Senior Specialist: Cybersecurity Infrastructure Support - Midrand at Nexio

ROLE PURPOSE

• As part of the Customer-facing Nexio SOC team, the Senior Specialist: Cybersecurity Infrastructure Support will identify, analyze and react to security incidents, events, and threats using a reliable set of operating processes and SIEM technologies such as Azure Sentinel, or QRadar, or ArcSight. The Senior Specialist: Cybersecurity Infrastructure Support will support the architecture, deployment, management, and maintenance of these SIEM platforms. The Senior Specialist also oversees the extensive work with Security Information and Event Management (SIEM) platforms, ensuring their stability and efficient operation.
• He/She will be responsible for configuration, implementation, testing, and performance enhancements for SIEM technologies with a preference for ArcSight appliances (loggers, smart connectors, forwarders, ArcMC, and ESM). This role is responsible for maintaining, supporting, and optimizing key functional areas. The candidate should ideally have some architectural design experience as well as hands-on experience with ArcSight, AWS, Azure Sentinel, or QRadar.

ROLE REQUIREMENT

• Is familiar with the tactical and long-term vision across the Security function.
• Sets technical platform architectural direction.
• Adheres to the standard operating procedure and playbooks in the SOC
• Direct impact on the SOC performance.
• Impacts on customer satisfaction and confidence in the SOC Service and service level performance.
• Provides Cybersecurity Infrastructure leadership to customers and SOC Team.
• Provides technical guidance and coaching to SOC Teams.
• Gives regular, comprehensive, and constructive feedback to the team.
• Proactively seeks feedback from team members and deals constructively with any criticism.
• Adjusts management style to get the best from the individuals within the team.
• Delegates work to team members taking into account their capacity, level of skill, and exposure to different types of work and complexity; provides clear instructions and direction, with reasonable deadlines.
• SIEM Management: Monitor the environmental stability of the SIEM platform(s), manage the health of log collection methods, facilitate SIEM change requests, and manage the scheduled SIEM platform upgrades.
• SIEM Architecture Support: Support SIEM architecture changes, tool deployments, and advanced content development. Deploy SIEM hardware and software installations, both on-premise and cloud, and perform system patching and upgrades.
• Data Integration: Onboard new data sources, create new custom parsers, and build custom connectors for data collecting, parsing, and mapping. Onboard new application and platform logs via Syslog, endpoint agents, and APIs.
• Use Case Development: Develop and integrate use cases for business applications, gather use case requirements and develop solutions for the SOC Team, and fine-tune existing rules feeding into the security monitoring and response process.
• SIEM Configuration: Responsible for configuration, implementation, testing, and performance enhancements for SIEM technologies, with a preference for ArcSight appliances, Azure Sentinel, or QRadar.
• Documentation: Build and maintain operational documentation to support the SIEM platform(s), write and maintain process documentation, and create, maintain, and implement detailed documentation and standard operating procedures.
• Threat Intelligence: Apply open source and commercial threat intelligence feeds into the SIEM.
• Incident Response: Assist in the response to cybersecurity incidents, providing technical expertise and support.
• Policy Enforcement: Ensure that all systems and networks comply with applicable cybersecurity policies and standards.
• Support: Provide support on a weekday business hours schedule, also responsible for on-call, extended hour, and weekend support as required by mission or emergency situations.
• Be able to work in a rapid-paced security operations environment.
• Work with systems engineers, enterprise architects, systems administrators and other technical staff on the implementation, testing, deployment and integration of computing systems.
• Interact with users and evaluate vendor products.
• Create, maintain, and implement detailed documentation and maintain standard operating procedures.
• Application of security settings and other commercial best practices such as SIEM Analysis services.
• Application of open source and commercial threat intelligence feeds into the SIEM.

