Jobs Career Advice Post Job
X

Send this job to a friend

X

Did you notice an error or suspect this job is scam? Tell us.

  • Posted: Jul 25, 2023
    Deadline: Aug 21, 2023
    • @gmail.com
    • @yahoo.com
    • @outlook.com
  • At Nexio, we enable our clients to modernise their environments and adopt new technologies. We help them to solve their legacy problems and pave the way for their future digital success.
    Read more about this company

     

    Senior Specialist: Cybersecurity Analyst - Midrand

    ROLE PURPOSE

    • As part of the Customer-facing Nexio SOC team, the Senior Specialist: Cybersecurity Analyst plays a critical role in monitoring, detecting, and responding to cybersecurity incidents within a Security Operations Center. The Cybersecurity Analyst utilizes incident handling methodologies to validate security events, assess severity levels, and provide guidance to SOC Analysts. By leveraging threat intelligence and conducting in-depth analysis, Cybersecurity Analyst identifies the scope of attacks, impacted systems, and potential perpetrators. The Cybersecurity Analyst ensures shift-related metrics are monitored, offers recommendations, and advises on containment and recovery steps. The Cybersecurity Analyst documents incidents, updates relevant documentation and supports the development of analytic methods for threat detection.
    • He/She should ideally have advanced security incident handling analysis experience in an established SOC environment and contribute to risk management, lead Blue Team exercises, mentor junior analysts, and develop playbooks for incident scenarios. The Cybersecurity Analyst monitors network traffic, investigates incidents, and collaborates with the SOC team to respond to threats or intrusions.

    ROLE REQUIREMENT

    • Is familiar with the tactical and long-term vision across the Cyber Security function.
    • Adheres to the standard operating procedure and playbooks in the SOC.
    • Impacts on Customer satisfaction and confidence in the SOC Service and service level performance.
    • Provides security incident handling and technical guidance to SOC Teams.
    • Gives regular, comprehensive, and constructive feedback, and coaching and mentoring to the team.
    • Mentor junior analysts to enhance their effectiveness in their roles.
    • Delegates work to team members taking into account their capacity, level of skill, and exposure to different types of work and complexity; provides clear instructions and direction, with reasonable deadlines.
    • Validate and declare security incidents based on incident handling methodologies.
    • Confirm severity levels (S0 to S4) using SLA severity classification.
    • Provide guidance and support to SOC Analysts during incident response.
    • Utilize threat intelligence, updated rules, and IOCs to identify affected systems and the extent of attacks.
    • Conduct in-depth threat intelligence analysis to uncover attack types, data/systems impacted, and potential perpetrators.
    • Monitor shift-related metrics and gather applicable reporting for the SOC Team Lead and SOC Manager.
    • Make recommendations to SOC Team Lead and SOC Manager regarding additional analysis and required remediation.
    • Determine the impact on critical systems or data sets and advise on remediation steps.
    • Validate false positives, policy violations, intrusion attempts, security threats, and potential compromises.
    • Suggest containment and recovery steps based on analysis findings.
    • Document workload and output from each shift for service performance measurement.
    • Formally document learnings and update relevant documentation such as shift logs and tickets.
    • Provide support for analytic methods to detect threats and conduct further triage based on defined run books.
    • Consolidate data through alert triage, providing necessary context before escalating to Operations and Security Engineering Teams for deeper analysis.
    • Manage security events, incidents, and service requests via the ticketing systems.
    • Identify alarms by intent and method, including reconnaissance, system compromises, and ingested log sources:
      • Firewalls and network devices
      • Infrastructure server and end-user systems
      • Threat intelligence platforms
      • Cloud and hybrid-IT provisioning, access, and infrastructure systems (Amazon Web Services)
      • Antivirus systems
      • Intrusion detection and prevention systems
      • Similar in Scope source systems
    • Apply the MITRE ATT&CK framework for anomaly analysis and conduct additional analysis using correlation rules and SIEM alerts.
    • Validate and update initial tickets in the SIEM platform and Service Desk.
    • Monitor event queues, investigate potential incidents, and escalate or close events as necessary.
    • Validate investigation results and pass relevant details to the SOC Team Lead.
    • Assess security controls based on cybersecurity principles and frameworks (e.g., CIS CSC, NIST SP 800-53).
    • Analyze network traffic, characterize threats, and coordinate with cyber defense staff for validation.
    • Document and escalate incidents, perform trend analysis, and report findings.
    • Review security architecture, identify gaps, and recommend risk mitigation strategies.
    • Plan and recommend modifications based on exercise results or system environment.
    • Perform daily summary reports of network events and activity relevant to cyber defense practices.
    • Provide timely detection, identification, and alerting of possible attacks, intrusions, and anomalous activities.
    • Utilize cyber defense tools for monitoring and analyzing system activity, identifying and analyzing malicious behavior.
    • Conduct analysis of network traffic, including network mapping, OS fingerprinting, and identification of compromised credentials.
    • Assist in the development of signatures for cyber defense tools.
    • Notify stakeholders of suspected cyber incidents, articulate event details, and follow the organization's incident response plan.
    • Analyze and report on organizational and system security posture trends.
    • Assess access controls and monitor external data sources for emerging threats.
    • Provide cybersecurity recommendations to leadership and collaborate on incident resolution and vulnerability compliance.
    • Support the development of disaster recovery, contingency, and continuity plans.

