Cybersecurity Analyst
The Foschini Group
- Western Cape
- Permanent
- Full-time
- Perform log ingestion, define use cases, and create alerts for critical assets.
- Perform daily SIEM health checks and remediate accordingly.
- Monitor security alerts and events using various tools and technologies.
- Analyze and investigate security incidents to identify potential threats.
- Collaborate with team members to develop and implement effective monitoring strategies.
- Using IOCs and threat intelligence, perform threat hunting across environment.
- Respond promptly to security incidents, provide initial analysis, conduct business impact assessment, isolate, eradiate and recovery from threats.
- Document and report incidents, ensuring accurate and comprehensive records.
- Follow established incident response procedures, playbooks and contribute to their enhancement.
- Manage and maintain endpoint security and EDR solutions.
- Perform daily health checks endpoint security and EDR solutions and remediate accordingly.
- Conduct regular scans and assessments to identify and mitigate potential vulnerabilities.
- Work with IT teams to ensure endpoint security configurations align with organizational standards.
- Assist in the identification and prioritization of vulnerabilities within the organization's infrastructure.
- Collaborate with system owners and IT teams to remediate identified vulnerabilities.
- Stay informed about the latest security threats and vulnerabilities.
- Monitor and analyze email traffic for potential security threats.
- Respond to and mitigate email-borne security incidents.
- Work with email security solutions to enhance protection against phishing and malware attacks.
- Relevant degree or advanced diploma in Computer Science, Information Systems, Business or related field, or equivalent combination of education/experience.
- One or more certifications in: EC-Council SOC, Security+, AWS Certifications, Microsoft Certifications, Google Certifications
- Must have 3-6 years' experience in a Cybersecurity related role.
- Practical experience with system monitoring SIEM, assessment, and reporting tools (ArcSight, IBM QRadar, Splunk, Sentinel, Exabeam, SIEMonster, AlientVault etc.)
- Practical experience with EDR and XDR tools.
- Proficiency in network security, operating systems, and security technologies.
- Experience with common information technologies (Windows, VMware, and Cisco as well as some UNIX, Linux).
- Experience with Vulnerability and Malware Analysis (threat and attack analysis).
- Experience with security tools (WAF, Proxy, DNS, IDS, firewalls, anti-virus, data loss prevention, etc.).
- Knowledge of Cloud Security Operations (SaaS, PaaS, IaaS), Mobile Architecture, Network and Application Security and/or Data Protection
- Technology experience to be considered; Security+; Microsoft Security Certifications (MS-SC200); Azure Certifications, Recognised SOC certification
- Ability to work in independent environments under aggressive timelines.
- Ability to develop and maintain working relationships in a global environment.
- Excellent analytical and problem- solving skills
- Outstanding written skills for preparing reports and briefings.
- Communicates Effectively - conveys information and communicates ideas in a clear, concise and impactful manner
- Decision Quality - consistently makes timely, well-rounded and informed decisions
- Ensures Accountability - takes accountability and ensures others are held to account on agreed upon performance targets
- Manages Complexity - interprets and simplifies complex and contradictory information when resolving organisational problems
- Tech Savvy - leverages new technology to enhance productivity, improve problem solving, and support business growth