Purpose Own the documentation and measurement of all subordinate procedures as well as the continual improvements to them Responsible for the execution of the information fusion procedure, where various data inputs are fed to both operations and SIEM management.

Key Role Responsibilities

         Incident management

• Ensure SOC event are addressed in a timely manner using available reporting and metrics
• Approve and if necessary, further investigate level 1-escalated events
• Manage SOC event and information intake to include gathering intelligence reports, monitor ticket queues, investigate reported incidents and interact with other security and network groups as necessary
• Serve as a backup analyst for any potential coverage gaps to ensure business continuity

Centre of Excellency

• Serve as detection authority for initial incident declaration
• Function as subject-matter experts (SMEs) on incident detection and analysis techniques
• Provide guidance to Junior Analysts and making recommendations to Operations Managers
• Drive and monitor process metrics
• Ensure applicable report is gathered and disseminated per SOC requirements

Research and Development

• Conduct security research and intelligence
• Gather on emerging threats and exploits Mentorship

Monitor

• SOC analyst performance by investigating incoming events using SOC-available tools
• Mentor SOC analysts to improve detection capability within the SOC

Reporting

• Advanced reporting as required (daily, weekly, monthly and incident)

 Minimum Requirements

• Bachelor’s Degree or equivalent experience in a related field
• Security related certifications, for example CISSP, GCIA, GCIH, CEH, or OSCP
• CompTIA Advanced Security Practioner (CASP), CISSP & GIAC Information
• Security Fundamentals (GISF), GIAC Security Essentials (GSEC), GIAC Certified
• Enterprise Defender (GCED), GIAC Certified Incident Handler (GCIH), GIAC Certified Intrusion Analyst (GCIA)
• Demonstrable experience of working in a SOC team
• 5+ years advanced IT security related experience
• Demonstrable experience with an enterprise-grade SIEM platform (e.g. LogRhythm, Splunk, AlienVault, ArcSight, QRadar, Elasticsearch)
• Experience in Security Event analysis & triage, incident handling and root-cause identification
• Speciality in one or more of the following Information Security domains:
• Cyber Intelligence Analysis
• Threat Monitoring
• Incident Response
• Machine Learning & Artificial Intelligence
• Malware Analysis
• Computer Forensics
• Endpoint Protection
• Network Security
• Infrastructure Security
• Application Security
• Platform Security
• Identity & Access Management
• Security Education & Awareness
• Vulnerability Scanning & Management
• Compliance & Risk Management
• Experience with Red and Blue team engagements
• Knowledge and hands on experience in deployment and management of IDS/IPS, firewalls and other security and network products

Critical Competencies

• Expert analytical and problem solving skills
• Self-driven leader and highly motivated
• Ability to work independently and in a team environment
• Ability to mentor and train junior SOC analysts on technical and process related areas
• Willingness to work flexible hours and support on-call
• Experience working with SIEM tools (McAfee ESM)
• Identify tuning recommendations for improved detection and accuracy
• Experience performing security analysis and incident response
• In-depth experience performing packet captures and analyzing output
• Expert level understanding of operating systems and networking (TCP/IP)
• Expert level understanding of security threats and vulnerabilities
• Expert level understanding of security tools and technologies such as McAfee ESM, Nexpose, FTK, Encase, F5
• Experience of virtualisation technologies, ideally VMware
• Minimum of 5 years of experience in the field of cyber security

Ref: JHB000170/LM