    Additional Information:

    • Individuals at this level have fully developed knowledge of best practices in security incident handling in an established SOC.
    • Able to build strong interpersonal relationships with the SOC team and customer stakeholders.
    • Excellent communication skills and communication of complex information to non-technical stakeholders.
    • Confident in producing and presenting work.
    • In-depth understanding of security incident analysis and incident handling practices, Strong knowledge of networking protocols, operating systems, and security architecture in an established SOC.
    • Proficiency in security tools such as SIEM, IDS/IPS, EDR, and network analyzers.

    TECHNICAL / PROFESSIONAL COMPETENCIES

    • Adhere to operational processes in the NIST CSF, CIS CSC, NIST SP 800-53, and MITRE ATT&CK framework
    • Proficient in advanced incident triage methodologies and techniques to identify and investigate potential security threats and apply playbooks.
    • Prior experience to advise, plan, deploy, configure, manage, and monitoring large-scale and complex cyber defence and IT risk management and information or cybersecurity solutions.

    QUALIFICATIONS & EXPERIENCE

    • Grade 12
    • Bachelor’s Degree in Computer Science or a related technical discipline, or the equivalent combination of education, technical certifications
    • One or more of these industry Cybersecurity Certifications: such as CISSP, GCIH, GCIA, or relevant vendor-specific certifications
    • Minimum of seven (7) years of work experience, and three (3) years of relevant experience in an established SOC and information security/cybersecurity
    • Ability to lead exercises, develop playbooks, and automate processes.
    • Experience with a ticketing system such as BMC Remedy.
    • Solid understanding of cybersecurity principles, technologies, and best practices.
    • Experience working with cloud environments (Amazon Web Services Security) is desirable.
    • Excellent analytical, problem-solving, and critical-thinking skills.
    • Strong communication and collaboration abilities with various stakeholders.
    • Proficiency in security event analysis, incident response, and threat-hunting techniques.
    • Experience in working across security frameworks and technologies.
    • Familiarity with security tools and technologies, such as SIEM, IDS/IPS, EDR, and vulnerability scanners
    • Demonstrate in-depth solution and service knowledge

    LEADERSHIP COMPETENCY REQUIREMENTS

    • Strategic Vision: Develop and articulate a strategic vision for the organization's incident triage capabilities.
    • Decision-Making: Assess complex situations, prioritize actions based on severity levels (S0 to S4), and make sound judgments.
    • Collaboration and Influence: Collaborate effectively with cross-functional teams and stakeholders.
    • Strategic Partnerships: Build and maintain strategic partnerships with external organizations.
    • Mentorship and Development: Mentor and develop junior analysts, fostering a culture of learning.
    • Change Management: Lead and manage change within the cybersecurity organization.
    • Ethical Leadership: Maintain integrity, professionalism, and promote ethical behavior.
    • Crisis Management: Effectively respond to and manage cybersecurity incidents.
    • Responsive to Requests: Responsiveness to reasonable customer, supplier, and management requests.
    • Attention to Detail: Pay attention to detail and ensure deliverables undergo quality reviews.
    • Proactive and Reliable: Be proactive, innovative, and demonstrate reliability.
    • Customer-Centric Approach: Put the customer first and go the extra mile in the company's best interest.
    • High-Performance Team Player: Positively contribute to the high-performance team and develop positive relationships.
    • Emotional Intelligence and Integrity: Demonstrate emotional intelligence and act with integrity.
    • Teamwork and Collaboration: Work well with others and maintain a high-performance team ethic.
    • Excellent Communication Skills: Be an excellent communicator and collaborator.
    • Willingness to Learn: Be open to learning a range of security technologies and platforms.
    • Positive Attitude: Maintain a positive attitude in the face of challenges.

    go to method of application »

    Senior Specialist: Cybersecurity Threat Analyst - Midrand

     

