Principal Offensive Security Specialist at Nexio

ROLE REQUIREMENT

• To increase security threat detection capability and defence effectiveness in the Security Assessment Team, and SOC Team in their engagements with customers.
• Provides support for Nexio Offensive Security capabilities for the Security Assessment Team, and SOC Team for customers’ engagements.
• Direct impact on business resilience and functionality against cyber security threats facing customers.
• As an advanced threat hunter,  the Principal Offensive Security Specialist continuously detects, analyzes and combats advanced threats. The job role includes detecting vulnerabilities and mitigating the associated cybersecurity risk before it affects customers.
• Provides threat hunting technical and thought leadership to customers executive stakeholders, SOC teams, and blue/red teams.
• Provides coaching and mentoring to relevant cyber security team members.
• Adjusts management style to get the best from the individuals within the team.
• Delegates work to team members taking into account their capacity, level of skill and exposure to different types of work and complexity; provides clear instructions and direction, with reasonable deadlines.
• Responsible for day to day threat hunting and cyber intelligence monitoring and threat analysis in the Nexio SOCs.
• Manage threat hunting and security monitoring staff and activities.
• Proactively finds vulnerabilities in the customers’ estate. He/She has an overview of the endpoints on the system such as all the IoT devices, phones, IP addresses and desktops, and they help IT teams use the right tools to detect and mitigate threats.
• Understands what normal behaviour and patterns look like on the customers’ network.
• Formulates and develops logical theories on how threat actos could access a network or exploit a system to gain access to specific critical information.
• Oversees breach and attack simulations.
• Responsible for proactively discovering new attacks, or attacks currently underway, and then working with other expert cyber security resolver teams to contain and remediate the impact as quickly as possible.
• Uses advanced security monitoring techniques and advanced cyber systems/tools.
• Should a breach occur, he/she helps minimize damage, recover compromised data and preserve evidence for legal action.
• Lead Purple Teaming, hence perform threat hunting with customers to proactively reduce attack surface.
• Success will rely on the rapid development and deployment of new ‘data hunting’ use cases and the use of big data analytics.
• Responsible for proactively discovering new attacks, or attacks currently underway through the use of advanced security monitoring techniques and advanced cyber systems/tools.
• Complex Active Monitoring & Triage – observation, triage, correlation analysis/investigation and closure of real time of information complex security events including false positive identification.
• Data Hunting Technology Management – advanced configuration and development of high end data hunting technologies.
• Participates in the response, triage and escalation of security events affecting the customers’ information assets and activities with the Incident Response team.
• Provides input into fine tuning of operational runbooks to improve the efficiency of cyber security team’s detection and response capabilities.
• Co-ordinates with stakeholders, build and maintain positive working relationships between various service towers of the business and customers.
• Provide threat hunting technical leadership and support during high severity security incidents and investigations.
• Optimizes the processes to respond to and investigate detected attacks.
• Provide subject matter expertise and counsel to management regarding advanced persistent threats, threat actors, and tools, techniques rand procedures based on the Mitre ATT&CK Framework.

Additional Information:

• Individuals at this level have fully developed knowledge of the threat landscape and TTPs. Is recognized as an expert in threat intelligence and threat hunting with special focus and emphasis on SOC, or Advanced Cyber Defence Centre operations.
• Interprets internal or external business issues and recommends best practices. Provides technical guidance to SOC Teams and Pen Testing, and Security Assessment Teams.
• Able to build strong interpersonal relationships with key customer stakeholders.
• Excellent verbal and written communication skills.
• Able to align multiple strategies and ideas.
• Confident in producing and presenting work.
• In-depth understanding of cyber incident response and digital forensics.
• Working technical knowledge of SOC tools and SIEM technologies e.g., Azure Sentinel, QRadar, ArcSight.
• Advanced technical knowledge in working with threat intelligence feeds for monitoring and analysing indicators or compromise e.g., Bromium, OTX, Talos, Digital Shadows, RiskIQ, etc.
• Advanced penetration testing, and red teaming experience across sectors and certification.

QUALIFICATIONS &B EXPERIENCE

• Grade 12
• BSc/ B Tech /Comps / BEng or equivalent IT Security Diploma
• Additionally, one more certifications in the following  information security and domains.
• CISSP
• GCIH
• GSEC
• OSCP
• OSCE
• At least 10 years Penetration Testing and Red Teaming experience in an established Security Assessment Team, and Security Operations across sectors.