Specialist: Cybersecurity Incident Handling Analyst at Nexio

ROLE REQUIREMENT

• Adheres to the standard operating procedure and playbooks in the SOC.
• Impacts on Customer satisfaction and confidence in the SOC Service and service level performance.
• Validate and declare security incidents based on incident handling methodologies.
• Confirm severity levels (S0 to S4) using SLA severity classification.
• Provide guidance and support to SOC Analysts during incident response.
• Determine the impact on critical systems or data sets and advise on remediation steps.
• Manage security events, incidents, and service requests via the ticketing systems.

Incident Coordination and Support:

• Provide expert technical support to Analysts and Operational personnel to resolve incidents.
• Coordinate incident response activities and ensure timely resolution.

Incident Analysis and Remediation:

• Correlate incident data to identify vulnerabilities and recommend remediation.
• Analyze log files from various sources to detect network security threats.
• Perform incident triage, determine scope and impact, identify vulnerabilities, and suggest remediation actions.
• Collect intrusion artifacts and leverage data for mitigating potential incidents.

Incident Reporting and Communication:

• Perform trend analysis and report on cyber defense incidents.
• Track and document incidents from detection to resolution and closure.
• Write and publish incident findings, guidance, and reports for relevant stakeholders.
• Produce after-action reviews and facilitate lessons learned sessions.

Real-Time Incident Handling:

• Conduct real-time incident handling tasks, including forensic collections, threat analysis, and system remediation.
• Collect artifacts and inspect for possible mitigation on enterprise systems.
• Collaboration and Liaison:

Serve as a technical expert and liaison to Incident Analysts and Operational personnel.

• Coordinate with intelligence analysts to correlate threat assessment data.
• Monitor external data sources to stay updated on cyber defense threat conditions.

Additional Information:

• Individuals at this level are competent in best practices in security incident handling in an established SOC.
• Able to build strong interpersonal relationships with the SOC team and customer stakeholders.
• Competent communication skills and communication of complex information to non-technical stakeholders.
• Competent in producing and presenting work.
• Good understanding of security incident analysis and incident handling practices, proficient knowledge of networking protocols, operating systems, and security architecture in an established SOC.

TECHNICAL / PROFESSIONAL COMPETENCIES

• Adhere to operational processes in the NIST CSF, CIS CSC, NIST SP 800-53, and MITRE ATT&CK framework
• Proficient in incident triage methodologies and techniques to identify and investigate potential security threats and apply playbooks.
• Prior experience to advise, plan, deploy, configure, manage, and monitoring large-scale and complex cyber defence and IT risk management and information or cybersecurity solutions.

QUALIFICATIONS & EXPERIENCE

• Grade 12
• One or more of these industry Cybersecurity Certifications: such as CISSP, GCIH, GCIA, or relevant vendor-specific certifications
• Minimum of four (4) years of work experience, and three (3) years of relevant experience in an established SOC and information security/cybersecurity
• Analytical, problem-solving, and critical-thinking skills.
• Strong knowledge of cybersecurity principles, incident response methodologies, and defense-in-depth practices.
• Proficiency in analyzing log files, conducting trend analysis, and correlating incident data.
• Experience with incident triage, vulnerability identification, and remediation recommendations.
• Familiarity with forensic tools and techniques for collecting artifacts.
• Excellent communication, documentation, and report-writing skills.
• Ability to coordinate incident response functions and collaborate with internal and external teams.
• Stay informed about the latest cyber threats and industry developments.