response and remediation processes.
Support and assist senior analysts

Work Environment

Security Operations Centre

Physical Demands

Office Based in the Security Operations Centre
Ad-Hoc Remote support

Travel

Potential travel after hours/weekends for breach incidents

Desired Skills

Systems Analysis
Complex Problem Solving
Programming
C#
Java
SQL
HTML

Quick response
Required Knowledge
  • K0001   Knowledge of computer networking concepts and protocols, and network security methodologies.
  • K0004   Knowledge of cybersecurity and privacy principles.
  • K0013   Knowledge of cyber defense and vulnerability assessment tools and their capabilities.
  • K0042   Knowledge of incident response and handling methodologies.
  • K0044   Knowledge of cybersecurity and privacy principles and organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
  • K0049   Knowledge of information technology (IT) security principles and methods (e.g., firewalls, demilitarized zones, encryption).
  • K0059   Knowledge of new and emerging information technology (IT) and cybersecurity technologies.
  • K0061   Knowledge of how traffic flows across the network (e.g., Transmission Control Protocol [TCP] and Internet Protocol [IP], Open System Interconnection Model [OSI], Information Technology Infrastructure Library, current version [ITIL]).
  • K0070   Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code).
  • K0106   Knowledge of what constitutes a network attack and a network attackā€™s relationship to both threats and vulnerabilities.
  • K0107   Knowledge of Insider Threat investigations, reporting, investigative tools and laws/regulations.
  • K0160   Knowledge of the common attack vectors on the network layer.
  • K0161   Knowledge of different classes of attacks (e.g., passive, active, insider, close-in, distribution attacks).
  • K0179   Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).
  • K0290   Knowledge of systems security testing and evaluation methods.
  • K0301   Knowledge of packet-level analysis using appropriate tools (e.g., Wireshark, tcpdump).
  • K0339   Knowledge of how to use network analysis tools to identify vulnerabilities.
Required Skills
  • S0054   Skill in using incident handling methodologies.
  • S0078   Skill in recognizing and categorizing types of vulnerabilities and associated attacks.
  • S0167   Skill in recognizing vulnerabilities in security systems. (e.g., vulnerability and compliance scanning).
  • S0367   Skill to apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
Required Abilities
  • A0015  Ability to conduct vulnerability scans and recognize vulnerabilities in security systems.
  • A0123  Ability to apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
  • A0159  Ability to interpret the information collected by network tools (e.g. Nslookup, Ping, and Traceroute).