Specialist: Cyber Security Threat Hunter at Transnet

• The purpose of this role is to Develop and implement a proactive, ongoing and ever evolving discipline to prevent, detect, monitor and analyse cybersecurity traffic activities across the entire TFR network. The incumbent should be able to employ advanced detection technologies that go beyond the traditional technologies such as security information & event management (SIEM), endpoint detection & response (EDR) and others.
• Investigate possible anomalies to find any yet to be discovered malicious activities that could lead to a full-blown breach.
• Be able to use a combination of advanced analytics, machine learning and rule-based detection to identify suspicious activities throughout the network
• Execute on information security activities such as vulnerability management, application development security, business continuity, networking, risk management, etc.
• Research security trends, new methods and techniques used in order to pre-emptively eliminate the possibility of system breaches
• Identify threat actors based on the environment, domain and attack behaviours
• Install software that monitors systems and networks for security breaches and intrusions
• Perform intelligence-driven network defence supporting the monitoring and incident response capabilities.
• Responsible for the detection of the threat actors to zero ransomware infections, brings deep knowledge of the attacker landscape and tradecraft to create the innovations necessary to uncover and prevent even the most well-funded attacker.
• Ensure that proactive measures are put in place to detect any possible cyber threats before they materialise, mitigate threats before they compromise an organization and has the ability to act swiftly in containing the threats that have materialised to minimise impact operations, while triggering Cyber Security Incident Response Plan actions.
• Collect, process and analyse Cyber threats and warning assessments.
• Employ the best practice hunting frameworks (i.e The targeted hunting integrating threat intelligence framework, The MITRE

PRE-ATT&CK and ATT&CK framework)

Position outputs:

Strategy

• Responsible for processes that are designed to enhance the Security Operations and Threat Intelligence workflow by redesigning process and approach to operationalize the sharing and utilization of actionable intelligence and indicators.
• Benchmarking of leading and industry best practise and technology trends to ensure that threat detection, response and remediation tools implemented are effective and enhance resilience to cyber threats in the ever-changing cyber threat landscape.
• Provide Trend analysis of Malicious Operations with mitigations to be included in the overall Risk assessment for the organisation.
• Provide subject matter expertise to the development of Cyber Operations specific indicators (Org KPIs).
• Development and delivery of high-quality threat briefings, reporting and presentations by providing actionable intelligence to the Cyber Security Incident Response Team in line with the approved PPSG’s. Information and Cyber Security Incidents and Events Management (SIEM)
• Responsible for the Security Incidents and Events Management processes intended to neutralize advanced threats that might invade the security operations centre (SOC) resulting in the denial of service, disrupting business operations.
• Provide input towards Intelligence production, reporting, collection and operations which will support information assessments for the purpose of informing leadership which will aid operational planning and execution.
• Monitor and report changes in threat dispositions, activities and tactics which relate to designated Cyber Operations warning problem sets.
• Monitor open-source websites for hostile content directed towards TFR.
• Active monitoring of operational environment which fulfils leaderships priority on information requirements.
• Produce all cyber operations intelligence, indications and warnings in line with threat assessments.
• Conduct ethnical hostile intentional activity which could possibility impacts TFR’s operations and information integrity.
• Develop Human Computer interaction principles
• Be involved with ICTM Architecture on Network Structure and communication protocols to ensure threat detection.

AI Driven Intelligence Threat Operations and Hunting

• Responsible for the functions of threat operations and hunting and serve as the liaison for Threat Intelligence in the Security Operations Center.
• Responsible for the analysis of large amounts of data from vendors and internal sources, including various sources such as Technologies, Systems, indicator feeds, IIoT, logs, dumps, network packets employing several threat hunting tools.
• Responsible for the monitoring of the incident handling, incident response, and forensics processes and outcomes to ensure implementation of recommendations designed to improve the security posture and resilience of the digital-eco-system and landscape.
• Assist in identifying (hunting) and profiling threat actors and hackers.

Response Management

• Report into SOC with Malicious Operations (Mal Ops) validated threat activity and changes to threat dispositions in relation cyber operations warnings.
• Report intelligence on significant network events and intrusions.
• Continual consultation on response management internally and externally where required to do so.
• Collaborate with various teams in Fraud on cases, providing technical investigative capabilities that will assist in responding vulnerabilities and curbing cyber threats.
• In the event of a breach occuring, responsible to minimize damage, recover compromised data and preserve evidence for forensic and legal action.

Information and Cyber Security Programme Management

• Ensures implementation of integration/orchestration of security infrastructure, standards, control measures and indicators with TFR Digital eco-system and existing landscape.
• Ensure collaboration with all ICTM programmes within TFR with the intent to detect and protect.
• Support Cyber Operations actively and Response Management.
• Implement Cyber Threat Automation within TFR.

Policies and Procedure

• Implement regulation and legislative requirements in line with to South African and International frameworks adopted for Cyber Security and Privacy such as NIST and ISO270001.
• Ensure compliance and adherence to all internal policies and procedures.
• Keep abreast of cyber operation policies in line with environment preparation for defence and attack
• Provides input into the drafting of Security policies, processes, standards and procedures.