    ROLE PURPOSE

    • As part of the Customer-facing Nexio SOC team, the Cybersecurity Threat Analyst will be responsible for monitoring enterprise networks and systems, deterring, identifying, investigating, and mitigating, any and all threats that are directed against those systems regardless of their classification level or type.  The Cybersecurity Threat Analyst is expected to collaborate with leadership to develop metrics based on situational awareness and provide support for incident response, surveillance, vulnerability identification, secure network design, and threat monitoring at an enterprise level that will be reported based on the approved plan and supporting checklists.  The Cybersecurity Threat Analyst must be able to conduct research on emerging threats, maintains proficiency in exploitation tools, and develops threat profiles to rapidly address security incidents alerted primarily by industry-recognized Security tools and technology.
    • The incumbent should ideally have advanced security incident handling analysis experience in an established SOC environment and contribute to risk management, lead Red Team/Blue Team exercises, mentor junior analysts, and develop playbooks for incident scenarios. The Cybersecurity Threat Analyst monitors network traffic, investigates incidents, and collaborates with the SOC team to enhance the organization's security posture.

    ROLE REQUIREMENT

    • Is familiar with the tactical and long-term vision across the Cyber Security function.
    • Adheres to the standard operating procedure and playbooks in the SOC.
    • Direct impact on the SOC performance.
    • Impacts on team’s runbooks and operational processes in the SOC Service.
    • Provides security incident handling and technical guidance to SOC Teams.
    • Gives regular, comprehensive, and constructive feedback, and coaching and mentoring to the team.
    • Mentor junior analysts to enhance their effectiveness in their roles.
    • Proactively hunt for advanced threats and conduct in-depth research and analysis.
    • Monitor network traffic, analyze data, and identify suspicious activity.
    • Investigate incidents, determine root causes, and provide incident response support.
    • Develop secure network designs, protection strategies, and audits for information security infrastructure.
    • Research and maintain proficiency in computer exploitation tools, attack techniques, and emerging threat sources.
    • Contribute to a comprehensive risk management program, identifying critical processes, threats, and vulnerabilities.
    • Lead Red Team/Blue Team exercises and identify gaps in monitoring tools and processes.
    • Develop playbooks for various incident scenarios and possess knowledge of automation processes.
    • Apply security settings and commercial best practices, including SIEM analysis operations.
    • Analyze incidents from various sources, combined with threat intelligence feeds into the SIEM.
    • Offer subject matter expertise in developing a common operational picture and maintaining a common intelligence picture.
    • Assist in coordinating, validating, and managing all-source collection requirements and intelligence activities.
    • Conduct nodal analysis, evaluate threat decision-making processes, and identify intelligence gaps.
    • Monitor and report changes in threat activities, tactics, capabilities, and objectives.
    • Produce timely and fused cyber operations intelligence products, threat assessments, and briefings.
    • Support planning, developmental forums, and working groups with subject matter expertise.
    • Provide intelligence analysis and support for exercises, planning activities, and time-sensitive operations.
    • Report significant network events, intrusions, and intelligence-derived information.
    • Collaborate with stakeholders, analysts, and managers to ensure accurate intelligence requirements and collection plans.

    Additional Information:

    • Individuals at this level have fully developed knowledge of best practices in security incident handling in an established SOC.
    • Able to build strong interpersonal relationships with the SOC team and customer stakeholders.
    • Excellent communication skills and communication of complex information to non-technical stakeholders.
    • Confident in producing and presenting work.
    • In-depth understanding of best security incident analysis and incident handling practices, Strong knowledge of networking protocols, operating systems, and security architecture in an established SOC.
    • Proficiency in security tools such as SIEM, IDS/IPS, EDR, and network analyzers.

    TECHNICAL / PROFESSIONAL COMPETENCIES

    • Adhere to operational processes in the NIST CSF and MITRE ATT&CK framework
    • Proficient in advanced threat-hunting methodologies and techniques to proactively identify and investigate potential security threats and apply playbooks.
    • Prior experience to advise, plan, deploy, configure, manage, and monitoring large-scale and complex cyber defence and IT risk management and information or cybersecurity solutions.

