Job Description
You will be a member of the Group Information Security Team responsible for responding to threats and incidents to the corporate networks, systems (on-prem and cloud), and digital assets.
Key Responsibilities
- Perform security monitoring and incident response activities across the scoot networks, leveraging a variety of tools and techniques.
- Manage Security Operations center.
- Detect incidents through proactive hunting across security-relevant data sets.
- Ability to correlate multiple events from different devices to identify abnormal behaviour
- Document incident response analysis activities thoroughly
- Develop new, repeatable methods for finding malicious activities
- Provide recommendations to enhance detection and protection capabilities.
- Effectively present technical topics to both technical and non-technical audiences
- Develop and follow detailed operational processes and procedures to appropriately analyze, escalate, and assist in the remediation of information security incidents
- Prioritize multiple high-priority tasks and formulate responses/recommendations in a fast-paced environment
- Prepare documentation for security technical standards, standard operational procedures, and hardening standards.
- Analyse endpoint, network, and application logs
- Assist other IT teams in security-related issues
- Engage with vendors and parent company SIA team members for security reviews.
Requirements
- Degree in Computer Engineering, Computer Science, Information Systems, or equivalent qualification.
- At least 5-6 years of experience in Cybersecurity Incident and Security Operations.
- Demonstrate experience in Information Security with a focus on Cyber Security Operations, Incident Response and Detection.
- Experience working in the Security Operations Centre and/or Computer Incident Response Team.
- Excellent problem-solving skills combined with hands-on experience doing root cause analysis and post-incident reviews.
- Solid knowledge of computer networks and common protocols
- Knowledge of prominent cyber threat actors and APT groups.
- Experience with Threat Intelligence Platforms.
- Experience with SIEM (especially Splunk).
- Professional security related qualifications (i.e. GCIA, CISSP etc) will be an advantage
- Preferred certifications: CISSP, CISM, CISA, ISMS, TOGAF, SABS
- Good interpersonal skills
