Mission/ Core purpose of the Job
The Senior Specialist: Cyber Threat Intelligence and Hunting will be responsible for the detection and isolation of advanced threats capable of evading existing security solutions for tier one, two and three OpCos. The incumbent will be responsible for threat landscape assessment and monitoring; brand abuse, information leakage, fake apps, phishing sites and other scam detection and take down, as well as general and telecommunications malware analysis and IOC generation.
Context (Global influences, environmental / industry demands, organizational mission etc.)
MTN is an emerging market mobile operator at the forefront of technological and digital changes. We deliver a bold, new digital world to our customers across Africa and the Middle East – one of the world’s fastest-growing regions for mobile telecommunications. We believe everyone deserves the benefits of a modern connected life.
With the changing global business landscape, cyber risks organisations face are on the rise. If these cyber risks are not correctly managed, new vulnerabilities could compromise customer data confidentiality, integrity and availability, ultimately affecting the performance of networks and information systems.
To proactively manage our cyber risk exposure, MTN Group has established a Cyber Security Operations Centre (CSOC). The mission of the CSOC is to improve the security posture of the Group against the threats it faces as a consequence of its business activity in the cyberspace by helping to prevent, detect, mitigate and respond to cyberattacks and by acting as the cyber-security information exchange and incident response coordination hub for all the OPCOs. MTN’s CSOC provides a holistic approach to manage both external and internal threats’ lifecycle. The MTN CSOC service catalogue includes the following activities:
- Firewall Management
- SIEM - Implementation and management
- SIEM - Intelligence
- 24/7 Monitoring and Triage
- Cyber Threat Intelligence
- Threat Hunting
- Vulnerability Management
- Cyber Incident Response
- Forensic Analysis
Key Performance Areas: Core, essential responsibilities / outputs of the position (KPA's)
Cyber Threat Intelligence Strategy Development
- Draft Cyber Threat Intelligence input into the MTN cybersecurity strategy
- Draft, integrate and monitor detailed business plans for Cyber Threat Intelligence in accordance with the frameworks, goals and targets agreed for the holistic Group CSOC function.
- Actively contribute to the delivery of the holistic cybersecurity mandate and commitment.
- Assist to drive strategic alignment of the Group Cyber Threat Intelligence operations and in-country Cyber Threat Intelligence services performed by OpCos.
- KPI: Ensure required plans, policies and procedures for Cyber Threat Intelligence are efficient and effective and supports the accomplishment of Group CSOC objectives.
Cyber Threat Intelligence
- Centralise, correlate and exchange the validated IOCs in a simple and easy manner as it allows importation and exportation using standard formats.
- Identify potential threats outside the perimeter of tier one, two and three OpCos.
- Execution of technical malware reversing.
- Perform Information analysis with the purpose of identifying possible threats affecting the MTN environment.
- Perform security audits for different platforms, including the execution of penetration testing for security audits.
- Review of corrections made in the deployment of controls.
- Provide analytic case support to digital forensic investigations
- Intelligence preparation based on inputs from incident response, threat hunting, Security Operation Center and red teams.
- Draft reports including highlighting drawn conclusions, as well as the performed analyses and extracted evidence.
- KPI: Ensure the efficient and effective delivery of Cyber Threat Intelligence services for MTN Group and its OpCos.
Process Optimisation and Efficiency
- Research and develop leading practices for Cyber Threat Intelligence across MTN Group and its OpCos.
- Identify and design opportunities for process enhancement.
- Benchmark and analyse trends to optimise internal processes.
- Lead process optimisation, enhancement, efficiency and continuous improvement on initiatives and programmes within Cyber Threat Intelligence.
- Transfer knowledge of methodologies, processes and tools to relevant stakeholders (as and when required).
- KPI: Improve the quality of processes within the Cyber Threat Intelligence, thereby ensuring efficient and effective service delivery.
- Prepare reports on the Cyber Threat Intelligence services for submission to the Head of Information Security per OpCo
- Analyse and identify forensic trends across the OpCos
- Compile consolidated reports on the status of Cyber Threat Intelligence for regular updates to the GM: Group CSOC.
- Prepare operational performance reports for Cyber Threat Intelligence for submission to MTN Group Leadership
- KPI: Ensure reporting requirements are complied with and accurate information is disseminated to support specific decisions or actions.
Ways of Working
- Leading by Connecting: Connect people; stimulate collaboration and growth in teams across functions, operations and different cultures. Share experience and knowledge that leads to a learning organisation, creating sustainable expertise which drives the development of people and innovative products,
- Leading by Delivery: Anticipate situations and take initiative to overcome them. The result is a swift and on time delivery of qualitative and quantitative results.
- Leading by Vision: From analysing the situation inside and outside the company and seeing opportunities until communicating the vision of the company including new ideas for sustainable business strategies, products, services and ways of working. The end result is an inspiring vision on how to succeed in our markets with our consumers in the center.
- Leading by Change: From embracing change until leading and facilitating the implementation of change and handling of resistance for senior people. The end result is an on time implementation of change projects and actions while maintaining a high level of motivation and commitment.
- Leading by Owning: Take responsibility for own results as well as for company results and values. Stimulate this attitude in others, make co-workers accountable. The end result is pro-activity, creativity and motivation: capable people who take ownership.
Job Requirements (Education, Experience and Competencies)
- Three year tertiary qualification in Computer Engineering or similar
- Certified Threat Intelligence Analyst (CTIA)
- Offensive Security Certified Professional (OSCP)
- Certified Ethical Hacker (CEH)
- Open-Source Intelligence (OSINT) Gathering and Analysis
- 5 years of relevant work experience in Cyber Threat Intelligence.
- Advanced insights and knowledge into OS such as Windows and Linux; TCP/IP; Scripting; and network circuitry.
- Experience in investigation and validation of IoCs hits before creating security incidents tickets and creation of daily threat reports
- Experience in the execution of relevant analyses for fraud cases, such as phishing and cybersquatting, amongst others.
- Fluent in English
- Multi-country operations oversight experience
- Willing and flexible to travel within Africa and Middle East
- Understanding of general regulatory requirements in the telecom industry as it relates to Cyber Threat Intelligence
- Global mindset to service worldwide operations
- Telecommunications industry experience would be beneficial
- Pan Africa and Middle East multi-cultural experience would be beneficial
Collaboration (Formal and Informal Relationships)
Key external stakeholders: External contractors & partners
Key internal stakeholders:
- GM: Group Cyber Defence
- Group Information Security Team
- OpCo Information Security LISO/ CIO/ CTO/ CTIO
- OpCo Information Security Team
Closing date: 19 November 2020. Late applications will not be accepted.