Old Mutual is a firm believer in the African opportunity and our diverse talent reflects this.
Job Description
The SOC Analyst Tier 2 forms part of the Old Mutual SOC & Threat intel team. The SOC Team will identify, analyse, and react to cyber security threats using a reliable set of processes and security technologies. The SOC Team provides a critical layer of analysis needed to seek out any irregular activity that could suggest a security incident.
The job role includes actively participating in the incident detection process as follows:
- Possesses in-depth knowledge of network, endpoint, threat intelligence, as well as the functioning of specific applications or underlying IT infrastructure
- Closely involved in developing, tuning, and implementing threat detection analytics
- Acts as the 1st escalation for Tier 1 SOC Analysts
- Responds to and oversees the remediation of a declared security incident
- Completes the Root Cause Analysis Report for Incidents
- Uses threat intelligence such as updated rules and Indicators of Compromise (IOCs) to pinpoint affected systems and the extent of the attack
- Monitors shift-related metrics ensuring applicable reporting is gathered and disseminated to the Head of SOC and Threat Intel
- Oversees the analysis on running processes and configs on affected systems
- Undertakes in-depth threat intelligence analysis to find the perpetrator, the type of attack, and the data or systems impacted
- Provides support for analytic methods for detecting threats
- Undertakes threat intelligence research
- Validates false positives, policy violations, intrusion attempts, security threats and potential compromises
- Undertakes security incident triage to provide necessary context prior to escalating to relevant Security Specialists to perform deeper analysis when necessary
- Further analyses alarms by method e.g. credentials compromised and by asset class
- Based on the correlation rules and alarms within the SIEM and run books, further analyses anomaly tactic using the MITRE ATT&CK framework
- Manages security incidents using the SIEM platform and defined operational procedures.
Key Performance Indicators:
- Azure Sentinel SIEM Platform Monitoring
- Microsoft Defender 0365 Policy Management and deployment
- Standard SOC Reporting
- Incident Service Level Management
- Various Security platforms administration and configuration, policy configuration
- Security platforms with SIEM integration and participate in the security incident and event investigations and remediation
- Ensure IT policies are met with regards to data security and Integrity
- Ensure IT policies are met with regards to network security
Role Requirements:
Experience:
- Strong knowledge and experience working with SIEM Solutions, QRadar, McAfee ESM, Azure Sentinel.
- 2 to 4 years’ experience in IT Infrastructure Support, and a further 2 to 4 years’ track record as a Tier 2 SOC Analyst or Threat Hunter in an established SOC
- Experience working with Mimecast, Microsoft Defender 0365
- Experience working KnowB4 & PhishMe
- Good knowledge of networks technologies (protocols, design concepts, access control)
- Good knowledge of various security technologies (firewalls, web gateway, endpoint protection, vulnerability management, network infrastructure, etc.)
- Good experience working with Nessus or Qualys
- Good understanding of the MITRE ATT&CK framework
- Good understanding of the ITIL Framework.
- Good report writing skills. PowerBI or QlikView
- Brilliant with a support ticketing system and experience in meeting SLA targets.
- Familiarity with risk management and quality assurance control.
- Excellent interpersonal skills and professional demeanor
- Excellent verbal and written communication skills
- Candidate must be eligible to obtain National Security Clearance
Qualifications:
- Grade 12 (Matric) (Compulsory)
- Degree or Diploma in Computer Technology
- SIEM Technology certification (QRadar, McAfee ESM, Azure Sentinel)
- MCSE, MCSA.
- Microsoft SC-200, AZ500
- ITIL Foundation qualification
- CompTIA A+, N+ S+
- CNNA or equivalent
- CompTIA CySa and CASP+ advantageous
Closing Date: 19 October 2024
The appointment will be made from the designated group in line with the Employment Equity Plan of Old Mutual South Africa and the specific business unit in question.
Old Mutual Limited is pro-vaccination and encourages its workforce to be fully vaccinated against Covid-19.
All prospective employees are required to disclose their vaccination status as part of the recruitment process.
Please refer to the Old Mutual’s Covid-19 vaccination policy for further detail. Kindly note that Old Mutual reserves the right to reinstate the requirement to vaccinate at any point if it is of the view that it is imperative to do so.
#J-18808-Ljbffr