Cyber Security Analyst: Security Operations Centre at Sanlam Group

What will you do?

The role of the Cyber Security Analyst will form part of the Sanlam team which focusses on Cyber Security Monitoring and Response. This team is responsible for identifying potential cyber-attacks and preventing it or limiting its impact on the business operations of the Sanlam Group.

What will make you successful in this role?

On a day-to-day basis, the Analyst will be monitoring and responding to Alerts generated by:

• SIEM
• EDR
• Honeypots
• Threat Intelligence Sources
• Reported via external and internal communication channels
• Phishing reported
• The analyst will follow a structured approach in determining the risk and priority of each incident and respond using agreed processes and service levels.
• Incident-related information and artifacts will be captured accurately, and statistics associated with incidents trends and threats reported on a weekly, monthly and quarterly basis.
• The SOC analyst will engage with peers at other financial institutions via agreed channels to share information related to Indicators of Compromise (IoC’s).
• The SOC analyst will guide technical resources in actions that have to be executed to analyse, contain and remediate incidents.
• The SOC analyst will continuously consider ways to improve the effectiveness and efficiency of monitoring and response controls.
• The SOC analyst will contribute to the Knowledge and Skills of the team, by sharing lessons learned and knowledge gained through research, conferences, training courses or interactions with experts.
• The SOC analyst will assist the Security Operations team with the Execution, interpretation, and remediation of Vulnerability Scans on Server, desktop and network infrastructure.
   

Qualification And Experience

At least 3 - 5 years in hands on technical experience which includes:

• Network experience (TCP/IP, Firewalls, IPS)
• Operating System management (Windows, Linux)
• Logical Access Management (AD)
• Information Security Operations (Security+, CISSP, CHFI will be beneficial)
• Vulnerability Management (use of well-known vulnerability scanning tools and interpretation of CVSS scores)
• Some previous experience in a formal SOC environment will be beneficial
• Some malware analysis and/or CSIRT/SOC experience will be beneficial
• Exposure to Threat and Vulnerability Management would be beneficial
   

Knowledge And Skills

• Security Auditing
• Business Requirements Definition
• Risk Management
• Security Compliance
• Business Processes

Personal Attributes

• Action orientated - Contributing independently
• Decision quality - Contributing independently
• Interpersonal savvy - Contributing independently
• Optimises work processes - Contributing independently

Core Competencies

• Being resilient - Contributing independently
• Collaborates - Contributing independently
• Cultivates innovation - Contributing independently
• Customer focus - Contributing independently
• Drives results - Contributing independently