Security Specialist in Johannesburg at Logicalis

ROLE AND DELIVERY RESPONSIBILITIES:

The job role includes actively participating in the incident detection process as follows:

• Possesses in-depth knowledge of network, endpoint, threat intelligence, forensics and malware reverse Analysis, as well as the functioning of specific applications or underlying IT infrastructure
• Acts as an incident “hunter,” not waiting for escalated incidents
• Closely involved in developing, tuning, and implementing threat detection analytics
• Acts as the escalation for Tier 1 and 2 SOC Analysts
• Responds to and oversees the remediation of a declared security incident
• Completes the Root Cause Analysis Report for P1 to P4
• Provides guidance to Tier 1 and 2 SOC Analysts
• Uses threat intelligence such as updated rules and Indicators of Compromise (IOCs) to pinpoint affected systems and the extent of the attack
• Monitors shift-related metrics ensuring applicable reporting is gathered and disseminated to the SOC Manager
• Make recommendations to the SOC Manager
• Oversees the analysis on running processes and configs on affected systems.
• Undertakes in-depth threat intelligence analysis to find the perpetrator, the type of attack, and the data or systems impacted
• Oversees the containment and recovery
• Oversees the deep-dive incident analysis by correlating data from various sources
• Validates if a critical system or data set has been impacted
• Provides support for analytic methods for detecting threats
• Conducts advanced triage based on defined run books of alerts
• Undertakes threat intelligence research if need be
• Validates false positives, policy violations, intrusion attempts, security threats and potential compromises
• Undertakes security incident triage to provide necessary context prior to escalating to relevant Security Specialists to perform deeper analysis when necessary
• Further analyses alarms by method e.g. credentials compromised and by asset class
• Based on the correlation rules and alarms within the SIEM and run books, further analyses anomaly tactic using the MITRE ATT&CK framework
• Analyses event and process metadata in real-time or retrospectively, and identify suspicious files/scripts seen for the first time
• Closes tickets in the SIEM platform – this would be automatically created into Service Now
• Manages security incidents using the SIEM platform and defined operational procedures
• Performs a further investigation of potential incidents, and escalate or close events as applicable
• Validates investigation results, ensuring relevant details are passed on to Tier 2 SOC Level 2 for further event analysis
• Closes out deeper analysis and review activities
• Assist senior SOC staff with operational responsibilities

PERSON REQUIREMENTS:

EXPERIENCE:

• Strong knowledge and experience working with SIEM Solutions, QRadar, McAfee ESM, Azure Sentinel
• Proven experience with Office 365, Active Directory, Azure and Microsoft Exchange.
• Strong knowledge and experience working with Linux Operating systems
• Good experience working with Nessus or Qualys
• Good understanding of the MITRE ATT&CK framework
• Good understanding of the ITIL Framework.
• Brilliant with a support ticketing system and experience in meeting SLA targets.
• Familiarity with risk management and quality assurance control.
• Excellent interpersonal skills and professional demeanor
• Excellent verbal and written communication skills
• Candidate must be eligible to obtain National Security Clearance

QUALIFICATIONS:

• Grade 12
• SIEM Technology certification.
• AZ500,SC100
• ITIL Foundation qualification
• Degree or Diploma in Computer Technology
• CompTIA A+, N+ S+
• CompTIA CySa, CISSP and CASP+ advantageous