Cyber Security Lead Analyst (Level 2) New Zealand

  • Company:
    Avatar Recruitment
  • Location:
  • Salary:
    negotiable / month
  • Job type:
    Full-Time
  • Posted:
    3 weeks ago
  • Category:

Main purpose of the roleTo manage the daily operation of our Real-time Threat Management activities, following the sun – be the main point of contact until the South African office starts their day. This is a working from home, fully remote position, working office hours 8am – 5pm, Monday to Friday.Functions include operational security tasks such as performance and availability, monitoring, log monitoring, security incident detection and response, security event reporting, and content maintenance (tuning).Ensure service is effectively delivered and at the required level of services.
Job level Level 2, Reports to CSOC ManagerRequired minimum education and work experience
University Degree in Information Security and/ or a minimum of 5 years related practical SOC experience.
Industry Certifications: CISSP, CISM, CISA, CEH, CHFI (desired)
Prior experience working in a SOC/CSIRT for at least 5years leading a functional unit
Product Certifications in SIEM, Security Analytics, AV, Log Management
Strong knowledge of security standards including ISO27001, ASD, PCI DSS
Must have the ability to understand large, complex systems and be able to focus on specific details or subsystems, their vulnerabilities and linkages
Extensive experience dealing with malware, attack vectors and the ability to perform pattern analysis
Requires basic knowledge of hardware / software architecture and domains in IT operations with a focus on governance, risk and compliance.
Client.
Vendor.
Technical knowledge / competencies
Be familiar will current SOC operational methodologies
Knowledge of NIST 800 – (any SP in the 800 range)
Knowledge of firewalls, IDS, IPS, VLANS, AD, LDAP, routers and switches
Knowledge of SIEM technologies
Knowledge of root cause analysis and escalation procedures
Knowledge of CVE, Google Hacking and threat intelligence
Knowledge of ITIL
Knowledge of ISO 27001
Reporting skills, being able to articulate technical reports into business language in order to provide situational awareness and specialist advisory.
CISSP
OSCP
SANS Cyber Threat Intelligence
Project and process management
Key performance areas
Delivery of quality security monitoring service.
Reporting and documentation.
Mentoring and coaching.
Personal development and effectiveness.
Deliver according to Statement of Work.
Internal contacts
Head of Cyber Security Operations Centre CSOC.
CSIRT team.
Other functional peers.
Account manager.
Service delivery manager.
Technical delivery manager.
Key performance areas
Delivery of quality security monitoring serviceDevelop and/or maintain productive customer relationships, keeping customers and their needs as a primary focus of all decisions, actions and priorities.Deep dive into customer environment to gain understanding and deliver realistic and effective recommendations and/or solutions.Assess and accurately define customer circumstances, problems, expectations and needs, while resolving problems quickly.Responsible for ensuring divisional policies, procedures and standards are documented, approved, communicated and adhered to.Advise internal and external customers regarding CSOC related matters.Develop and deliver timely reports to management
Log and report all customer interactionsDrive the effective service delivery at the required level of servicesActively support technology and product adoption within the department to ensure it is best of breed (discerning), in order to provide quality services at scaleImplement automation of processes and technology management wherever possible to eliminate human error and effort, and to facilitate faster incident alerting and response timesPersonal development and effectiveness
Achieve relevant Vendor Certifications aligned to immediate/assigned job requirements and Personal Development Plan (PDP).Identify and act on own development and knowledge advancement needs and actively seek out opportunities to expand relevant knowledge to apply to the work environmentDeliver according to Statement of Work.Investigate and coordinate timely and appropriate SARB Group response to security incidents as well as provide investigation and coordination services to intelligence, investigative and support functions, with regards to security.
Investigate incident reports and alerts referred from the triage officers.
Continuously assess the response strategy of ongoing incidents, coordinate the execution of such strategy with operational areas and initiate the SIRT (Security Incident Response team) process.
Provide ongoing status updates to Triage officers, the Security Incident Response Team, the business continuity incident management team as well as other stakeholders.
Capture detailed incident information into incident management system to enable post incident analysis.
Ensure the root cause issues of incidents have been addressed or have been handed over to the appropriate security governance team member.
Recommend on response process improvements to the security monitoring team and applicable operational areas.
Support investigative functions with the provision or sourcing of needed technical security information and refer detailed computer based forensic analysis to the team lead or investigation coordinator to manage.
Engage with stakeholders across the SARB group at different levels of seniority, displaying the ability to solicit information as well as convey and explain information fluently.
Ensure industry practices and changes are maintained and incorporated in own functional area.
Organise self to ensure work allocated is completed within set time and defined standards.
Manage the Triage team in terms of daily functions, operations, administration.
Lead and direct the Triage officers.
Check all leave rosters, shift rosters, Tripper Accounts for correctness before submission to Services Delivery Manager.
Ensure that there is always a Triage officer on site for shift work.
Escalate any SARB concerns to Services Delivery Manager as soon as possible in order to address, in order to provide consistent excellent customer service.
Administrative tasks:
Manage the Triage team in terms of daily functions, operations, administration.
Lead and direct the Triage officers.
Check all leave rosters, shift rosters, Tripper Accounts for correctness before submission to Services Delivery Manager.
Ensure that there is always a Triage officer on site for shift work.
Escalate any SARB concerns to Services Delivery Manager as soon as possible in order to address, in order to provide consistent excellent customer service.