Cybersecurity Incident Management Specialist
Nexio
- Midrand, Johannesburg
- Permanent
- Full-time
- Adheres to the standard operating procedure and playbooks in the SOC.
- Impacts on Customer satisfaction and confidence in the SOC Service and service level performance.
- Validate and declare security incidents based on incident handling methodologies.
- Confirm severity levels (S0 to S4) using SLA severity classification.
- Provide guidance and support to SOC Analysts during incident response.
- Determine the impact on critical systems or data sets and advise on remediation steps.
- Manage security events, incidents, and service requests via the ticketing systems.
- Incident Coordination and Support:
- Provide expert technical support to Analysts and Operational personnel to resolve incidents.
- Incident Analysis and Remediation:
- Correlate incident data to identify vulnerabilities and recommend remediation.
- Analyze log files from various sources to detect network security threats.
- Perform incident triage, determine scope and impact, identify vulnerabilities, and suggest remediation actions.
- Collect intrusion artifacts and leverage data for mitigating potential incidents.
- Incident Reporting and Communication:
- Perform trend analysis and report on cyber defense incidents.
- Track and document incidents from detection to resolution and closure.
- Write and publish incident findings, guidance, and reports for relevant stakeholders.
- Real-Time Incident Handling:
- Conduct real-time incident handling tasks, including forensic collections, threat analysis, and system remediation.
- Collect artifacts and inspect for possible mitigation on enterprise systems.
- Collaboration and Liaison:
- Serve as a technical expert and liaison to Incident Analysts and Operational personnel.
- Coordinate with intelligence analysts to correlate threat assessment data.
- Able to build strong interpersonal relationships with the SOC team and customer stakeholders.
- Competent communication skills and communication of complex information to non-technical stakeholders.
- Competent in producing and presenting work.
- Adhere to operational processes in the NIST CSF, CIS CSC, NIST SP 800-53, and MITRE ATT&CK framework
- Proficient in incident triage methodologies and techniques to identify and investigate potential security threats and apply playbooks.
- Prior experience to advise, plan, deploy, configure, manage, and monitoring large-scale and complex cyber defence and IT risk management and information or cybersecurity solutions.
- Grade 12
- One or more of these industry Cybersecurity Certifications: such as CISSP, GCIH, GCIA, or relevant vendor-specific certifications
- Minimum of four (4) years of work experience, and three (3) years of relevant experience in an established SOC and information security/cybersecurity
- Analytical, problem-solving, and critical-thinking skills.
- Strong knowledge of cybersecurity principles, incident response methodologies, and defense-in-depth practices.
- Proficiency in analyzing log files, conducting trend analysis, and correlating incident data.
- Experience with incident triage, vulnerability identification, and remediation recommendations.
- Familiarity with forensic tools and techniques for collecting artifacts.
- Excellent communication, documentation, and report-writing skills.
- Ability to coordinate incident response functions and collaborate with internal and external teams.
- Stay informed about the latest cyber threats and industry developments.
- Ethics: Maintain integrity, professionalism, and promote ethical behavior.
- Crisis Management: Effectively respond to and manage cybersecurity incidents.
- Responsive to Requests: Responsiveness to reasonable customer, supplier, and management requests.
- Attention to Detail: Pay attention to detail and ensure deliverables undergo quality reviews.
- Proactive and Reliable: Be proactive, innovative, and demonstrate reliability.
- Customer-Centric Approach: Put the customer first and go the extra mile in the company's best interest.
- High-Performance Team Player: Positively contribute to the high-performance team.
- Emotional Intelligence and Integrity: Demonstrate emotional intelligence and act with integrity.
- Teamwork and Collaboration: Work well with others and maintain a high-performance team ethic.
- Willingness to Learn: Be open to learning a range of security technologies and platforms.
- Positive Attitude: Maintain a positive attitude in the face of challenges.
- Leadership Potential: Exhibit the potential for leadership by taking ownership of assigned tasks, demonstrating a sense of responsibility, and displaying a strong work ethic. Show willingness to share knowledge and contribute to the development of the team and its capabilities.
Careers24