    QUALIFICATIONS & EXPERIENCE

    • Grade 12
    • Bachelor’s Degree in Computer Science or a related technical discipline, or the equivalent combination of education, technical certifications
    • One or more of these industry Cybersecurity Certifications: CISSP-ISSEP, CISSP-ISSAP, GIAC Certified Incident Handler (GCIH), Certified Computer Security Incident Handler (CSIH), CEH, OSCP, CompTIA
    • Minimum of seven (7) years of work experience, and three (3) years of relevant experience in an established SOC and information security/cybersecurity
    • Ability to lead exercises, develop playbooks, and automate processes.
    • Experience with a ticketing system such as BMC Remedy.
    • Basic Linux and Windows Server experience.
    • Experience working with cloud environments (Amazon Web Services Security) is desirable.
    • Excellent analytical, problem-solving, and critical-thinking skills.
    • Strong communication and collaboration abilities with various stakeholders.
    • Experience with securing various environments preferred.
    • Experience in working across security frameworks and technologies.
    • Possess very good knowledge of technological advances within the information security area
    • Demonstrate in-depth solution and service knowledge

    LEADERSHIP COMPTENCY REQUIRED

    • Strategic Vision: Develop and articulate a strategic vision for the organization's threat-hunting capabilities.
    • Decision-Making: Assess complex situations, prioritize actions, and make sound judgments.
    • Collaboration and Influence: Collaborate effectively with cross-functional teams and stakeholders.
    • Strategic Partnerships: Build and maintain strategic partnerships with external organizations.
    • Mentorship and Development: Mentor and develop junior analysts, fostering a culture of learning.
    • Change Management: Lead and manage change within the cybersecurity organization.
    • Ethical Leadership: Maintain integrity, professionalism, and promote ethical behavior.
    • Crisis Management: Effectively respond to and manage cybersecurity incidents.
    • Responsive to Requests: Responsiveness to reasonable customer, supplier, and management requests.
    • Attention to Detail: Pay attention to detail and ensure deliverables undergo quality reviews.
    • Proactive and Reliable: Be proactive, innovative, and demonstrate reliability.
    • Customer-Centric Approach: Put the customer first and go the extra mile in the company's best interest.
    • High-Performance Team Player: Positively contribute to the high-performance team and develop positive relationships.
    • Emotional Intelligence and Integrity: Demonstrate emotional intelligence and act with integrity.
    • Teamwork and Collaboration: Work well with others and maintain a high-performance team ethic.
    • Excellent Communication Skills: Be an excellent communicator and collaborator.
    • Willingness to Learn: Be open to learning a range of security technologies and platforms.

    go to method of application »

    Specialist: Cybersecurity Analyst - Midrand

    ROLE PURPOSE

    • As part of the Customer-facing Nexio SOC team, the Specialist: Cybersecurity Analyst plays a critical role in monitoring, detecting, and responding to cybersecurity incidents within a Security Operations Center. The Cybersecurity Analyst utilizes incident handling methodologies to validate security events, assess severity levels, and provide guidance to SOC Analysts. By leveraging threat intelligence and conducting in-depth analysis, Cybersecurity Analyst identifies the scope of attacks, impacted systems, and potential perpetrators. The Cybersecurity Analyst ensures shift-related metrics are monitored, offers recommendations, and advises on containment and recovery steps. The Cybersecurity Analyst documents incidents, updates relevant documentation and supports the development of analytic methods for threat detection.
    • He/She should ideally have advanced security incident handling analysis experience in an established SOC environment and contribute to risk management, lead Blue Team exercises, mentor junior analysts, and develop playbooks for incident scenarios. The Cybersecurity Analyst monitors network traffic, investigates incidents, and collaborates with the SOC team to respond to threats or intrusions.

