Posted: 18 October 2023
A company providing secure cloud transformation by combining Microsoft cloud technology with cyber security, and managed services is looking for a T2 Security Analyst in Cape Town.
This position will assist the SecOps Tech Lead and Head of Security Operations in enhancing the SOC & SOAR operations within the company. The Security Analyst will collaborate closely with other teams to build services and solutions that align with security best practices and client assurance requirements. This includes, but is not limited to, the use of Microsoft Sentinel, Microsoft Defender for Endpoint, Microsoft Defender for Cloud, and all other MS Security Stacks.
The primary responsibility of the Security Analyst role is to carry out operational SOC and SOAR activities as directed by the SecOps Tech Lead and Head of Security Operations. This includes monitoring and responding to incidents and alerts within Microsoft Sentinel. The successful candidate will leverage their KQL knowledge for threat hunting, effectively closing down incidents with comprehensive documentation. Furthermore, they will contribute to the efficient day-to-day operations of the SOC, focusing on personnel, processes, and technology. With a solid foundation in IT Administration and understanding of common corporate technologies, they will ensure all client SLAs are met, maintaining consistently high client satisfaction scores.
You will be required to, work with members of the Security Operations Team to ensure all SOC & SOAR operational tasks are completed on time and work tickets updated / closed with satisfactory technical details included, and where appropriate escalate suspicious / malicious events to senior team members and the company or client incident response personnel in order to identify, contain and remediate active threats. You will also be required to develop and update operational documentation, as necessary.
Security Analysts will be comfortable engaging at both technical and non-technical levels, contributing as required in technical workshops and client briefings / service reviews. You will be working in an incredibly passionate environment, with great people in which you can actively contribute to develop and deliver our SOC & SOAR capability.
Location: Hybrid, Cape Town, South Africa
This is a shift role – 12-hour shifts with a 4-day on, 4-day off roster.
DUTIES & RESPONSIBILITIES, NOT LIMITED TO:
Strategy and Leadership:
- This is not a leadership role though you will be expected to mentor and support Junior Colleagues.
- Advanced knowledge and experience with Microsoft Sentinel, Microsoft Defender for Endpoint, and Microsoft Defender for Cloud Familiarity with other Microsoft Security Stacks and a broad understanding of common corporate technologies.
- Proficient in using KQL (Kusto Query Language) for threat hunting and other security-related investigations.
- Experience in IT administration, preferably within a Security Operations Center (SOC) environment.
- Experience in incident response and handling, including detailed incident reporting and documentation.
- Ability to analyze complex data and security logs to identify cyber security threats. Ability to communicate in both technical and non-technical terms, tailoring approach to the audience
- Self-motivated learner of technologies and methodologies to support best practice.
- Actively contributing to knowledge sharing across the business.
- Act as an operational point of contact during significant cyber security events
- Assist in the support of major incident handling within the SOC, and where applicable for clients
- Provide support and guidance regarding monitoring activities
- Provide “hands on” resource, working to ensure the company’s objectives and client SLA targets are achieved.
- Provide input and support for stakeholder communication.
- Assist and support the implementation of security controls, threat protection etc for both the company and its clients
- Assist and support the building and maintenance of security tools and applications e.g., MS Sentinel, MS Defender for Endpoint, and the other elements of the Defender suite
- Support other Security Analysts and clients on rules/policies/filters/use cases and SOC tooling.
- Assist with the implementation of improvements as part of on-going service enhancement or “lessons learned” following incident investigation (cause and affect).
- Assist in the review of incident closures, post incident reports and act upon improvements identified
- Undertake Threat Hunting, to include the development of queries to support improvements to the identification of undetected threats on client estates.
- Contribute to team development through knowledge sharing, briefing and production of guides, incident scenarios and playbooks.
- Show flexibility in developing knowledge of supporting areas and performing their responsibilities during times of operational need.
- Maintain currency in relation to security concepts, tools and best practices
- Willingness to work shifts (including unsociable hours and bank holidays) as part of 24×7 team working
- Ability to work effectively with internal systems such as Kimble, Teams, SharePoint and Office 365.
- Effective personal resource and time management with a commercial approach to work.
- Working remotely, or on site
Delivery and KPIs:
- Contribute to the full lifecycle of client solutions and service offerings, from proposition through to delivery and support and maintenance
- Communicate technical solutions in a clear, and concise approach for a variety of audiences from both a technical and business background.
- Contribute to well written and professional documentation, performance, and client reports.
- Assist the SecOps lead and Head of Security Operations in development of new service offerings, procedures, techniques, and policies.
- Assist in the recruitment, training, and development of the security operations team.
- Promoting and practicing high quality outcomes across all aspects of work
- ITIL V3
- CompTIA Security (or equivalent)
- CompTIA Network (or equivalent)
- SC-200, SC-300, SC-400
- Blue Team Level 1 / 2
- Demonstrable experience of operating within a security operations function.
- Strong IT Security knowledge, understanding the balance of business objectives and information security
- Experience with or understanding IT Infrastructure – Windows / Linux Servers, Firewalls etc
- A technical understanding of the security components and their impact.
- Experience with or understanding of Microsoft’s security stack, technologies – Microsoft Sentinel, Microsoft Defender suite etc
- Good working knowledge of multiple SOC tooling including SIEM / SOAR
- Good understanding of network methodologies and OSI Model layers.
- Good understanding of network technologies, Routers, Switches, Firewalls, ID/IPS, WAF & Proxy’s etc.
- Experience of working at technical levels within a Security Operations service.
- Demonstrable ability to troubleshoot and fault finding technical issues.
- Good communication and report writing skills.
- Knowledge of Backup and Disaster Recovery methodologies.
- Experience in supporting and assisting a Senior Incident Responder