Reporting

• Provide management reports on current intelligence support.
• Provide Malicious Operations (Mal Ops) reports
• Play a collaborative role within reporting structures where applicable.
• Report into SOC with Mal Ops

Shareholder Management

• Collaborate with inter-departmental teams to help detect new, interesting or unique threats and mitigations based on hunting observations
• Active involvement of communicating high Cyber Resilience within TFR.
• Communicate Human Computer interaction principles
• Communicate with service provider as required.

Governance/Compliance/Risk

• Apply Cyber Ethnical principles in all related activities.
• Ensure compliance to TFR’s policies and procedures.
• Conduct Risk assessments in terms of Cyber-attack stages and apply defence methodologies.
• Ensure and comply with reporting requirements both internally and externally.
• Resolution of Audit findings timeously.

Financial Management

• Manage budget accordingly and report deviations.
• Provide input for budget requirements to support Cyber Resilience.

Qualifications & Experience:

• NDip or Bachelor’s degree in computer Science, Information technology, software, computer engineering, information systems or Cyber Security or related or equivalent field.Certifications:
• At least one of the following certifications from a professional body, Certified threat Hunting Professional, OSCP, CEH, CISSP, GWAPT, GREM, GCFE.
• ISO 27001 is an advantage.

Experience:

• 2 – 3 years of experience in the Information Security field especially in penetration testing execution.
• Established experience with record of identifying threats.
• Experience in Cloud computing Technology and Mobile platforms and tablet platforms.
• Experience with log analysis and familiarity with various SIEM tools (Splunk, Elastic, ArcSight, QRadar, etc.)
• General Information Technology and Computer Networking knowledge preferred

Standard Job Requirements:

• Requirement of trust and honesty in the handling of finances as per the National Credit Act Amendment 19.
• Must undergo Lifestyle Audit
• Driver’s license

Competencies:

Knowledge:

• Must have knowledge of tools associated with cyber security operations centres e.g. log management, proxy technologies, correlation solutions, Security Information and Event Management (SIEM), SOAR and common security tools.
• Knowledge in scripting such as PowerShell, Python.
• Extensive knowledge of all domains within Information Security.
• IT governance

Functional Requirements:

• Pattern Recognition/Deductive Reasoning: Can look for patterns that match the tactics, techniques and procedures of known threat actors, advanced malware and unusual behaviours.
• Data Analytics: Has solid understanding of data analytics and data science approaches, tools and techniques
• Forensics: Ability to investigate the root cause and develop an attack timeline of events through network and endpoint forensics

Behavioural Competencies:

Strategy & Sustainability

• Strategic Thinking-Formulates strategies and business plans to achieve the overall organisation’s direction
• Commercial Awareness-Keeps abreast of internal and external factors that can impact the business
• Innovating-Generates new ideas or solutions by thinking "outside of the box"; reviews current processes or systems and identifies ways to optimise them
• Inspiring People-Leads by example. Inspires, motivates and empowers team members to do their best

Inspirational Leadership

• Managing Talent-Provides clear direction and sets performance standards/requirements for the team
• Leading Change-Leads and directs change initiatives
• Embracing Diversity-Leads and promotes equal opportunity and has an appreciation for diversity in the workplace.

Business Performance and Delivery

• Lead Business Performance-Leads the business to be more efficient and effective
• Strategic Decision Making-Is decisive and takes full accountability for decisions
• Business Acumen-Understands and deals with various business situation using obtained knowledge and a broad spectrum of expertise
• Analysing-Thinks in a systemic way but is open to new approaches

Relationship Management

• Communicating Effectively-Communicates the business strategy and objectives in a clear and manner
• Collaborating and Networking-Build wide and effective relationships with people inside and outside of the organisation to help achieve the organisations goals and objectives
• Service Orientated-Leads by example; strives for a customer centric culture where everyone acts with the customer in mind
• Persuading and Influencing-Is able to persuade and influence those around him/her for the benefit of achieving the organisation/department’s goals and objectives. Identifies and influences key decision makers using strong persuasive techniques and creates a strong personal impression that leads to buy in from others

Corporate Governance & Compliance

• Leading Governance-Always work in the best interest of the organisation and aligns business practices to the ethical obligations and good corporate governance
• Leading Safety Practice-Leads safety practices by communicating, enforcing and supporting all safety standards and activities
• Leading Risk Management-Identifies areas of risks and implements corrective actions to mitigate the impact of risks to ensure overall sustainability

Personal Mastery

• Learning and Applying Expertise-Dedicated to continuous learning and self-improvement.
• Resilience-Manages pressure effectively and copes well with criticism and setbacks
• Emotional Intelligence-Is aware of own leadership style and is able to adapt style to enhance team and business performance
• Vigour & Personal Drive-Accepts and tackles demanding goals with enthusiasm. Works hard and shows energy and persistence to achieve high quality results. Is a role model for others who strive for personal excellence

Closing Date is on 02.08.2023