    ROLE REQUIREMENT

    • Is familiar with the tactical and long-term vision across the Cyber Security function.
    • Adheres to the standard operating procedure and playbooks in the SOC.
    • Impacts on Customer satisfaction and confidence in the SOC Service and service level performance.
    • Provides security incident handling and technical guidance to SOC Teams.
    • Gives regular, comprehensive, and constructive feedback, and coaching and mentoring to the team.
    • Mentor junior analysts to enhance their effectiveness in their roles.
    • Delegates work to team members taking into account their capacity, level of skill, and exposure to different types of work and complexity; provides clear instructions and direction, with reasonable deadlines.
    • Validate and declare security incidents based on incident handling methodologies.
    • Confirm severity levels (S0 to S4) using SLA severity classification.
    • Provide guidance and support to SOC Analysts during incident response.
    • Utilize threat intelligence, updated rules, and IOCs to identify affected systems and the extent of attacks.
    • Conduct in-depth threat intelligence analysis to uncover attack types, data/systems impacted, and potential perpetrators.
    • Monitor shift-related metrics and gather applicable reporting for the SOC Team Lead and SOC Manager.
    • Make recommendations to SOC Team Lead and SOC Manager regarding additional analysis and required remediation.
    • Determine the impact on critical systems or data sets and advise on remediation steps.
    • Validate false positives, policy violations, intrusion attempts, security threats, and potential compromises.
    • Suggest containment and recovery steps based on analysis findings.
    • Document workload and output from each shift for service performance measurement.
    • Formally document learnings and update relevant documentation such as shift logs and tickets.
    • Provide support for analytic methods to detect threats and conduct further triage based on defined run books.
    • Consolidate data through alert triage, providing necessary context before escalating to Operations and Security Engineering Teams for deeper analysis.
    • Manage security events, incidents, and service requests via the ticketing systems.
    • Identify alarms by intent and method, including reconnaissance, system compromises, and ingested log sources:
      • Firewalls and network devices
      • Infrastructure server and end-user systems
      • Threat intelligence platforms
      • Cloud and hybrid-IT provisioning, access, and infrastructure systems (Amazon Web Services)
      • Antivirus systems
      • Intrusion detection and prevention systems
      • Similar in Scope source systems
    • Apply the MITRE ATT&CK framework for anomaly analysis and conduct additional analysis using correlation rules and SIEM alerts.
    • Validate and update initial tickets in the SIEM platform and Service Desk.
    • Monitor event queues, investigate potential incidents, and escalate or close events as necessary.
    • Validate investigation results and pass relevant details to the SOC Team Lead.
    • Assess security controls based on cybersecurity principles and frameworks (e.g., CIS CSC, NIST SP 800-53).
    • Analyze network traffic, characterize threats, and coordinate with cyber defense staff for validation.
    • Document and escalate incidents, perform trend analysis, and report findings.
    • Review security architecture, identify gaps, and recommend risk mitigation strategies.
    • Plan and recommend modifications based on exercise results or system environment.
    • Perform daily summary reports of network events and activity relevant to cyber defense practices.
    • Provide timely detection, identification, and alerting of possible attacks, intrusions, and anomalous activities.
    • Utilize cyber defense tools for monitoring and analyzing system activity, identifying and analyzing malicious behavior.
    • Conduct analysis of network traffic, including network mapping, OS fingerprinting, and identification of compromised credentials.
    • Assist in the development of signatures for cyber defense tools.
    • Notify stakeholders of suspected cyber incidents, articulate event details, and follow the organization's incident response plan.
    • Analyze and report on organizational and system security posture trends.
    • Assess access controls and monitor external data sources for emerging threats.
    • Provide cybersecurity recommendations to leadership and collaborate on incident resolution and vulnerability compliance.
    • Support the development of disaster recovery, contingency, and continuity plans.

    Additional Information:

    • Individuals at this level have fully developed knowledge of best practices in security incident handling in an established SOC.
    • Able to build strong interpersonal relationships with the SOC team and customer stakeholders.
    • Excellent communication skills and communication of complex information to non-technical stakeholders.
    • Confident in producing and presenting work.
    • In-depth understanding of security incident analysis and incident handling practices, Strong knowledge of networking protocols, operating systems, and security architecture in an established SOC.
    • Proficiency in security tools such as SIEM, IDS/IPS, EDR, and network analyzers.

    TECHNICAL / PROFESSIONAL COMPETENCIES

    • Adhere to operational processes in the NIST CSF, CIS CSC, NIST SP 800-53, and MITRE ATT&CK framework
    • Proficient in advanced incident triage methodologies and techniques to identify and investigate potential security threats and apply playbooks.
    • Prior experience to advise, plan, deploy, configure, manage, and monitoring large-scale and complex cyber defence and IT risk management and information or cybersecurity solutions.

    QUALIFICATIONS & EXPERIENCE

    • Grade 12
    • One or more of these industry Cybersecurity Certifications: GIAC Certified Incident Handler (GCIH), Certified Computer Security Incident Handler (CSIH), CEH, OSCP, CompTIA, Microsoft Security Certifications
    • Minimum of four (4) years of work experience, and three (3) years of relevant experience in an established SOC and information security/cybersecurity
    • Ability to partake in exercises, develop playbooks, and automate processes.
    • Experience with a ticketing system such as BMC Remedy.
    • Basic Linux and Windows Server experience.
    • Experience working with cloud environments (Microsoft Azure and Sentinel) is desirable.
    • Analytical, problem-solving, and critical-thinking skills.
    • Strong communication and collaboration abilities with various stakeholders.
    • Experience with securing various environments preferred.
    • Experience in working across security frameworks and technologies.

