Cyber Security Analyst

TFG is an internationally diversified retail portfolio of 34 speciality lifestyle and apparel brands that Inspire our Customers to live their Best Lives and are woven into the lives of millions.

Our vision is to create the most remarkable omnichannel experiences for our customers.

TFG is more than a workplace, it's a launchpad for your growth.

Join us and explore endless growth opportunities across our diverse brands.

We're a purpose-led business, and on this team, you'll share the pride of making an impact across a whole industry. We're the designers, the makers, the shakers and the teams behind the scenes. Are you with us?

Key Responsibilities:

1. Security Monitoring: Continuously monitor security alerts and events from various sources, including Microsoft Sentinel, Defender for Endpoint and Defender for Cloud.
2. Log Management: Perform log ingestion, define use cases, and create alerts for critical assets.
3. Develop Detection Rules: Create, implement, and fine-tune analytical rules, alerts, and queries in Microsoft Sentinel and Defender to detect security incidents and reduce false positives.
4. Behavioural Analytics: Leverage user and entity behaviour analytics (UEBA) to identify abnormal activities and enhance detection capabilities.
5. Customize Playbooks: Develop and customize automation playbooks in Sentinel and Defender to streamline incident response processes and improve efficiency.
6. Threat Hunting: Using IOCs and threat intelligence, perform threat hunting across the environment. Create and maintain risk profiles for users, systems, and applications. Identify patterns, trends, and anomalies in security events to detect threats.
7. Incident Response: Analyze and investigate security incidents to identify potential threats. Respond promptly to security incidents, provide initial analysis, conduct business impact assessment, isolate, eradicate and recover from threats. Document and report incidents, ensuring accurate and comprehensive records. Follow established incident response procedures, playbooks and contribute to their enhancement. Manage a Cybersecurity incident from end-to-end including stakeholder engagements, investigations, continuous feedback and report writing. Automate repetitive incident response tasks to streamline investigations, accelerate containment, and enhance threat intelligence enrichment.
8. Testing and Validation: Participate in Blue / Red / Purple team exercises. Participate in Cyber crisis simulations. Participate in Table-top exercises.
9. Business Context and Risk Management: Understand the Business value chain. Understand key Business processes. Understand the Business architecture and mapping to crown jewels (critical assets). Risk management with the ability to conduct risk assessments when required.
10. EndPoint Detection and Response (EDR): Manage and maintain endpoint security and compliance within agreed thresholds. Perform daily health checks on endpoint security and EDR solutions and remediate accordingly. Conduct regular scans and assessments to identify and mitigate potential vulnerabilities. Collaborate with IT teams to ensure endpoint security configurations align with organizational standards. Work with threat intelligence teams to enhance EDR threat-hunting capabilities. Correlate EDR data with SIEM, XDR, and threat intelligence for deeper insights.
11. Technology Leadership: Continuous improvement mindset. Platform optimization. Understanding of SaaS based budgeting and licensing models. Research and development. Deep technical experience.
12. Communication and Collaboration: Incident reporting writing skills. Create relevant dashboards, with the ability to create relevant KPIs / KRIs and present to senior leadership. Presentations to senior leadership. Engage with people from multi-cultural environments.

Qualifications and Experience:

1. Must have 4-6 years' experience in a SOC or Cybersecurity related role.
2. Candidates with the following technology experiences will be preferred: Microsoft Defender XDR, EDR, JAMF, Symantec DCS, DNS, network security, Online Brand Protection platforms, Mimecast, Symantec DLP, Next DLP, FortiAnalyzer, Sophos, CrowdStrike and Azure Sentinel.
3. Experience with common information technologies (Windows, VMware, and Cisco as well as some UNIX, Linux).
4. Experience with security tools (WAF, Proxy, DNS, IDS, firewalls, anti-virus, data loss prevention, Azure Entra ID, IAM, PAM, MFA, NAC, DLP).
5. Knowledge of Cloud Security Operations (SaaS, PaaS, IaaS), Mobile Architecture, Network and Application Security and / or Data Protection.

Skills:

1. Communication: Excellent written and verbal communication skills in English, with the ability to effectively communicate technical information to both technical and non-technical audiences.
2. Collaboration: Willing and able to share knowledge and learn from colleagues.
3. Reporting skills: Outstanding written skills for preparing email feedback and incident reports.
4. Time Management: Ability to work in independent environments under aggressive timelines and pressure. Ability to manage stress and pressure.
5. Passion for continuous learning and development. A "go getter" who is willing to go the extra mile to identify problems and recommend innovative solutions.

Behaviours:

1. Action Oriented: Readily takes on new challenges and opportunities with a sense of urgency and eagerness.
2. Communicates Effectively: Conveys information and communicates ideas in a clear, concise and impactful manner.
3. Courage: Confronts and tackles challenging situations with courage.
4. Decision Quality: Consistently makes timely, well-rounded and informed decisions.
5. Ensures Accountability: Takes accountability and ensures others are held to account on agreed upon performance targets.
6. Manages Complexity: Interprets and simplifies complex and contradictory information when resolving organizational problems.
7. Plans and Aligns: Develops plans and prioritizes initiatives that align to the organizational goals and objectives.
8. Tech Savvy: Leverages new technology to enhance productivity, improve problem solving, and support business growth.

Preference will be given, but not limited to candidates from designated groups in terms of the Employment Equity Act.