Main Purpose :
To analyse security events and alerts and to gather and carry out remediation tasks on console for T-systems clients through its toolsets, operational monitoring, preventative actions and crisis management.
Description of responsibilities :
Conduct cyber intelligence operations including intelligence collection, tracking threat actors, identifying malicious behaviors and operations.
Works with customers, vendors and internal resources for problem resolution and security advisories.
Standardizes process and procedures and provides continual improvement.
Develops and maintain comprehensive documentation on incidents and analysis for clients and internal.
Compile security advisories for internal and external in document format with technical recommendations.
Use case writing, development and refinement for detection of threats.
Proactively search for rogue behavior, malicious attacks & suspicious activity.
Training of junior analysts.
Analyze threat feeds to produce daily / weekly / monthly Threat Intelligence brief and regular threat trend reporting.
Analyse security events / alerts and recommend remedial actions.
Analyse vulnerability scan data and recommend remedial actions.
Analyse trends across time and clients for remedial actions.
Provide analysis in contracted reports.
Healthchecks on monitored devices.
Analyse Network flow data & investigate deviations from baseline.
Pro-actively hunt for threats, vulnerabilities & suspicious activity.
Investigate suspicious emails for phishing attacks.
Qualifications and Experience Required :
Grade 12 (essential).
Certification in IBM QRadar essential.
Experience analyzing phishing attacks
CISSP, CEH, GPEN, OSCP or similar security certifications.
Experience producing reports and briefs on the current threat landscape and associated risks.
Experience monitoring third party security related websites, forums and social media sites for information regarding vulnerabilities and exploits.
Experience conducting malware analysis usage of VirusTotal etc.
Experience replicating reported vulnerabilities in a safe and contained environment to develop proof of concept and / or exploit tools.
Working Knowledge with the folloiwng technologies : Windows and Active Directory, Unix and Linux, Routers & Switches, Anti-Malware Systems, Relational Databases, Open Source Intelligence, Firewall, IDS / IPS, Vulnerability Management & Proxy management or solid understanding of these technologies.
5 8 years work related experience as a Level 1 / 2 Analyst.
SOC / SIEM systems Certifications IBM Qradar essential.
Formal training in Networking and networking protocols CCNA advantageous.
Experience in malware investigation advantageous.
Experience in server / network / firewall / ips administration.
Experience in a Security Operations Centre environment & a Network Monitoring environment.
Relevant Courses eg Security +, introduction to information security an advantage.
Understanding of the different types of Cyber Security Attacks & how to prevent them.
Key competencies :
How to analyse data
IBM QRadar experience
Must have an understanding of use cases
Must have excellent problem-solving skills.
Detailed technical knowledge of technology protocols (TCP / IP, SMB, SSH etc)
Good knowledge of scripting languages
Communication skills (verbal and written - report writing, email and presentation)
Problem solving skills
Planning and organising skills
Writing and Reporting
Learning and Researching
Creating & Innovating
Delivering Results & Meeting Customer Expectations