    LEADERSHIP COMPETENCY REQUIREMENTS

    • Strategic Vision: Develop and articulate a strategic vision for the organization's incident triage capabilities.
    • Decision-Making: Assess complex situations, prioritize actions based on severity levels (S0 to S4), and make sound judgments.
    • Collaboration and Influence: Collaborate effectively with cross-functional teams and stakeholders.
    • Strategic Partnerships: Build and maintain strategic partnerships with external organizations.
    • Mentorship and Development: Mentor and develop junior analysts, fostering a culture of learning.
    • Change Management: Lead and manage change within the cybersecurity organization.
    • Ethical Leadership: Maintain integrity, professionalism, and promote ethical behavior.
    • Crisis Management: Effectively respond to and manage cybersecurity incidents.
    • Responsive to Requests: Responsiveness to reasonable customer, supplier, and management requests.
    • Attention to Detail: Pay attention to detail and ensure deliverables undergo quality reviews.
    • Proactive and Reliable: Be proactive, innovative, and demonstrate reliability.
    • Customer-Centric Approach: Put the customer first and go the extra mile in the company's best interest.
    • High-Performance Team Player: Positively contribute to the high-performance team and develop positive relationships.
    • Emotional Intelligence and Integrity: Demonstrate emotional intelligence and act with integrity.
    • Teamwork and Collaboration: Work well with others and maintain a high-performance team ethic.
    • Excellent Communication Skills: Be an excellent communicator and collaborator.
    • Willingness to Learn: Be open to learning a range of security technologies and platforms.
    • Positive Attitude: Maintain a positive attitude in the face of challenges.

    go to method of application »

    Specialist: Cybersecurity Incident Manager - Midrand

     

    ROLE PURPOSE

    • As part of the Customer-facing Nexio SOC team, the Cybersecurity Incident Manager is a crucial role within an organization's cybersecurity team. The primary responsibility of the Cybersecurity Incident Manager is to detect, respond to, investigate, and mitigate cyber threats and incidents that occur within the organization's network and information systems. The Cybersecurity Incident Manager role requires strong technical skills, deep knowledge of cybersecurity principles and technologies, and the ability to work in a fast-paced, high-pressure environment. The Cybersecurity Incident Manager plays a crucial role in coordinating and providing technical support to resolve cyber defense incidents across the enterprise. The Cybersecurity Incident Manager is responsible for analyzing incident data, identifying vulnerabilities, and recommending remediation actions. The Cybersecurity Incident Manager performs log file analysis, triages incidents, conducts trend analysis, and handles real-time incident response tasks. The Cybersecurity Incident Manager tracks and documents incidents, publishes reports and collaborates with Corporate Riks and intelligence analysts. Additionally, the Cybersecurity Incident Manager stays updated on the latest cyber threats and coordinates incident response functions
    • He/She should ideally have competency in security incident handling analysis experience in an established SOC environment and contribute to risk management.

    ROLE REQUIREMENT

    • Adheres to the standard operating procedure and playbooks in the SOC.
    • Impacts on Customer satisfaction and confidence in the SOC Service and service level performance.
    • Validate and declare security incidents based on incident handling methodologies.
    • Confirm severity levels (S0 to S4) using SLA severity classification.
    • Provide guidance and support to SOC Analysts during incident response.
    • Determine the impact on critical systems or data sets and advise on remediation steps.
    • Manage security events, incidents, and service requests via the ticketing systems.
    • Incident Coordination and Support:
      • Provide expert technical support to Analysts and Operational personnel to resolve incidents.
    • Incident Analysis and Remediation:
      • Correlate incident data to identify vulnerabilities and recommend remediation.
      • Analyze log files from various sources to detect network security threats.
      • Perform incident triage, determine scope and impact, identify vulnerabilities, and suggest remediation actions.
      • Collect intrusion artifacts and leverage data for mitigating potential incidents.
    • Incident Reporting and Communication:
      • Perform trend analysis and report on cyber defense incidents.
      • Track and document incidents from detection to resolution and closure.
      • Write and publish incident findings, guidance, and reports for relevant stakeholders.
    • Real-Time Incident Handling:
      • Conduct real-time incident handling tasks, including forensic collections, threat analysis, and system remediation.
      • Collect artifacts and inspect for possible mitigation on enterprise systems.
    • Collaboration and Liaison:
      • Serve as a technical expert and liaison to Incident Analysts and Operational personnel.
    • Coordinate with intelligence analysts to correlate threat assessment data.

    Additional Information:

    • Good understanding of security incident analysis and incident handling practices, proficient knowledge of networking protocols, operating systems, and security architecture in an established SOC.
    • Individuals at this level are competent in best practices in security incident handling in an established SOC.
    • Able to build strong interpersonal relationships with the SOC team and customer stakeholders.
    • Competent communication skills and communication of complex information to non-technical stakeholders.
    • Competent in producing and presenting work.

