You will act as the escalation point and Level 3 incident response expert for cyber security incidents identified and provide coordination and guidance during confirmed cyber security incidents, by coordinating resources and directing the use of timely and appropriate countermeasures.
- Act as the escalation point and Level 3 incident response expert for cyber security incidents identified by the level 1 & 2 Security Analysts, external managed security service providers or the internal IT internal Service Desk.
- Provide coordination and guidance during confirmed cyber security incidents, by coordinating resources and directing the use of timely and appropriate countermeasures.
- Produce detailed incident reports outlining the circumstances around the event as well as detailed post incident investigations outlining lessons learned and opportunities for service improvement.
- Manage the continuous monitoring, detection and analysis of potential intrusions in real time and through historical trending on security relevant data sources in collaboration with extended MSSP SOC/SIEM
- Conducting vulnerability scans and recognizing vulnerabilities in security systems. Act as coordination point in the remediation of vulnerabilities
- Correlate incident data to identify specific vulnerabilities and make recommendations that enable expeditious remediation.
- Conduct vulnerability assessments
- Conduct impact assessments
- Providing guidance and assistance in the review and update of the Standard Operating Procedures and playlist catalogues
- Provide expert knowledge and mentoring in relation to the predicting, preventing, detecting and responding to cyber security threats, as well as assisting in the design operation of the core technologies used by the Cyber Security Operations Centre (CSOC) team.
- Experience in large enterprise environments, and experience working in a Cyber Security threat management, SOC or Level 3 Security Analyst position.
- Experience leading cyber incident response engagements (either in-house or as a consultant)
- Lateral thinker with s systematic approach to troubleshooting and analysis of cyber security incidents and threats.
- An understanding of networking protocols and infrastructure designs; including, firewall functionality, routing, encryption, host and network intrusion detection systems, load balancing, and other network protocols.
- An understanding of the current threat landscape, response, and mitigation strategies used in cyber security.
- An understanding of attacker tactics, techniques and procedures and the cyber kill chain.
- Analysis and problem-solving skills.
- Knowledge of scripting and programming languages
- Experience working on multiple operating systems/platforms
- Experience in utilising tools such as but not limited to debuggers, anomaly detectors, file analysers, network protocol analysers.
- Be able to complete post mortem analysis of network logs, traffic flows and other activities to identify malicious activity on a network.
- The ability to analyse and reverse engineer various file types including providing dynamic and static analysis of malware artefacts and binaries as well as other malicious attack files.
- A good understanding of ISO 27K standards
- A willingness to take on new challenges, gain new skills and work collaboratively in a rapidly growing dynamic team.
- (ISC)2 CISSP
- Certifications such as CISA, GIAC, CEH will be highly regarded