Provide security services to the enterprise with 24x7 continuous security monitoring of the technology landscape, correlative analysis for proactive risk detection and threat intelligence. Validate security monitoring requirements for any change in environments, in line with all Information Security policies, processes and standards. Description of the Accountability Performance Indicators (How accountability is measured) Provide eyes on glass as first line of analysis on all alerts from multiple sources within the newly setup Security Operations Centre. Time taken to complete analysis of Critical and High alerts Complete event investigation, analyses and forensic review as part of the 24/7 Security Operations Centre function. Number of Incidents raised, and investigations closed Reviews alerts to determine relevancy and urgency, creates new investigations and Incident tickets for alerts that signal an incident response actions. Number of 1st line investigations complete and investigations initiated Initiate and oversee cybersecurity Incidents within the company Number of Incident investigations completed by supporting teams Identify threat and kill chain events and eliminate with agreed action and controls. Number of serious attacks eliminated through proactive monitoring and forensic analysis Utilises emerging threat intelligence (IOCs, updated rules, etc.) to identify affected systems and the scope of the attack. Number of recommended improvements and actions proposed due to intelligence received Reviews and collects asset data (configs, running processes, etc.) on these systems for further investigation. Quality of asset data collated and integrity of the data. Determines and direct remediation and recovery efforts as well support AAR. Number of RFC’s raised based on findings within AAR. Liaise and work with application support teams to coordinate Security Investigations and Incident response activities. Number of investigations closed with support from application support team 6. PERSON SPECIFIC: Education: Degree in Engineering or equivalent. Should also have one of the certifications CISSP, GCIA, GCIH, GCFE. Minimum Experience and Knowledge: Minimum of 5 years of experience in Information Security domain of which 5 years should be in a Security Operations Analyst role within a large corporate environment. Knowledge on International Standards such as NIST, ISO27000, PCI-DSS, CSA, COBIT, Cyber Security standards, etc as well as forensics and analytics. Job-Specific Skills: - Working experience within Security Operations, Cybersecurity Design, NOC/SOC support. Knowledge on International Standards such as ISO31000, ISO27005, ISO20000, PCI-DSS, ITIL, COBIT, Cyber Security standards, Playbook Design, etc. - Vulnerability management, CASB, MSSP. - Have a detailed knowledge of tactics, techniques and procedures used by threat actors, and the ability to analyse data to identify anomalous and malicious behaviour. ROLE PURPOSE:
Requirements
Benefits
NA