    TECHNICAL / PROFESSIONAL COMPETENCIES

    • Adhere to operational processes in the NIST CSF, CIS CSC, NIST SP 800-53, and MITRE ATT&CK framework
    • Proficient in incident triage methodologies and techniques to identify and investigate potential security threats and apply playbooks.
    • Prior experience to advise, plan, deploy, configure, manage, and monitoring large-scale and complex cyber defence and IT risk management and information or cybersecurity solutions.

    QUALIFICATIONS & EXPERIENCE

    • Grade 12
    • One or more of these industry Cybersecurity Certifications: such as CISSP, GCIH, GCIA, or relevant vendor-specific certifications
    • Minimum of four (4) years of work experience, and three (3) years of relevant experience in an established SOC and information security/cybersecurity
    • Analytical, problem-solving, and critical-thinking skills.
    • Strong knowledge of cybersecurity principles, incident response methodologies, and defense-in-depth practices.
    • Proficiency in analyzing log files, conducting trend analysis, and correlating incident data.
    • Experience with incident triage, vulnerability identification, and remediation recommendations.
    • Familiarity with forensic tools and techniques for collecting artifacts.
    • Excellent communication, documentation, and report-writing skills.
    • Ability to coordinate incident response functions and collaborate with internal and external teams.
    • Stay informed about the latest cyber threats and industry developments.

    LEADERSHIP COMPETENCY REQUIREMENTS

    • Ethics: Maintain integrity, professionalism, and promote ethical behavior.
    • Crisis Management: Effectively respond to and manage cybersecurity incidents.
    • Responsive to Requests: Responsiveness to reasonable customer, supplier, and management requests.
    • Attention to Detail: Pay attention to detail and ensure deliverables undergo quality reviews.
    • Proactive and Reliable: Be proactive, innovative, and demonstrate reliability.
    • Customer-Centric Approach: Put the customer first and go the extra mile in the company's best interest.
    • High-Performance Team Player: Positively contribute to the high-performance team.
    • Emotional Intelligence and Integrity: Demonstrate emotional intelligence and act with integrity.
    • Teamwork and Collaboration: Work well with others and maintain a high-performance team ethic.
    • Willingness to Learn: Be open to learning a range of security technologies and platforms.
    • Positive Attitude: Maintain a positive attitude in the face of challenges.
    • Leadership Potential: Exhibit the potential for leadership by taking ownership of assigned tasks, demonstrating a sense of responsibility, and displaying a strong work ethic. Show willingness to share knowledge, and contribute to the development of the team and its capabilities.

    go to method of application »

    Specialist: Cybersecurity Threat Analyst - Midrand

    ROLE PURPOSE

    • As part of the Customer-facing Nexio SOC team, the Cybersecurity Threat Analyst will be responsible for monitoring enterprise networks and systems, deterring, identifying, investigating, and mitigating, any and all threats that are directed against those systems regardless of their classification level or type.  The Cybersecurity Threat Analyst is expected to collaborate with leadership to develop metrics based on situational awareness and provide support for incident response, surveillance, vulnerability identification, secure network design, and threat monitoring at an enterprise level that will be reported based on the approved plan and supporting checklists.  The Cybersecurity Threat Analyst must be able to conduct research on emerging threats, maintains proficiency in exploitation tools, and develops threat profiles to rapidly address security incidents alerted primarily by industry-recognized Security tools and technology.
    • The incumbent should ideally have advanced security incident handling analysis experience in an established SOC environment and contribute to risk management, lead Red Team/Blue Team exercises, mentor junior analysts, and develop playbooks for incident scenarios. The Cybersecurity Threat Analyst monitors network traffic, investigates incidents, and collaborates with the SOC team to enhance the organization's security posture.

    ROLE REQUIREMENT

    • Is familiar with the tactical and long-term vision across the Cyber Security function.
    • Adheres to the standard operating procedure and playbooks in the SOC.
    • Direct impact on the SOC performance.
    • Impacts on team’s runbooks and operational processes in the SOC Service.
    • Provides security incident handling and technical guidance to SOC Teams.
    • Gives regular, comprehensive, and constructive feedback, and coaching and mentoring to the team.
    • Mentor junior analysts to enhance their effectiveness in their roles.
    • Proactively hunt for advanced threats and conduct in-depth research and analysis.
    • Monitor network traffic, analyze data, and identify suspicious activity.
    • Investigate incidents, determine root causes, and provide incident response support.
    • Develop secure network designs, protection strategies, and audits for information security infrastructure.
    • Research and maintain proficiency in computer exploitation tools, attack techniques, and emerging threat sources.
    • Contribute to a comprehensive risk management program, identifying critical processes, threats, and vulnerabilities.
    • Lead Red Team/Blue Team exercises and identify gaps in monitoring tools and processes.
    • Develop playbooks for various incident scenarios and possess knowledge of automation processes.
    • Apply security settings and commercial best practices, including SIEM analysis operations.
    • Analyze incidents from various sources, combined with threat intelligence feeds into the SIEM.
    • Offer subject matter expertise in developing a common operational picture and maintaining a common intelligence picture.
    • Assist in coordinating, validating, and managing all-source collection requirements and intelligence activities.
    • Conduct nodal analysis, evaluate threat decision-making processes, and identify intelligence gaps.
    • Monitor and report changes in threat activities, tactics, capabilities, and objectives.
    • Produce timely and fused cyber operations intelligence products, threat assessments, and briefings.
    • Support planning, developmental forums, and working groups with subject matter expertise.
    • Provide intelligence analysis and support for exercises, planning activities, and time-sensitive operations.
    • Report significant network events, intrusions, and intelligence-derived information.
    • Collaborate with stakeholders, analysts, and managers to ensure accurate intelligence requirements and collection plans.

