Security Operations Centre Analyst II

Description

• To lead a team of Security Operations Centre Analysts to protect the organization by pro-actively monitoring for cyber security incidents using identification, analysis, triage, and response methods To administer and configure policies on FNB’s security products

Duties

• Review and analyse all alerts and respond according to prescribed processes
• Create incidents in our change management system for other teams to take remediation actions when required
• Provide mitigation recommendations for each identified security incident where applicable
• Based on the types of alerts and actions being taken identify root causes and recommend ways to improve the protection capabilities of the organization (e.g. upload malicious URL to tools to security controls, and manage indicators of compromise)
• Update the alert/case information with closure information (All fields that are required to be updated when the alert/case is closed)
• Run, Analyse, and Interpret reports on different platforms
• Create, configure, and deploy policies and signatures on technical security controls
• Document threat hunts and document the outcome of the hunt with recommendation if any IOC’s picked up
• Participate in Cyber Security War Rooms (Priority 1 and Priority 2 Incidents) to help analyse and protect the bank
• Responsible for logging changes to update the security products to pro-actively block potentially malicious actions (e.g. URL’s, phishing emails, etc)
• Playbooks – Feedback into the Detection Engineering team around tuning of playbooks or input into potential new playbooks
• Manage the work queue, assign incidents, track progress of response to ensure benchmark turnaround times achieved and that the analysts follow documented escalation processes. Review the alert/case information with closure information
• Complete end to end incident process ownership

Requisites

• Minimum Qualification:
• Bachelor’s Degree in Technical Field (Computer Science/Computer Security/Computer Networking), CEH, OHCP or CISO
• Experience:
• 5 years; experience in a Security Operations Centre (SOC) Analyst experience
• Understanding of modern malware threats
• SANS Knowledge
• Familiarity with system log information and what it means
• Threat Intelligence Research
• Analysis and Attention to Detail
• Focus and Sustained Attention
• Drive and Results Orientated
• Excellence Orientation
• Security Product Knowledge:
• Cisco Products (AMP, Stealthwatch)
• Microsoft Products (Azure, ATA and ATP, BitDefender)
• Technical Knowledge:
• Understanding of common network services (web, mail, DNS, authentication)
• Knowledge of host-based firewalls, Anti-Malware
• General Desktop OS and Server OS knowledge
• TCP/IP, Internet Routing, UNIX/LINUX & Windows

Notes

• Only shortlisted applicants will be contacted