Principal Information Security Analyst - Cape Town at NTT Ltd.

Key Roles and Responsibilities:

• Monitors security alerts and events from various sources, investigates potential threats, and escalates incidents as necessary.
• Assists in the implementation and monitoring of security controls, including firewalls, intrusion detection systems, and access controls.
• Performs regular vulnerability assessments, analyses scan results, and assists in prioritising and remediating identified vulnerabilities.
• Supports the incident response team in investigating security incidents, documenting findings, and participating in remediation efforts.
• Assists in ensuring compliance with industry standards (e.g., GDPR, ISO 27001) by conducting assessments and implementing necessary controls.
• Installs security measures and operates software to protect systems and information infrastructure, including firewalls and data encryption programmes
• Documents security breaches and assess the damage they cause
• Works with the security team to perform tests and uncover network vulnerabilities
• Fixes detected vulnerabilities to maintain a high-security standard
• Develops organisational best practices for IT security
• Performs penetration testing
• Upgrades systems to unable security software
• Installs and upgrades antivirus software
• Tests and evaluates new technology
• Assists with the installation of security software and understands information security management
• Researches security enhancements and makes recommendations to management
• Stays abreast of information technology trends and security standards
• Contributes to security awareness initiatives by creating training materials, conducting workshops, and educating employees about best security practices.
• Maintains accurate records of security incidents, assessments, and actions taken for reporting and audit purposes.
• Assists in the management and maintenance of security tools, including antivirus software, encryption tools, and security information and event management (SIEM) systems.
• Participates in risk assessments to identify potential security threats, vulnerabilities, and associated risks to the organisation.
• Collaborates with cross-functional teams, IT, and other teams to ensure security measures are integrated into the organisation's processes and projects.

Knowledge, Skills and Attributes:

• Applies broad expertise and knowledge in highly specialised fields or several related disciplines
• Leads and contributes to development of company objectives and principles to achieve goals in creative and effective ways
• Recognised internally as a subject matter expert with the ability to work on significant and unique issues where analysis of situations or data requires an evaluation of intangibles
• Focuses on providing thought leadership and works on projects, which requires understanding of wider business
• Excellent communication skills to effectively convey technical information to non-technical stakeholders
• Excellent analytical thinking and problem-solving skills to prevent hacking on a network
• Excellent leadership skills to identify and evaluate potential risks and to develop solutions
• Ability to identify and mitigate network vulnerabilities and explain how to avoid them
• Excellent proficiency in understanding of firewalls, proxies, SIEM, antivirus, and IDPS concepts
• Excellent proficiency in understanding of patch management with the ability to deploy patches in a timely manner whilst understanding business impact
• Excellent proficiency with MAC and OS
• Familiarity with security frameworks, standards, and regulations (e.g., NIST, CIS, GDPR)
• Excellent proficiency of understanding in network and system architecture, protocols, and security controls
• Strong analytical skills to analyse security incidents and assess potential risks
• Ability to work both independently and collaboratively in a fast-paced environment

Academic Qualifications and Certifications:

• Bachelor's degree or equivalent in information security, cybersecurity, computer science, or related
• Security certifications such as CompTIA Security+, Certified Information Systems Security Professional (CISSP), or Certified Information Security Manager (CISM) are advantageous
• Forti-Siem - NSE5-FSM advantageous
• SC-200: Microsoft Security Operations Analyst advantageous

Required Experience:

• Extended demonstrated experience in information security or cybersecurity, or related roles. Minimum 5 years experience.
• Extended demonstrated experience working in a global IT organisation
• Extended demonstrated experience with computer network penetration testing and techniques
• Extended demonstrated experience with security assessment and vulnerability scanning tools