    Additional Information:

    • Individuals at this level have fully developed knowledge of best practices in security incident handling in an established SOC.
    • Able to build strong interpersonal relationships with the SOC team and customer stakeholders.
    • Excellent communication skills and communication of complex information to non-technical stakeholders.
    • Confident in producing and presenting work.
    • In-depth understanding of best security incident analysis and incident handling practices, Strong knowledge of networking protocols, operating systems, and security architecture in an established SOC.
    • Proficiency in security tools such as SIEM, IDS/IPS, EDR, and network analyzers.

    TECHNICAL / PROFESSIONAL COMPETENCIES

    • Adhere to operational processes in the NIST CSF and MITRE ATT&CK framework
    • Proficient in advanced threat-hunting methodologies and techniques to proactively identify and investigate potential security threats and apply playbooks.
    • Prior experience to advise, plan, deploy, configure, manage, and monitoring large-scale and complex cyber defence and IT risk management and information or cybersecurity solutions.

    QUALIFICATIONS & EXPERIENCE

    • Grade 12
    • One or more of these industry Cybersecurity Certifications: GIAC Certified Incident Handler (GCIH), Certified Computer Security Incident Handler (CSIH), CEH, OSCP, CompTIA, Microsoft Security Certifications
    • Minimum of four (4) years of work experience, and three (3) years of relevant experience in an established SOC and information security/cybersecurity
    • Ability to partake in exercises, develop playbooks, and automate processes.
    • Experience with a ticketing system such as BMC Remedy.
    • Basic Linux and Windows Server experience.
    • Experience working with cloud environments (Microsoft Azure and Sentinel) is desirable.
    • Analytical, problem-solving, and critical-thinking skills.
    • Strong communication and collaboration abilities with various stakeholders.
    • Experience with securing various environments preferred.
    • Experience in working across security frameworks and technologies.

    LEADERSHIP COMPTENCY REQUIRED

    • Strategic Vision: Develop and articulate a strategic vision for the organization's threat-hunting capabilities.
    • Decision-Making: Assess complex situations, prioritize actions, and make sound judgments.
    • Collaboration and Influence: Collaborate effectively with cross-functional teams and stakeholders.
    • Strategic Partnerships: Build and maintain strategic partnerships with external organizations.
    • Mentorship and Development: Mentor and develop junior analysts, fostering a culture of learning.
    • Change Management: Lead and manage change within the cybersecurity organization.
    • Ethical Leadership: Maintain integrity, professionalism, and promote ethical behavior.
    • Crisis Management: Effectively respond to and manage cybersecurity incidents.
    • Responsive to Requests: Responsiveness to reasonable customer, supplier, and management requests.
    • Attention to Detail: Pay attention to detail and ensure deliverables undergo quality reviews.
    • Proactive and Reliable: Be proactive, innovative, and demonstrate reliability.
    • Customer-Centric Approach: Put the customer first and go the extra mile in the company's best interest.
    • High-Performance Team Player: Positively contribute to the high-performance team and develop positive relationships.
    • Emotional Intelligence and Integrity: Demonstrate emotional intelligence and act with integrity.
    • Teamwork and Collaboration: Work well with others and maintain a high-performance team ethic.
    • Excellent Communication Skills: Be an excellent communicator and collaborator.
    • Willingness to Learn: Be open to learning a range of security technologies and platforms.

    Method of Application

    Build your CV for free. Download in different templates.

  • Send your application

    View All Vacancies at Nexio Back To Home

Career Advice

View All Career Advice
 

Subscribe to Job Alert

 

Join our happy subscribers

 
 
 
Send your application through

GmailGmail YahoomailYahoomail