Cyber Security Specialist

You will work alongside other Cyber Security Engineers, including Senior Cyber Security Engineers responsible for managing and improving our SIEM and security platforms to meet the requirements of the business and is expected to think beyond a conventional SIEM approach and seek to enhance the security suite to a comprehensive automation and orchestration capability.

Requirements

• You will assist in establishing and maintaining processes, tooling and metrics that help provide a high level of productivity, supportability, and operational readiness while also participating in project planning activities such as service enhancements and change management controls.
• You will work with the technical lead / SME for the CSOC and SIEM service offering by managing and improving the platforms to meet the requirements of the business and/or client.
• Configure and develop SIEM tooling, and associated tool sets, to deliver effective and efficient SOC services through automation and orchestration, and to increase MTTD whilst reducing false positives and negatives.
• Ensure all security platforms are optimised to detect and prevent security threats across all on-prem and cloud environments to meet business objectives and regulatory requirements
• Provide technical oversight and support for the identification, triage and response to events or incidents of a suspicious or malicious nature, and apparent security breaches.
• Act as a technical escalation point for SOC Analysts and Senior SOC Analysts in delivery of our CSOC services.
• You will work collaboratively with architects, infrastructure teams and key stakeholders inside and out of the business ensuring security and monitoring requirements are determined and implemented through onboarding or continuous improvement activities
• Actively support the onboarding of new clients throughout the transition to service delivery lifecycle.
• Deliver a variety of projects including planning and execution of changes, documentation, including training, skills and knowledge transfer to the team and clients.
• Maintain a continuous understanding of the threat landscape with in-depth knowledge around threat actors, TTPs and vulnerabilities

Essential

• Excellent soft skills in the form of team working, problem solving and communication
• You are a self-starter, keen to develop new services and can collaborate effectively
• Technical experience in a Security Operations Centre, Incident Response Team or similar environment
• Experience with a variety of SIEM platforms, ideally Azure Sentinel, and monitoring tools, configuration management tools, host virtualisation, containerisation, vulnerability scanners, proxies, WAFs
• An in-depth knowledge of log formats, log transports and log analysis as well as automating log ingestion and normalisation in a SOC environment
• The ability to perform analysis of log files from a variety of sources (e.g. individual host logs, network traffic logs, firewall logs, and intrusion detection system [IDS] logs) to identify possible threats to network security
• Experience, either within a ‘lab’ or business context of using SIEM tools, tuning tools to reduce false positives · Strong technical skills with experience in intrusion analysis and investigation using a variety of security tools (SIEM, EDR, DLP, AV, Snort, Wireshark, TCPdump etc.)
• A thorough understanding of internet communications protocols and in-depth packet analysis, including knowledge of how these protocols are commonly secured
• Awareness of cyber-attack techniques and how protective monitoring systems can be used for detection, mitigation, remediation and protection
• An understanding of Cyber Incident Response and how to identify if an incident has occurred and how to assess and limit the impact it may have
• One or more of the following industry certifications: CEH, GCIA, GCIH, GSEC, Security+, GCT

Benefits

For our UK benefits package, please click here.

All recruitment and selection for Content+Cloud is guided by the principles of our Employment Equity Plan.