Job Vacancies at Sanlam

What will you do?

The role of the Cyber Security Analyst will form part of the Sanlam team which focusses on Cyber Security Monitoring and Response. This role will have specific responsibilities related to the gathering, analysis and preservation of forensically sound evidence during a cyber incident. The Group Cyber Security Centre team is responsible for identifying potential cyber-attacks and preventing it or limiting its impact on the business operations of the Sanlam Group.

What will make you successful in this role?

On a day-to-day basis, the Analyst will be monitoring and responding to Alerts generated by:

• SIEM
• EDR
• Honeypots
• Threat Intelligence Sources
• Reported via communication channels
• Support business forensics as well as the internal CSIRT by providing Cyber forensic services which include:
  • Evidence acquisition, handling, analysis, and reporting.
  • Reporting on findings of forensic investigations
  • Support the CSIRT as the first responder;
  • Transfer forensic knowledge to other CSIRT members and first responders within the Sanlam group of companies;
  • Assist in improving the security monitoring capability by applying knowledge attained during forensic investigations.
• Perform malware analysis
• Acting as an expert witness in disciplinary proceedings and court
• Interacting with external forensics companies, incident responders and law enforcement during investigations
• Managing and improving the current forensic lab processes and infrastructure
   

Qualification And Experience

• At least 3 - 5 years in hands-on forensic investigation
• Formal certification in forensics
• Experience in using either FTK (Forensic Toolkit) or IEF (Internet Evidence Finder); Cellubrite; UFED (Universal Forensic Extraction Device)
• Some malware analysis and/or CSIRT/SOC experience will be beneficial
• Exposure to Threat and Vulnerability Management would be beneficial

Knowledge And Skills

• Security Auditing
• Risk management
• Incident Investigation
• Reporting and Administration
• Security tools monitoring

Personal Attributes

• Interpersonal savvy - Contributing independently
• Decision quality - Contributing independently
• Plans and aligns - Contributing independently
• Optimises work processes - Contributing independently

Core Competencies

• Cultivates innovation - Contributing independently
• Customer focus - Contributing independently
• Drives results - Contributing independently
• Collaborates - Contributing independently
• Being resilient - Contributing independently

go to method of application »

What will you do?
The role of the Cyber Security Operations Consultant: Security Operations will form part of the Sanlam team which focusses on Cyber Security Operations services to businesses on the Shared Sanlam Network. The team is responsible for the management of the PKI, Anti-Virus, Vulnerability Management, Security Configuration Management, Firewall compliance, Web and Email content filtering environments. The team also manages the Data Leakage Prevention, Network Access Management, and Privileged Account Management infrastructure and processes.

What will make you successful in this role?

On a day-to-day basis, the Analyst will be involved with the configuration, monitoring, and management of:

• Anti Virus Infrastructure
• Data Leakage Prevention system, rules, and reports
• The Privileged Account Management process
• Network Access Control - process and exception handling
• Vulnerability Scanning, reporting, proposing remediation actions and tracking compliance
• Security hardening baseline compliance scanning, reporting, and remediation
• On an ad hoc basis the consultant will support businesses in:
  • Issuing, renewing and revoking PKI digital certificates.
  • Assessing internet and email use on request of Forensics or HR departments.
• The consultant will also be performing scheduled tasks like review Firewall rule configuration and report
• The consultant will be required to report on the status of the cybersecurity control environments on a weekly, monthly and quarterly basis.
• The consultant will continuously consider ways to improve the effectiveness and efficiency of monitoring and response controls.
• The consultant will contribute to the Knowledge and Skills of the team, by sharing lessons learned and knowledge gained through research, conferences, training courses or interaction with experts.
   

Qualification And Experience

• Completed a matric qualification
• Cybersecurity certification (Advantageous)
• At least 3 - 5 years in hands-on technical experience which includes:
  • Network experience (TCP/IP, Firewalls, IPS, NAC)
  • Operating System management and Hardening (Windows, Linux, CIS hardening baselines)
  • Anti-Virus System management and Configuration
  • Data Leakage Prevention tool configuration
  • Logical Access Management (AD, PAM)
  • Information Security Operations (Security+, CISSP will be beneficial)
  • Vulnerability Management (use of well-known vulnerability scanning tools and interpretation of CVSS scores)
  • Some experience working with Web and Email Content filtering systems
• A solid understanding of Public Key Infrastructure (PKI) will be beneficial.
   

Knowledge And Skills

• Security Auditing
• Business Requirements Definition
• Risk Management
• Security Compliance
• Business Processes

Personal Attributes

• Action orientated - Contributing independently
• Decision quality - Contributing independently
• Interpersonal savvy - Contributing independently
• Optimises work processes - Contributing independently

Core Competencies

• Being resilient - Contributing independently
• Collaborates - Contributing independently
• Cultivates innovation - Contributing independently
• Customer focus - Contributing independently
• Drives results - Contributing independently

go to method of application »

What will you do?

The role of the Cyber Security Analyst will form part of the Sanlam team which focusses on Cyber Security Monitoring and Response. This team is responsible for identifying potential cyber-attacks and preventing it or limiting its impact on the business operations of the Sanlam Group.

What will make you successful in this role?

On a day-to-day basis, the Analyst will be monitoring and responding to Alerts generated by:

• SIEM
• EDR
• Honeypots
• Threat Intelligence Sources
• Reported via external and internal communication channels
• Phishing reported
• The analyst will follow a structured approach in determining the risk and priority of each incident and respond using agreed processes and service levels.
• Incident-related information and artifacts will be captured accurately, and statistics associated with incidents trends and threats reported on a weekly, monthly and quarterly basis.
• The SOC analyst will engage with peers at other financial institutions via agreed channels to share information related to Indicators of Compromise (IoC’s).
• The SOC analyst will guide technical resources in actions that have to be executed to analyse, contain and remediate incidents.
• The SOC analyst will continuously consider ways to improve the effectiveness and efficiency of monitoring and response controls.
• The SOC analyst will contribute to the Knowledge and Skills of the team, by sharing lessons learned and knowledge gained through research, conferences, training courses or interactions with experts.
• The SOC analyst will assist the Security Operations team with the Execution, interpretation, and remediation of Vulnerability Scans on Server, desktop and network infrastructure.
   

Qualification And Experience

At least 3 - 5 years in hands on technical experience which includes:

• Network experience (TCP/IP, Firewalls, IPS)
• Operating System management (Windows, Linux)
• Logical Access Management (AD)
• Information Security Operations (Security+, CISSP, CHFI will be beneficial)
• Vulnerability Management (use of well-known vulnerability scanning tools and interpretation of CVSS scores)
• Some previous experience in a formal SOC environment will be beneficial
• Some malware analysis and/or CSIRT/SOC experience will be beneficial
• Exposure to Threat and Vulnerability Management would be beneficial
   

Knowledge And Skills

• Security Auditing
• Business Requirements Definition
• Risk Management
• Security Compliance
• Business Processes

Personal Attributes

• Action orientated - Contributing independently
• Decision quality - Contributing independently
• Interpersonal savvy - Contributing independently
• Optimises work processes - Contributing independently

Core Competencies

• Being resilient - Contributing independently
• Collaborates - Contributing independently
• Cultivates innovation - Contributing independently
• Customer focus - Contributing independently
• Drives results - Contributing independently