Cyber Security Analyst: Monitoring & Response at Sanlam Group

What will you do?

Responsible for providing operational information security support to ensure that the organisation is not compromised in any way. Operation support includes anti-virus, intrusion detection, key management as well as the delivery of and the content scanning of all internet mail incoming and outgoing. Ensures that all incidents are responded to actioned and resolved.  Responsible for escalating calls and the communication to the required support area and users. Conducts necessary housekeeping as required. Ensures the secure information access to the organisation. May have supervisory responsibilities.

What will make you successful in this role?

• On a day-to-day basis the Analyst will be monitoring and responding to Alerts generated by:
• SIEM
• EDR
• Honeypots
• Threat Intelligence Sources
• Reported via external and internal communication channels
• Phishing reported
• The analyst will follow a structured approach in determining the risk and priority of each incident and respond using agreed processes and service levels.
• Incident related information and artefacts will be captured accurately, and statistics associated with incidents trends and threats reported on a weekly, monthly and quarterly basis.
• The SOC analyst will engage with peers at other financial institutions via agreed channels to share information related to Indicators of Compromise (IoC’s).
• The SOC analyst will guide technical resources in actions that have to be executed to analyse, contain and remediate incidents.
• The SOC analyst will continuously consider ways to improve the effectiveness and efficiency of monitoring and response controls.
• The SOC analyst will contribute to Knowledge and Skills of the team, by sharing lesson learned and knowledge gained through research, conferences, training courses or through interaction with experts.
• The SOC analyst will assist the Security Operations team with the Execution, interpretation and remediation of Vulnerability Scans on Server, desktop and network infrastructure.

Qualification

• Grade 12
• Post Grade 12 qualification in a related field

Experience

• At least 3 – 5 years in hands on technical experience which includes:
• Network experience (TCP/IP, Firewalls, IPS)
• Operating System management (Windows, Linux)
• Logical Access Management (AD)
• Information Security Operations (Security+, CISSP, CHFI will be beneficial)
• Vulnerability Management (use of well known vulnerability scanning tools and interpretation of CVSS scores)
• Some previous experience in a formal SOC environment will be beneficial
• Some malware analysis and/or CSIRT/SOC experience will be beneficial
• Exposure to Threat and Vulnerability Management would be beneficial

Knowledge and Skills

• Security Auditing
• Risk management
• Incident Investigation
• Reporting and Administration
• Security tools monitoring