As a Cyber Security Engineer, you will be the technical lead within the Cyber Security Operations Centre (CSOC) for all SIEM and security platforms by managing and improving each to meet the requirements of the business.
A typical day includes a high level of technical ability and understanding across a variety of security systems, particularly within Microsoft.
Key SOC capabilities
- Intrusion Analysis: Intrusion analysis is required to triage alerts from numerous types of IT security controls. You will investigate alerts relating to actual or suspected security incidents, escalating via the appropriate incident management process when required. You will also be responsible for improving Intrusion Detection capabilities by being aware of the latest cyber-attack techniques, reducing false positive alerts, and writing correlation rules and attack signatures.
- Cyber Security Incident Response: You will be required to respond to suspected or actual computer security incidents. Your objective will be to identify if an incident has occurred, assess the impact and escalate within virtual teams to ensure all available resources are used to limit the impact of the incident and disruption to customer’s business is minimised.
- Threat Assessment: You will compile information on the capabilities and motivation of adversaries and other threat actors and presenting this in a variety of forms to illustrate technical threat and assist customers in understanding the threats relevant to them.
You will assist in establishing and maintaining processes, tooling and metrics that help provide a high level of productivity, supportability, and operational readiness while also participating in project planning activities such as service enhancements and change management controls.
- You will work with the technical lead / SME for the CSOC and SIEM service offering by managing and improving the platforms to meet the requirements of the business and/or client.
- Configure and develop SIEM tooling, and associated tool sets, to deliver effective and efficient SOC services through automation and orchestration, and to increase MTTD whilst reducing false positives and negatives.
- Ensure all security platforms are optimised to detect and prevent security threats across all on-prem and cloud environments to meet business objectives and regulatory requirements
- Provide technical oversight and support for the identification, triage and response to events or incidents of a suspicious or malicious nature, and apparent security breaches.
- Act as a technical escalation point for SOC Analysts and Senior SOC Analysts in delivery of our CSOC services.
- You will work collaboratively with architects, infrastructure teams and key stakeholders inside and out of the business ensuring security and monitoring requirements are determined and implemented through onboarding or continuous improvement activities
- Actively support the onboarding of new clients throughout the transition to service delivery lifecycle.
- Deliver a variety of projects including planning and execution of changes, documentation, including training, skills and knowledge transfer to the team and clients.
- Maintain a continuous understanding of the threat landscape with in-depth knowledge around threat actors, TTPs and vulnerabilities
- Excellent soft skills in the form of team working, problem solving and communication.
- You are a self-starter, keen to develop new services and can collaborate effectively.
- Technical experience in a Security Operations Centre, Incident Response Team or similar environment.
- Experience with a variety of SIEM platforms, ideally Azure Sentinel, and monitoring tools, configuration management tools, host virtualisation, containerisation, vulnerability scanners, proxies, WAFs.
- An in-depth knowledge of log formats, log transports and log analysis as well as automating log ingestion and normalisation in a SOC environment.
click here.for the list of benefits.
If work-life balance is as important for you as it is for us, you'll like our remote-first hybrid working policy: four days per month in a C+C office or with your clients.
You'll get a chance to discuss with your manager about the days that work best for you and your team to meet in person
All recruitment and selection for Content+Cloud is guided by the principles of our Employment Equity Plan"