Cyber Security Analyst L3 at Dimension Data

As the Cyber Security Analyst, you will manage, oversee and assess the delivery of information security across the End-to-End Information Security Management Service function, and ensure its success by alignment with the Services Catalogue. The key challenge is working with multiple stakeholders and addressing the interdependency between the business needs and Information Security by focussing on vulnerability management, Security organisational issues and the alignment of the client's business strategies.

The Cyber Security Analyst function provides a single point of contact for all security-related vulnerability activities for customers and takes a key leadership role by providing guidance in the implementation of security vulnerability process, and deliverables. The role extends further by providing trusted advisory security expertise to the customer in making and recommending key decisions in the area of security, which may include security controls architectural work, operational support, and other security related duties in support of the customer. As it pertains to consultancy, and focus varies greatly from account to account as there are variable customer and contractual requirements. The Cyber Security Analyst function possesses a combination of skills including communication skills and stakeholder management, general security expertise and project management skills. 

As a Vulnerability Management SME you will be providing business and system owners with clear information about the current situation of systems regarding missing patches and vulnerabilities, and by using the Vulnerability Management (VM) tools to discover such items in operating systems and installed software in an automated and useful format.
Key Responsibilities

• Interact with a global team of Cyber Security Analysts, Engineers and Specialists
• Conduct vulnerability scanning and assessment functions relating to various clients,
• environments, technologies, systems, appliances and contexts
•  Notification of internal and/or external teams according to agreed alert priority levels,
• and escalation
• Ownership to create and to drive adoption of security operations procedures for
• detection and response to vulnerabilities
• Where required, communicate status of requests to clients including response,
• resolution and final root cause analysis to the appropriate stakeholders
• Communicate effectively with representatives of the Lines of Business, technology
• specialists, and vendors
• Utilizes emerging threat intelligence (IOCs, updated rules, etc.) to identify affected
• systems and the scope of the attack
• Understand and communicate industry developments, the role and impact of
• technology in the organization
• Recording, managing and coordinating service requests through to resolution
• including the identification, isolation, resolution and escalation of client IT
• infrastructure faults
• Coordinating and liaising with all relevant resources, Vendors and Clients to obtain
• information and/or action to enable resolution
• Ability to follow and update established and/or ad-hoc processes and work
• instructions and create procedures where deficiencies are identified
• Ability to perform actions to try to determine cause and possible mitigation measure
• for security vulnerabilities with minimal supervision
• Maintain an understanding of current and emerging threats, vulnerabilities, and
• trends
• Expected to prioritise analysis and notification based on risks associated with each
• vulnerability
•  working with the appropriate teams internally to ensure related communications are in line with company best practice and recommendations
• Support other security analysts to provide additional subject matter expertise in Vulnerability Assessment and Management
• Understanding of malware forensics, network forensics, and computer forensics
• Hands-on experience or working knowledge of network security monitoring solutions
• such as IDS, IPS, NetFlow and packet capture technologies
• Ability to uncover and document tools, technics, procedures relevant to the
• scheduling and assessment of vulnerability scans (and results), as well as the detection and remediation of vulnerabilities ,detection and remediation of vulnerabilities.

Qualifications & Experience

• A degree in computer science, information technology, computer
• engineering or equivalent experience
• Preferred: SANS/GIAC (GCIH, GCIA, GREM, GCFA, GPEN, GWAPT)
• Desirable: CISSP, ITIL, CHFI, CEH, ECSA, LPT
• Knowledge of malware, hacking techniques, cyber threats and security
• trends
• Proven experience with Vulnerability Scanning and Vulnerability Management products e.g. Qualys Guard, Rapid7, Tenable Network security
• (Nessus), White Hat Sentinel
• Candidates must have expert knowledge of network security systems, Operating Systems,
• development, architectures, and vulnerabilities
• Knowledge in performing Vulnerability Assessment on (Web + Mobile) Application, Cloud Infrastructures. Reliability to maintain focus on contracted deliverables always
• Candidates must have expert knowledge of Cloud Infrastructures (e.g. AWS,
• Azure & Digital Ocean)

Skills and Security Knowledge

• Understanding of SIEM & Security Technologies.
• Understanding of Vulnerability Management Technologies and terminologies (CVSS V3)
• PCI: DSS knowledge
• Regulatory compliance knowledge (POPIA, GDPR)
• Cyber Incident Management knowledge.
• Experience as a security analyst, Pen tester, Engineer, - approx. 5 – 9 years minimum