Specialist: Cybersecurity Analyst
Nexio
- Midrand, Johannesburg
- Permanent
- Full-time
- Adheres to the standard operating procedure and playbooks in the SOC.
- Impacts on Customer satisfaction and confidence in the SOC Service and service level performance.
- Validate and declare security incidents based on incident handling methodologies.
- Confirm severity levels (S0 to S4) using SLA severity classification.
- Provide guidance and support to SOC Analysts during incident response.
- Utilize threat intelligence, updated rules, and IOCs to identify affected systems and the extent of attacks.
- Conduct in-depth threat intelligence analysis to uncover attack types, data/systems impacted, and potential perpetrators.
- Make recommendations to incident managers regarding additional analysis and required remediation.
- Determine the impact on critical systems or data sets and advise on remediation steps.
- Validate false positives, policy violations, intrusion attempts, security threats, and potential compromises.
- Suggest containment and recovery steps based on analysis findings.
- Formally document learnings and update relevant documentation such as tickets and run books.
- Provide support for analytic methods to detect threats and conduct further triage based on defined run books.
- Consolidate data through alert triage, providing necessary context before escalating to Operations and Security Engineering Teams for deeper analysis.
- Manage security events, incidents, and service requests via the ticketing systems.
- Identify alarms by intent and method, including reconnaissance, system compromises, and ingested log sources:
- Firewalls and network devices
- Infrastructure server and end-user systems
- Threat intelligence platforms
- Web proxies
- Cloud and hybrid-IT provisioning, access, and infrastructure systems (Amazon Web Services)
- Antivirus systems
- Intrusion detection and prevention systems
- Similar in Scope source systems
- Apply the MITRE ATT&CK framework for anomaly analysis and conduct additional analysis using correlation rules and SIEM alerts.
- Validate and update initial tickets in the SIEM platform and Service Desk.
- Monitor event queues, investigate potential incidents, and escalate or close events as necessary.
- Validate investigation results and pass relevant details to the SOC Team Lead.
- Assess security controls based on cybersecurity principles and frameworks (e.g., CIS CSC, NIST SP 800-53).
- Analyze network traffic, characterize threats, and coordinate with cyber defense staff for validation.
- Document and escalate incidents, perform trend analysis, and report findings.
- Review security architecture, identify gaps, and recommend risk mitigation strategies.
- Provide timely detection, identification, and alerting of possible attacks, intrusions, and anomalous activities.
- Utilize cyber defense tools for monitoring and analyzing system activity, identifying and analyzing malicious behavior.
- Conduct analysis of network traffic, including network mapping, OS fingerprinting, and identification of compromised credentials.
- Assist in the development of signatures for cyber defense tools.
- Notify stakeholders of suspected cyber incidents, articulate event details, and follow the organization's incident response plan.
- Analyze and report on organizational and system security posture trends.
- Assess access controls and monitor external data sources for emerging threats.
- Individuals at this level are competent in best practices in security incident handling in an established SOC.
- Able to build strong interpersonal relationships with the SOC team and customer stakeholders.
- Competent communication skills and communication of complex information to non-technical stakeholders.
- Competent in producing and presenting work.
- Good understanding of security incident analysis and incident handling practices, proficient knowledge of networking protocols, operating systems, and security architecture in an established SOC.
- Proficiency in security tools such as SIEM, IDS/IPS, EDR, and network analyzers.
- Adhere to operational processes in the NIST CSF, CIS CSC, NIST SP 800-53, and MITRE ATT&CK framework.
- Proficient in incident triage methodologies and techniques to identify and investigate potential security threats and apply playbooks.
- Prior experience to advise, plan, deploy, configure, manage, and monitoring large-scale and complex cyber defence and IT risk management and information or cybersecurity solutions.
- Grade 12
- One or more of these industry Cybersecurity Certifications: such as CISSP, GCIH, GCIA, or relevant vendor-specific certifications
- Minimum of four (4) years of work experience, and three (3) years of relevant experience in an established SOC and information security/cybersecurity
- Ability to partake in exercises, assist in developing playbooks, and automate processes.
- Experience with a ticketing system such as BMC Remedy.
- Proficient understanding of cybersecurity principles, technologies, and best practices.
- Experience working with cloud environments (Amazon Web Services Security) is desirable.
- Analytical, problem-solving, and critical-thinking skills.
- Proficient communication and collaboration abilities with various stakeholders.
- Proficient in security event analysis, and incident response.
- Experience in working across security frameworks and technologies.
- Familiarity with security tools and technologies, such as SIEM, IDS/IPS, EDR, and vulnerability scanners
- Proficient analytical and problem-solving skills with attention to detail
- Ethics: Maintain integrity, professionalism, and promote ethical behavior.
- Crisis Management: Effectively respond to and manage cybersecurity incidents.
- Responsive to Requests: Responsiveness to reasonable customer, supplier, and management requests.
- Attention to Detail: Pay attention to detail and ensure deliverables undergo quality reviews.
- Proactive and Reliable: Be proactive, innovative, and demonstrate reliability.
- Customer-Centric Approach: Put the customer first and go the extra mile in the company's best interest.
- High-Performance Team Player: Positively contribute to the high-performance team.
- Emotional Intelligence and Integrity: Demonstrate emotional intelligence and act with integrity.
- Teamwork and Collaboration: Work well with others and maintain a high-performance team ethic.
- Willingness to Learn: Be open to learning a range of security technologies and platforms.
- Positive Attitude: Maintain a positive attitude in the face of challenges.
- Leadership Potential: Exhibit the potential for leadership by taking ownership of assigned tasks, demonstrating a sense of responsibility, and displaying a strong work ethic. Show willingness to share knowledge and contribute to the development of the team and its capabilities.
Careers24