Senior Specialist: Cybersecurity Incident Management at Nexio

ROLE REQUIREMENT

• Develop and implement strategies for incident response, ensuring alignment with industry best practices and regulatory requirements.
• Drive improvements in security operations processes and contribute to risk management and mitigation strategies.
• Collaborate with stakeholders to enhance the overall cybersecurity posture and SOC maturity.
• Enforce standard operating procedures (SOC) and continuously refine incident response playbooks.
• Establish and maintain key performance indicators (KPIs) for incident response effectiveness.
• Strengthen the organization’s cybersecurity resilience, reducing the impact and frequency of cyber incidents.
• Improve customer trust and confidence by ensuring swift and effective incident response and mitigation
• Provide guidance, mentorship, and training to SOC analysts and junior cybersecurity professionals.
• Lead post-incident review meetings and develop lessons-learned reports to enhance response strategies.

Incident Management & Response:

• Validate and declare security incidents following best-practice incident handling methodologies.
• Determine severity levels (S0 to S4) based on SLA classifications and advise on appropriate escalation.
• Provide technical leadership in real-time incident response, ensuring effective containment, eradication, and recovery measures.
• Lead forensic analysis efforts to collect intrusion artifacts, assess attack vectors, and develop mitigation strategies.

Incident Coordination & Support:

• Coordinate complex security incidents across multiple teams, ensuring swift and thorough resolution.
• Provide expert technical support and mentorship to SOC Analysts during high-severity incidents.
• Act as the primary escalation point for major cybersecurity incidents requiring advanced technical expertise.

Incident Analysis & Remediation:

• Conduct advanced correlation of security events to identify patterns and trends that indicate emerging threats.
• Perform deep-dive log analysis and threat-hunting exercises to uncover hidden or sophisticated attacks.
• Provide recommendations for system hardening, threat mitigation, and proactive security measures.

Incident Reporting & Communication:

• Generate comprehensive incident reports and post-mortem analyses for executive leadership and stakeholders.
• Develop security advisories and risk assessment reports based on incident trends and threat intelligence.
• Facilitate after-action reviews and ensure continuous improvement of response strategies.

Collaboration & Threat Intelligence:

• Act as a key liaison between the SOC and intelligence analysts, security architects, and external cybersecurity partners.
• Monitor emerging cyber threats and collaborate with risk management teams to refine threat detection capabilities.
• Foster collaboration with internal teams and industry peers to enhance cybersecurity defenses and information sharing

Additional Information:

• Individuals at this level are competent in best practices in security incident handling in an established SOC.
• Able to build strong interpersonal relationships with the SOC team and customer stakeholders.
• Competent communication skills and communication of complex information to non-technical stakeholders.
• Competent in producing and presenting work.
• Good understanding of security incident analysis and incident handling practices, proficient knowledge of networking protocols, operating systems, and security architecture in an established SOC.

TECHNICAL / PROFESSIONAL COMPETENCIES

• Extensive experience in cybersecurity incident response, threat analysis, and forensic investigations.
• In-depth knowledge of security frameworks, including NIST CSF, CIS CSC, MITRE ATT&CK, and NIST SP 800-53.
• Expertise in network protocols, security architectures, SIEM platforms, and endpoint security solutions.
• Proficiency in scripting and automation for incident response (Python, PowerShell, Bash, etc.).
• Strong understanding of malware analysis techniques, reverse engineering, and exploit detection.

QUALIFICATIONS & EXPERIENCE

• Grade 12 or equivalent qualification.
• One or more of these industry Cybersecurity Certifications: such as CISSP, GCIH, GCIA, or relevant vendor-specific certifications
• Minimum 6+ years of experience in cybersecurity, with 4+ years of direct experience in an established SOC.Analytical, problem-solving, and critical-thinking skills.
• Strong knowledge of cybersecurity principles, incident response methodologies, and defense-in-depth practices.
• Proficiency in analyzing log files, conducting trend analysis, and correlating incident data.
• Experience with incident triage, vulnerability identification, and remediation recommendations.
• Familiarity with forensic tools and techniques for collecting artifacts.
• Excellent communication, documentation, and report-writing skills.
• Ability to coordinate incident response functions and collaborate with internal and external teams.
• Stay informed about the latest cyber threats and industry developments.