IT Security Operations Centre Analyst (SOC)
Job Ad expires on May 11th, 2025The Role
Specifically, the successful jobholder will be required to:
- Be
part of a 24hr active Monitoring and analysis of the Bank’s networks for
malicious activity using Security Incident and Event Management (SIEM)
toolsets. This will include responding to and investigating alerts,
assisting with developing new security monitoring use cases, and ensuring
all investigative activity is properly documented in the bank’s ticketing
systems and followed by relevant support teams.
- Conduct
proactive cyber threat research & analysis. Monitoring open-source
intelligence sources for potential threats against the Bank, &
ensuring appropriate defensive actions are taken.
- Triage
and investigate alerts generated from various security monitoring
solutions and SIEM; indicators of compromise (IOCs like file hashes, IP
addresses, domains, etc.) and escalate them to the ICT respective units
and ensure that appropriate follow-up actions are taken to mitigate the
exposure.
- Document
all activities during an incident and provide leadership with status
updates during the life cycle of the incident.
- Analyze
a variety of network and host-based security appliance logs (Firewalls,
NIDS, HIDS, Sys Logs, etc.) to determine the corrective or mitigation
actions and escalation paths for each incident.
- Independently
follow procedures to contain, analyze, and eradicate malicious activity.
- Be
available, on-call, to rapidly troubleshoot any problems resulting from
infrastructure changes, security breaches, or other unplanned/unforeseen
circumstances.
- Assist
the ICT Security team in developing and maintaining SoC documentation and
processes.
- Form
part of the Bank’s Security Incident Response team, assisting with
whatever activities are deemed necessary by the incident leader.
- Submit
period and ad-hoc reports as required by HOD
Skills, Competencies and Experience
The successful candidate will be required to have the
following skills and competencies:
- Bachelor’s
degree in information technology, computer science or any related field.
- CISSP
CISA/CISM/CEH/Certified SOC analyst (CSA)/Security+/Network+/CCNA/SSCP or
other related certifications.
- 1+
years’ experience as a Security/Network Administrator or equivalent
knowledge.
- Technical
knowledge of databases, networks, and operating systems security.
- Knowledge
of various security methodologies and processes, and technical security
solutions (firewall and intrusion detection systems). Knowledge and
experience using one or more tools related to SIEM, intrusion detection
and prevention systems, network security managers, firewalls and end point
logging.
- Knowledge
of TCP/IP Protocols, network analysis, and network/security applications.
- Strong
written communication skills in report writing for incident reporting
Knowledge of specific tools and languages such as Wireshark, PowerShell,
Python and SQL knowledge highly desirable