Cyber Security Analyst

JOB TITLE:

Senior Cyber Security Analyst

LOCATION:

Remote (Johannesburg / Cape Town)

ABOUT CYBERLOGIC:

Cyberlogic is a trusted Managed Solutions Provider with offices in South Africa, Mauritius, and the UK. Serving a diverse range of clients, spanning numerous industries, including the international maritime sector, Cyberlogic specialises in IT leadership, cyber security, cloud solutions, and business intelligence. For almost three decades, Cyberlogic has been committed to enabling digital transformation through delivering unquestionable value.

Our delivery focus has enabled us to build up a national and international footprint of loyal clients that rely on us to provide transparent, open guidance to improve their processes, grow their businesses, and secure their data.

Cyberlogic is part of the Hyperclear Technology group, which boasts a diverse technology offering including robotic process automation (RPA), business process management (BPM) data analytics, and decisioning technology.

Through our non-profit, R4C (Ride for a Child), we partner with Bright Start Education Foundation, an organisation empowering deserving learners from underprivileged communities, providing holistic support and guidance throughout their educational careers.

OUR VALUES:

• We challenge ourselves to be more AWESOME
• We are driven to KEEP learning and EVOLVING
• We look beyond symptoms to identify and RESOLVE ROOT CAUSES
• We hold each other accountable through CANDID and constructive FEEDBACK
• We respect and care for each other and know we will only SUCCEED if we work AS A TEAM
• We CARE deeply ABOUT the success of CYBERLOGIC
• We FINISH WHAT WE START
• We always GIVE OUR BEST even if it means putting in the hard yards
• We KEEP THINGS SIMPLE

PURPOSE OF POSITION:

As a Cyber Security Analyst within Cyber Forensics, you will play a pivotal role in advancing the security objectives of both our clients and our organisation. Your expertise will be instrumental in developing, implementing, and maintaining technical security solutions, processes, and controls to safeguard against unauthorised access, use, disclosure, modification, damage, or loss of client systems and data. As a key technical member of our Security team, you will lead efforts to strengthen our clients' defences against cyber threats by developing and maintaining cutting-edge Cyber Security Technology Solutions and Cyber Security Control Frameworks, ensuring their environments are robustly protected.

KEY RESPONSIBILITIES:

Problem Solving and Implementing Security Measures: 

• Assess and address complex security issues.
• Lead the implementation of security protocols and tools following established procedures.
• Identifying and resolving security gaps through technical analysis of systems and procedures.
• Conduct security audits and evaluate current security measures for improvement.
• Provide support to team heads and leads in developing and maintaining security documentation, procedures, and standards, including CoCs and SOPs.

Escalations and Incident Response:

• Oversee the monitoring of security alerts and events.
• Action escalated tickets from technicians within SLA timeframes and provide support and guidance where needed to facilitate learning opportunity.
• Collaborate with technicians to monitor incidents, offering assistance, training and guidance to junior team members.
• Identify recurring patterns or trends in security events and conduct investigations to identify the root cause of the security incidents.
• Lead incident response procedures to contain, mitigate, and resolve security incidents as required according to the SLA timeframe.
• Participate in incident response exercises and simulations to test the effectiveness of response procedures and enhance readiness to handle security incidents.
• Communicate escalation and incident response outcomes appropriately to team leader, clients and relevant stakeholders.

Security Tool management and Maintenance:

• Implement strategies to minimise unnecessary alerts and noise within security queues.
• Modify the security tools to reduce the occurrence of false positive alerts.

SOC Strategy:

• Drive SOC strategy by collaborating with the technical lead to develop Proof of Concepts for technologies offering enhanced value.
• Deliver presentations to senior leaders of the group, outlining SOC strategies and recommendations.

Security Awareness and Training:

• Guide and support junior team members in the planning and the implementation of phishing campaigns on a quarterly basis to simulate cyber threats and assess clients' security awareness.
• Analyse phishing campaign outcomes and promptly distribute statistical reports to clients, offering insights into the effectiveness of security awareness efforts.
• Assisting in the development and delivery of security awareness programs.
• Providing training to junior team member to improve team behaviour and work etiquette in customer interactions and feedback.

Client Communication and Support:

• Respond to Tier 2 client inquiries and incidents via email within the specified SLA timeframe, providing timely updates and resolutions.
• Manage escalations from junior team members and provide telephonic and email communication to clients according to SLA timeframe.

