Officer: SOC Operator (Post level 10/11) at University of the Free State

Duties and responsibilities:
Strategic Alignment 

•    Fully understand and provide support to the University’s Strategic Plan and Departmental goals and objectives.
•    Analyse business needs and alignment of internal processes to adapt accordingly.
•    Liaise with Head of Departments and other stakeholders.
•    Assist with the development of strategic plans for operational activity on the digital security domain.  
•    Assist with the implementation and management day-to-day security operation centre plans. 

Security Operations 

•    Monitor and analyse day-to-day security threat monitoring, analysis, reporting on threat intelligence, forensics and incident response that adhere to best practices and recognised control frameworks.
•    Monitor and enforce guidelines for best practice in Digital Security and Compliance. 
•    Responsible to investigate suspicious and protentional malicious activity within the network and system.
•    Responsible to implement security measures as per control frameworks.
•    Hunt for  threats proactively within the UFS environment and remediate timely.
•    Review and triage information security alerts, provide analysis, determine and track remediation and escalate as appropriate.
•    Incident response and action during the detection, analysis and containment of an incident on daily bases. 
•    Report monthly on security from different systems.  
•    Assist with the configuration of rules and alerts on different system as required by assignment. 
•    Ensure authorised access by investigating improper access, revoking access, reporting violation and monitoring.
•    Optimise threat detection products for data loss prevention (DLP), security information and event management (SIEM), advanced email protection, endpoint detection and response (EDR), antivirus, cloud security products, intrusion detection systems, and other industry standard security technologies.
•    Coordinate, supervise, and monitor the security of various departments within ICT Services.
•    Communicate with staff members on Digital Security and Compliance related advice, ways to alert on critical incidents analysed. 
•    Liaise with employees to mitigate detected security risks.
•    Stay relevant with the current threat landscape and cyber-attack methodologies.
•    Stay current with technologies and advising thereof.
•    Coordinate individuals and the Division to achieve objectives. 
•    Upkeep of the Division’s performance through proper monitoring, change and business needs analysis.
•    May perform other duties as assigned by Head: Digital Security and Compliance.

Change Management 

•    Log system change request.
•    Make sure of the involvement of stakeholders with any change processes. 
•    Identifys stakeholders and facilitate change through proper planning and communication.

General administration 

•    Ensure compliance with QMS requirements.
•    Assist with the assurance of internal and external audit requirements.
•    Assist with the maintenance and compliance with relevant legislation.
•    Ensure that all the business processes and procedures are followed efficiently.
•    Improve processes in support of organisational goals. 

Inherent requirements:

•    A  degree NQF Level 7  or  three-year National Diploma on NQF Level 6 in Information Technology Engineering or closely related field 
•    Minimum two (2) years’ working experience related to the duties and responsibilities.

Recommendations:

•    Strong leadership skills and the ability to guide others during incident and crisis management.
•    Strong knowledge of current security threats, techniques and landscapes and a self-driven desire to research and learn more about the information security landscape.
•    Knowledge of ISO27001.
•    Experience related to configuration and maintenance of security monitoring and reporting platforms.
•    Experience in forensics, malware analysis and threat intelligence.
•    Experience using Python, Perl, PowerShell r equivalent language.
•    Ability to correlate data from multiple data sources t create a more accurate picture of cyberthreats and vulnerabilities.