Adversaries are working around the clock to beat defences, compromise networks and steal sensitive company data. To stay ahead of the threats we are looking for an inspired and dedicated Cyber Defence Analyst who is passionate about cybersecurity. The successful candidate will need to have experience in network and security technologies and be capable of delivering high quality work within a technical environment
- Assist with monthly reporting on alerts and incidents raised.
- As part of this role, the analyst will be required to review alerts received via email or the SIEM platform and perform initial investigation, triage, and response. The response steps might require you to run additional scans, block domains/IPs, disable accounts etc.
- Deployment or assist with deployment of technical solutions for detecting & preventing potential threats.
- Assist with running regular phishing simulations using the company’s security awareness solution.
- Work closely with the Offensive Red Team to mature detection capabilities.
- Assist in performing threat hunting activities.
- Fine tune existing IoCs to reduce false positives.
- Mature the company’s Cyber Incident response plan, processes, and playbooks.
- Strong knowledge of Windows and Linux.
- Exposure to different cloud services (Amazon Web Services, Azure, Google Cloud).
- Ability to run an investigation from start to finish, including pivoting between data types and correlating events.
- Familiarity and understanding of basic SQL and KQL queries.
- Pentest/Red Team knowledge.
- Knowledge of IT security controls (Network IPS, Vulnerability Scanning, Endpoint Protection, Firewalls, Cloud Access Security Brokers).
- Use of forensic analysis tools, e.g. Autopsy, Caine, SIFT.
- Understanding of TCP/IP and networking concepts.
- Understanding the Attack life cycle.
Qualification & Experience:
- Previous Security Operations Centre experience.
- Experience with responding to phishing emails, malware analysis, network attacks and network traffic analysis.
- 1+ years’ experience in IT Security, specialising in incident investigation & threat hunting using various tools and techniques.
- Relevant industry security certifications such as: Security+, Network+, CySA+, other Blue Team training and certifications
- Other relevant technology certifications, e.g. Red Hat Certified Admin, Azure Administrator Associate.
- Experience with using SIEM platforms & technologies.
Vacancy Type: Full Time
Job Location: Cape Town, Western Cape, South Africa
Application Deadline: N/A