Security Incident Response Specialist

Provide security services to the enterprise with 24x7 continuous security monitoring of the technology landscape, correlative analysis for proactive risk detection and threat intelligence. Validate security monitoring requirements for any change in environments, in line with Information Security policies, processes and standards.

Description of the Accountability

Provide eyes on glass as first line of analysis on all alerts from multiple sources within the newly setup Security Operations Centre.

Complete event investigation, analyses and forensic review as part of the 24/7 Security Operations Centre function.

Reviews alerts to determine relevancy and urgency, creates new investigations and Incident tickets for alerts that signal an incident response actions.

Initiate and oversee cybersecurity Incidents

Identify threat and kill chain events and eliminate with agreed action and controls.

Utilises emerging threat intelligence (IOCs, updated rules, etc.) to identify affected systems and the scope of the attack.

Reviews and collects asset data (configs, running processes, etc.) on these systems for further investigation.

Determines and direct remediation and recovery efforts as well support AAR.

Liaise and work with application support teams to coordinate Security Investigations and Incident response activities.

Requirements

Education:

Degree in Engineering or equivalent. Should also have one of the certifications CISSP, GCIA, GCIH, GCFE.

Minimum Experience and Knowledge:

Minimum of 5 years of experience in Information Security domain of which 5 years should be in a Security Operations Analyst role within a large corporate environment. Knowledge on International Standards such as NIST, ISO27000, PCI-DSS, CSA, COBIT, Cyber Security standards, etc as well as forensics and analytics.

Job-Specific Skills:

- Working experience within Security Operations, Cybersecurity Design, NOC/SOC support. Knowledge on International Standards such as ISO31000, ISO27005, ISO20000, PCI-DSS, ITIL, COBIT, Cyber Security standards, Playbook Design, etc.

- Vulnerability management, CASB, MSSP.

- Have a detailed knowledge of tactics, techniques and procedures used by threat actors, and the ability to analyse data to identify anomalous and malicious behaviour.

1. COMPETENCIES:

Leadership:

- Engagement with senior Business executives with ability to present findings and update

- Take a leading role in a team of Security and Forensic Analysts

Functional:

- Expert

o Technical skill set on a broad range of technologies and security controls

o Analytics and forensics of security investigations across both Wintel, Linux and OS environments.
Business Process

o Security Operations Center and Incident Management

- Advance/Expert

o Security Operations Center

o Risk mitigation

o IT Security Management

o In-depth knowledge of OS technologies (wintel / *Nix)

o In-depth knowledge on SIEM Technologies, IPS and Network Design

o Cloud Technologies (design, configuration and operational management)

o Endpoint protection

o Microsoft Security Azure Suite

o Vulnerability Management

-