Logicalis employees are innovative, smart, entrepreneurial and customer centric, with a shared ambition of making Logicalis the worlds leading IT Solutions provider!
We offer speedy decision-making, opportunities for personal development, and a supportive, inclusive environment that celebrates our diversity.
Join us and become a part of something epic!
ROLE PURPOSE
The Security Operations Centre will provide defence against security breaches and actively isolate and mitigate security risks. The Tier 3 SOC Analyst forms part of the security operations centre SOC team. The SOC Team will identify, analyse, and react to cyber security threats using a reliable set of processes and security technologies. The SOC Team includes the SOC Manager, SIEM Platform Manager, Case Manager, Tier 1 SOC Analysts, Tier 3 SOC Analyst, and Security Analysts. They work with IT operational teams to address security incidents and
events quickly. The SOC Team will provide a critical layer of analysis needed to seek out any irregular activity that could suggest a security incident.
ROLE AND DELIVERY RESPONSIBILITIES:
The job role includes actively participating in the incident detection process as follows:
Possesses in-depth knowledge of network, endpoint, threat intelligence, forensics and malware reverse Analysis, as well as the functioning of specific applications or underlying IT infrastructureActs as an incident “hunter,” not waiting for escalated incidentsClosely involved in developing, tuning, and implementing threat detection analyticsActs as the escalation for Tier 1 and 2 SOC AnalystsResponds to and oversees the remediation of a declared security incidentCompletes the Root Cause Analysis Report for P1 to P4Provides guidance to Tier 1 and 2 SOC AnalystsAct as Team Leader of Tier 1 and 2 SOC AnalystsUses threat intelligence such as updated rules and Indicators of Compromise (IOCs) to pinpoint affected systems and the extent of the attackMonitors shift-related metrics ensuring applicable reporting is gathered and disseminated to the SOC ManagerMake recommendations to the SOC ManagerOversees the analysis on running processes and configs on affected systemsUndertakes in-depth threat intelligence analysis to find the perpetrator, the type of attack, and the data or systems impactedOversees the containment and recoveryOversees the deep-dive incident analysis by correlating data from various sourcesValidates if a critical system or data set has been impactedProvides support for analytic methods for detecting threatsConducts advanced triage based on defined run books of alertsUndertakes threat intelligence research if need beValidates false positives, policy violations, intrusion attempts, security threats and potential compromisesUndertakes security incident triage to provide necessary context prior to escalating to relevant Security Specialists to perform deeper analysis when necessaryFurther analyses alarms by method e.g. credentials compromised and by asset classBased on the correlation rules and alarms within the SIEM and run books, further analyses anomaly tactic using the MITRE ATT&CK frameworkAnalyses event and process metadata in real-time or retrospectively, and identify suspicious files/scripts seen for the first timeCloses tickets in the SIEM platform – this would be automatically created into Service NowManages security incidents using the SIEM platform and defined operational proceduresPerforms a further investigation of potential incidents, and escalate or close events as applicableValidates investigation results, ensuring relevant details are passed on to Tier 2 SOC Level 2 for further event analysisCloses out deeper analysis and review activitiesAssist senior SOC staff with operational responsibilitiesKEY PERFORMANCE INDICATORS:
KPI’s
SIEM Security Appliance Operations ManagementSupport and AdministrationPolicy ManagementPlatform MonitoringStandard ReportingService Level ManagementVarious Security platforms administration and configuration, policy configurationSecurity platforms with SIEM integration and participate in the security incident and event investigations and remediationEnsure IT policies are met with regards to data security and IntegrityEnsure IT policies are met with regards to network securityPERSON REQUIREMENTS:
EXPERIENCE:
Strong knowledge and experience working with SIEM Solutions, QRadar, McAfee ESM, Azure SentinelProven experience with Office 365, Active Directory, SQL, Azure and Microsoft Exchange.Strong knowledge and experience working with Linux Operating systemsGood knowledge and experience of TCP/ IP networks including LAN and various WAN technologies including WirelessGood experience working with MimecastGood experience working Cofense PhismeGood experience working with Nessus or QualysGood understanding of the MITRE ATT&CK frameworkGood understanding of the ITIL Framework.Brilliant with a support ticketing system and experience in meeting SLA targets.Familiarity with risk management and quality assurance control.Excellent interpersonal skills and professional demeanorExcellent verbal and written communication skillsCandidate must be eligible to obtain National Security ClearanceQUALIFICATIONS:
Grade 12SIEM Technology certificationITIL Foundation qualificationDegree or Diploma in Computer TechnologyCompTIA A+, N+ S+CompTIA CySa and CASP+ advantageousADDITIONAL SKILLS/ATTRIBUTES:
Advanced Microsoft Excel experience, specifically data interpretationGood understanding of IT infrastructureA high command of the English language both written and verbal is essential.Self-motivated with the ability to work unsupervised.Attention to detailPunctualityExcellent verbal and written communication skillsAbility to remain flexible and adapt to changing priorities with promptness, efficiency, and easePossess proficient analytical and decision-making skillsDemonstrated capacity for gathering and scrutinizing data to identify issues, opportunities, and patternsProficient relationship building skills – predict customer behavior and respond accordinglyA strong service-oriented (‘can-do’) culture, with a strong focus on the ‘internal customer’ approach, committed to exceeding customer expectationsGood communicator with the customer environmentDynamic but aware of the views and feelings of othersAble to operate as a good team playerDrive and EnergyDemonstrate clear purpose, enthusiasm, and commitment