|Location||Johannesburg, South Africa|
|Date Posted||Sep 17, 2020|
The Senior Security Analyst position is a Tier 3 analyst role within the Security Operations (SecOps) Team. The purpose of this position is to take ownership of and lead offensive security & threat intelligence operations within the SOC
- The Senior analyst shall develop and execute security controls, defences and countermeasures to intercept and prevent internal or external attacks or attempts to infiltrate company email, data, e-commerce and web-based systems.
- Administers cybersecurity policies to control physical and virtual access to systems.
- Performs network security audits and testing and evaluates system security configurations to ensure efficacy and compliance with policies and procedures.
- Conducts penetration testing and vulnerability assessments of applications, operating systems and/or networks. Responds to cybersecurity breaches, identifies intrusions and isolates, blocks and removes unauthorized access.
- Researches and evaluates cybersecurity threats and performs root cause analysis. Assists in the creation and implementation of security solutions.
- Provides information to management regarding impact on the business caused by theft, destruction, alteration or denial of access to information and systems.
- Their primary objective is to ensure that infrastructure and systems remain operational, protected and secure through proactively identifying, investigating and resolving technical incidents and problems
- Monitor infrastructureThey ensure that assigned infrastructure at the client site is configured, installed, tested and operational. In this regard they will perform necessary checks, apply monitoring tools and respond to alerts. Where software is a component of the solution, they will also take responsibility for ensuring that the software is installed and configured according to client requirements.The Senior Security Analyst identifies problems and errors prior to or when they occur. He or she will log all such incidents in a timely manner with the required level of detail. They liaise with all stakeholders including client IT environments, vendors, carriers and Dimension Data colleagues to expedite diagnosis of errors and problems and to identify a resolution.
- Incident Response ManagementEnsure the efficient and comprehensive resolution of incidents and requests. Take ownership for managing the incident to resolution within the service level conditions. Runs vulnerability scans and reviews vulnerability assessment reports.
•Certifications: OSCP, CySA+, Pentest+, LPT, CREST (min of 2 required) •Bachelor’s degree or Advanced Diploma in Information Technology or related fields
- Minimum two (4) year experience as a Penetration tester or Security/Analyst, preferable in a SOC environment or medium-to-large organization Penetration testing & Security assessments
- Knowledge of various security methodologies and processes, and technical security solutions (firewall and intrusion detection systems). Working Knowledge of Unix, Windows & Cloud platforms
- hreat Modelling frameworks (MITRE Framework & Cyber Kill Chain) Knowledge of Tactics, Techniques & Procedures (TTP) of adversaries APTs
- Exercises judgement in selecting methods, techniques and evaluation criteria to obtain results
- Conducting& reporting cyber security research Scripting (Python, PowerShell, Bash etc)
- Monitor alerts/events from various security tools (SOAR, EDR, SIEM & TVM, Email Security)
- Conduct, document, and report on information security assessments and penetration tests (Web Applications & Infrastructure)
- Perform threat hunting, threat intelligence and other offensive security related activities
- Use professional concepts and company objectives to solve complex issues in creative ways
- Investigate & Resolve High/Critical severity incidents
- Provide Incident Response (IR) support when analysis confirms actionable incident
- Assist/guide junior analysts and participate in crisis situations and contingency operations, which may necessitate extended hours of work
- Networking with others outside own area of expertise