Security Investigations:

• Oversee ongoing investigations into past incidents to uncover deeper insights and enhance understanding on previous incidents.
• Lead ongoing market research to identify external trends for internal implementation.
• Guide junior team members in implementing remediation measures to address identified security threats by following established procedures and guidelines.

Auditing and Reporting:

• Manage audits of client environments, guiding junior team members in data collection and vulnerability identification within client environments.
• Create incident reports and communication finding with the clients as required.
• Guide junior team members in resolving discrepancies or mismatches identified during audits.
• Collaborate with team leaders to address shortcomings in audit results presentations.
• Drive improvements in reporting aspects to provide more value to the clients.

Documentation:

• Review documented guides compiled by interns and technicians as first point of review and then share with the Team Leaders to sign off.
• Provide guidance and feedback to interns and technicians to improve documentation quality.

Continuous Learning:

• Stay up-to-date with industry trends and best practices to enhance technical expertise.
• Engage in hands-on learning by shadowing senior Security members.
• Attend CyberLearning sessions on a weekly basis.
• Continuously upskill in the cyber security domain.

Standby:

• Participate in weekly compulsory standby on a rotating basis.
• Serve as second of contact for client inquiries, including handlings tier two escalations.

Onboarding:

• Set up accounts for applications and solutions for clients.

Coaching and Mentoring:

• Support and mentor junior team members in conducting investigations and utilising tools effectively.
• Assign tasks to analysts and interns, delegating responsibilities accordingly.
• Provide leadership and guidance to junior technicians and interns, fostering their professional development.

Project Participation:

• Participate in project initiatives, provide guidance to junior team members, and support in driving projects to successful completion.

Vulnerability Remediation:

• Lead software upgrade initiatives, ensuring all upgrades are conducted efficiently and in compliance with security standards.
• Oversee and execute security configuration changes, ensuring alignment with best practices and organisational policies.
• Advise clients on advanced security measures required for devices.

Script Creation for Automation:

• Lead the creation of complex scripts for PowerShell, Bash, or Terminal to automate critical changes on devices.
• Conduct comprehensive testing of scripts in sandboxes, evaluate their behaviour, and ensure they are safe for deployment while providing guidance to team members.

Vulnerability Research:

• Lead in-depth research on vulnerabilities, assess their potential impact on the environment, and develop and recommend effective mitigation strategies to ensure robust security measures are in place.

KEY REQUIREMENTS:

Required:

• 2-3 years of experience
• National Certificate or equivalent
• Darktrace
  - Threat Visualizer Part 1 - Familiarization.
  - Threat Visualizer Part 2 - Investigation.
  - Cyber Analyst Part 1 & Part 2.
  - Darktrace/ Email Part 1 - Familiarization
  - Darktrace/ Email Part 2 – Customization

• Qualys
  - Vulnerability Management Self-Paced Training.
  - Patch Management Self-Paced Training.
  - Web Application Scanning Self-Paced Training.
  - Cloud Agent Self-Paced Training.
  - Qualys API Fundamental Self-Paced Training.
  - Qualys Query Language Training

• SC-200
• SC-100
• CySa+
• CASP+
• Ethical hacking related certification
• AZ-500

Beneficial:

• CompTIA S+
• Malware Analysis Certification
• Forensic Certification
• Network Certifications: Network + and/or CCNA

COMPETENCIES:

Technical Competencies & Skills:

• Basic understanding Office 365 Platform.
• Advanced knowledge in network and email security.
• Advanced knowledge of Computer Networks.
• Demonstrate competence in delivering remote support.
• Proficient knowledge of computer hardware components.
• Competent in documenting processes and procedures in relation to SOC operations, services, and tooling.
• Advanced level in Microsoft Word.
• Intermediate level in Microsoft Excel.
• Advanced knowledge of Vulnerability Tools such as Qualys or Nessus.
• Advanced understanding with Ticketing tools such as Autotask or helpdesk software.
• Advanced understanding of RMM tools such as N-central.
• Understanding of Patch Management.
• Python coding (beneficial)
• Exposure to SOAR and playbooks (beneficial)
• Understanding command and control/ understanding how hackers may compromise your system.
• Advanced understanding of SOC tooling, such as Darktrace, MS Sentinel, Qualys, MS Defender, Sentinel 1 etc. (beneficial).

Should you work from home, it is your responsibility to ensure that you have uninterrupted internet connectivity and a ‘work-like’ environment at your home location to deliver your best in terms of performance and productivity.