The role is responsible for cybersecurity incident response, vulnerability management, threat hunting, and data analysis to protect and maintain the overall security of the enterprise. They regularly respond to security events using documented procedures to protect company personnel and company assets. They must stay trained in an ongoing way as attackers shift tactics and behaviours to defeat our protections and have an expectation of working proactively to hunt for undetected attackers and to suggest changes the control environment to better defend the environment.
KEY RESPONSIBILITIES
- Protecting enterprise systems and information by promptly responding to security threats and incidents, acting individually and as part of a team to resolve issues.
- Proactively hunting for threats and vulnerabilities and enacting identification, containment, and eradication measures while supporting recovery efforts.
- Analyse and reverse engineering on possible malicious programs/scripts, provide mitigation recommendations and act in order to minimize the impact taking corrective actions on the information systems/tools/programs/scripts.
- Analysing cyber security incidents to solve issues and improve incident handling procedures.
- Post-events review and analyse gaps and vulnerabilities and propose improvements/recommendations/modification on company IT environment information security system.
- Develop programs/scripts as required to support security analysis and investigations, reverse engineering, reporting or as required by the containment, recovery or eradication actions or to maintain the impacted information systems at a secure level. Implement or recommend information system modification and correction as is needed.
- Receive Tier 2/3 incident escalation from detection operations and assist with near real-time incident coordination, response and reporting.
- Support different projects related to deployment of new information systems, integration between different information systems as required by analysing, proposing designs, testing and validating them or their integrations.
- Coordination with appropriate departments or partners during a security incident – management, legal, security, operations, and others.
- Conducting research regarding the latest methods, tools, applications and trends in digital forensics analysis.
- Creating thorough reports and documentation of all incidents and procedures; presenting findings to team and leadership on a routine basis.
- Conduct vulnerability scans, analyse reports, and guide remediation efforts.
SKILLS & RELEVANT WORK EXPERIENCE
- 1 – 3 years IT Security related work experience
- Bachelor’s degree or equivalent combination of education and experience
- Experience with some security tools SIEM, IPS/IDS, EDR, AV, Scanners, FW, Netflow, etc.
- Experience with security assessment tools such as NMAP, Netcat, Qualys, or Metasploit is a plus
- Knowledge of operating systems including Linux/Unix or Windows
- Knowledge of incident response methodology as well as at least one of the following: security architecture, system administration, or networking
- Good understanding of computer intrusion activities, incident response techniques, tools, and procedures
- Knowledge with Vulnerability Management process and technologies
- Knowledge with programming languages such as PowerShell, Python, etc
- Strong work ethic with attention to detail
- Ability to communicate security issues to peers and management
- Industry certifications such as CompTIA Security+, GCIH, CISSP are strongly preferred
