Key Responsibilities:

Incident Handler

• Primarily responsible for incident response
• Analysis and determination of an incident response strategy to use in response to a declared incident.
• Coordinate client CSIRT team activities to ensure incidents are resolved in a timely manner
• Report on status of incidents to client and the business
• Document incident response actions from detection to eradication and share with the team for review and debrief, and to facilitate information sharing between TIC and other teams.
• To provide management oversight for the management of incident detected by the SOC, and escalations according to defined set of policies, processes, procedures, and SLA’s.

Analyst II role

• Analyse events escalated by tier 1 analysts and approve, if necessary, further investigation of the events
• Mentor tier 1 analysts to improve decision-making and analysis of incidents
• Correctly scope extent and breadth of incidents by identifying IOCs, all infected hosts, and root cause/ patient zero
• Review shift logs and handover reports for any escalations or key events that require urgent attention
• Where possible, institute initial containment, eradication, and recovery measures for declared incidents

Vulnerability Management

• Review vulnerability reports for scans ran by Analyst I
• Refine reports and share with clients, and organize sessions to guide clients on closure of critical vulnerabilities

SIEM Support

• Document noisy SIEM rules for review to reduce false positives
• Ensure uptime of agents and collectors
• Work closely with vendor to deliver desired client reports and dashboards
• Document detection gaps for review and detection engineering

Automation Support

• Review daily SOC activities to identify possible automation areas
• Work closely with SOAR team in defining playbooks and testing automations

REQUIRED EDUCATION, EXPERIENCE, AND SKILLS

Academic Qualifications:

• University degree in Information technology/Computer Science/Electrical Engineering/Telecommunications.

Professional:

• Training in Security event triage
• Security certification e.g. Security+, CySA, CEH,
• Incident Handler training/certification e.g. ECIH,
• SIEM Certification e.g. Splunk, QRadar, Fortinet

Desired work experience:

• Two years’ experience in security and Network infrastructure support in medium to large organizations.
• Experience working with different SIEM solutions
• Two years’ experience in security event triage and analysis.

Technical Competencies  

• Knowledge and experience in modern practices for IT infrastructure security architecture and operations in medium to large organizations to provide guidance on incident handling
• Interpersonal skills to effectively communicate with and manage customer expectations (internal and external), and other stakeholders who impact performance.
• Technical skills to effectively perform or guide performance of analysis and incident handling activities/tasks in a manner that consistently produce high quality of service.

Behavioural Competences

• Self-empowerment to enable development of open communication, teamwork and trust that are needed to support performance and customer-service oriented culture.
• Leadership to nurture and sustain employee satisfaction, and to manage changes.
• Interpersonal skills to effectively communicate with and manage customer expectations (internal and external), and other stakeholders who impact performance.

KNOWLEDGE, SKILLS AND ATTRIBUTES:

• Basic understanding and appreciation of technical design and business principles
• Demonstrates fundamental project management and administration ability
• Display customer engagement skills
• Demonstrate relevant domain specialist knowledge
• Good verbal communication skills
• Client focused and display a proactive approach to solving problems
• Ability to work under pressure