Additional Information:

• Individuals at this level have fully developed knowledge of the business, marketplace and clients. Is recognized as an expert in own area within the organization
• Interprets internal or external business issues and recommends best practices. Provides technical guidance to more junior levels of staff
• Able to build strong interpersonal relationships with peers, brand leaders, and other senior management throughout the company
• Excellent verbal and written communication skills
• Able to align multiple strategies and ideas
• Confident in producing and presenting work
• In-depth understanding of the technologies and industry

TECHNICAL / PROFESSIONAL COMPETENCIES

• Adhere to operational processes in the MITRE ATT&CK framework.
• Adhere to the technical methods in SIEM platform.
• Responsible for configuration, implementation, testing, and performance enhancements for SIEM technologies with a preference for ArcSight appliances (loggers, smart connectors, forwarders, ArcMC, and ESM), or Azure Sentinel, or QRadar.
• Work with systems engineers, enterprise architects, systems administrators, and other technical staff on the implementation, testing, deployment, and integration of computing systems.
• Application of security settings and other commercial best practices such as SIEM Analysis services.
• Application of open source and commercial threat intelligence feeds into the SIEM.

QUALIFICATIONS & EXPERIENCE

• Grade 12
• Bachelor’s Degree in Computer Science or a related technical discipline, or the equivalent combination of education, technical certifications
• One or more industry Cybersecurity Certifications: CISM, CISA, CISSP-ISSEP, CISSP-ISSAP, GIAC Certified
• Incident Handler (GCIH), Certified Computer Security Incident Handler (CSIH), CEH, OSCP, CompTiA
• Relevant OEM or vendor certifications, such as SIEM technologies like ArcSight, AWS, Azure Sentinel, or QRadar.
• Minimum of seven (7) years of work experience in information security/cybersecurity and three (3) years of relevant experience as a Senior Specialist: Cybersecurity Infrastructure Support in an established SOC
• Experience with a ticketing system such as BMC Remedy.
• Basic Linux and Windows Server experience.
• Experience working with virtual environments.
• Extensive expertise in installing, maintaining, and supporting SIEM technology and its component systems.
• Shell scripting (e.g. bash).
• Experience working with IP networking, networking protocols, and understanding of security-related technologies including encryption, IPsec, PKI, VPNs, firewalls, proxy services, DNS, electronic mail, and access-lists.
• Experience with internet, web, application, and network security techniques.
• Experience with relevant operating system security (Windows, Solaris, Linux, etc.)
• Experience with leading firewall, network scanning, and intrusion detection products and authentication technologies.
• Must be familiar with deploying, installing, and administering ArcSight ESM in various environments.
• Must have experience with SIEM Connectors, loggers, and content development.
• Strong analytical and organizational skills.
• Concise writing skills, excellent MS Word skills as well as other MS Office Applications.
• Experience with securing various environments preferred.
• Experience in working across security frameworks.
• Experience in working across security technologies.
• Possess very good knowledge of technological advances within the information security area
• Demonstrate in-depth solution and service knowledge
• Demonstrate analytical thinking and a proactive approach

LEADERSHIP COMPETENCY REQUIREMENTS

• Strategic Vision: Develop and articulate a strategic vision for the organization's threat-hunting capabilities.
• Decision-Making: Assess complex situations, prioritize actions, and make sound judgments.
• Project Management: Ability to manage projects effectively, including planning, coordination, and execution. This includes the ability to manage resources, timelines, and risks, and to ensure that projects are completed on time and within budget.
• Collaboration and Influence: Collaborate effectively with cross-functional teams and stakeholders.
• Strategic Partnerships: Build and maintain strategic partnerships with external organizations.
• Mentorship and Development: Mentor and develop junior analysts, fostering a culture of learning.
• Change Management: Lead and manage change within the cybersecurity organization.
• Ethical Leadership: Maintain integrity, professionalism, and promote ethical behavior.
• Crisis Management: Effectively respond to and manage cybersecurity incidents.
• Responsive to Requests: Responsiveness to reasonable customer, supplier, and management requests.
• Attention to Detail: Pay attention to detail and ensure deliverables undergo quality reviews.
• Proactive and Reliable: Be proactive, innovative, and demonstrate reliability.
• Customer-Centric Approach: Put the customer first and go the extra mile in the company's best interest.
• High-Performance Team Player: Positively contribute to the high-performance team and develop positive relationships.
• Emotional Intelligence and Integrity: Demonstrate emotional intelligence and act with integrity.
• Teamwork and Collaboration: Work well with others and maintain a high-performance team ethic.
• Excellent Communication Skills: Be an excellent communicator and collaborator.
• Willingness to Learn: Be open to learning a range of security technologies and platforms.
• Positive Attitude: Maintain a positive attitude in the face of challenges.

Closing Date 04 September 2023