Adversaries are working around the clock to beat defences, compromise networks and steal sensitive company data. To stay ahead of the threats we are looking for an inspired and dedicated Cyber Defence Analyst who is passionate about cybersecurity. The successful candidate will need to have experience in network and security technologies and be capable of delivering high quality work within a technical environment
- Mature the company’s Cyber Incident response plan, processes, and playbooks.
- Deployment or assist with deployment of technical solutions for detecting & preventing potential threats.
- Fine tune existing IoCs to reduce false positives.
- Work closely with the Offensive Red Team to mature detection capabilities.
- Assist in performing threat hunting activities.
- As part of this role, the analyst will be required to review alerts received via email or the SIEM platform and perform initial investigation, triage, and response. The response steps might require you to run additional scans, block domains/IPs, disable accounts etc.
- Assist with monthly reporting on alerts and incidents raised.
- Assist with running regular phishing simulations using the company’s security awareness solution.
- Ability to run an investigation from start to finish, including pivoting between data types and correlating events.
- Strong knowledge of Windows and Linux.
- Knowledge of IT security controls (Network IPS, Vulnerability Scanning, Endpoint Protection, Firewalls, Cloud Access Security Brokers).
- Pentest/Red Team knowledge.
- Understanding the Attack life cycle.
- Familiarity and understanding of basic SQL and KQL queries.
- Use of forensic analysis tools, e.g. Autopsy, Caine, SIFT.
- Exposure to different cloud services (Amazon Web Services, Azure, Google Cloud).
- Understanding of TCP/IP and networking concepts.
Qualification & Experience:
- Experience with using SIEM platforms & technologies.
- 1+ years’ experience in IT Security, specialising in incident investigation & threat hunting using various tools and techniques.
- Previous Security Operations Centre experience.
- Other relevant technology certifications, e.g. Red Hat Certified Admin, Azure Administrator Associate.
- Relevant industry security certifications such as: Security+, Network+, CySA+, other Blue Team training and certifications
- Experience with responding to phishing emails, malware analysis, network attacks and network traffic analysis.
Vacancy Type: Full Time
Job Location: Cape Town, Western Cape, South Africa
Application Deadline: N/A