Cyber Security Analyst

Job title: Cyber Security Analyst

Job Location: Western Cape, Cape Town

Deadline: April 21, 2025

PURPOSE OF POSITION:

As a Cyber Security Analyst within Cyber Forensics, you will play a pivotal role in advancing the security objectives of both our clients and our organisation. Your expertise will be instrumental in developing, implementing, and maintaining technical security solutions, processes, and controls to safeguard against unauthorised access, use, disclosure, modification, damage, or loss of client systems and data. As a key technical member of our Security team, you will lead efforts to strengthen our clients' defences against cyber threats by developing and maintaining cutting-edge Cyber Security Technology Solutions and Cyber Security Control Frameworks, ensuring their environments are robustly protected.

KEY RESPONSIBILITIES:

1. Problem Solving and Implementing Security Measures:

• Assess and address complex security issues.
• Lead the implementation of security protocols and tools following established procedures.
• Identify and resolve security gaps through technical analysis of systems and procedures.
• Conduct security audits and evaluate current security measures for improvement.
• Provide support to team heads and leads in developing and maintaining security documentation, procedures, and standards, including CoCs and SOPs.

• Oversee the monitoring of security alerts and events.
• Action escalated tickets from technicians within SLA timeframes and provide support and guidance where needed to facilitate learning opportunities.
• Collaborate with technicians to monitor incidents, offering assistance, training, and guidance to junior team members.
• Identify recurring patterns or trends in security events and conduct investigations to identify the root cause of the security incidents.
• Lead incident response procedures to contain, mitigate, and resolve security incidents as required according to the SLA timeframe.
• Participate in incident response exercises and simulations to test the effectiveness of response procedures and enhance readiness to handle security incidents.
• Communicate escalation and incident response outcomes appropriately to team leader, clients, and relevant stakeholders.

• Implement strategies to minimise unnecessary alerts and noise within security queues.
• Modify the security tools to reduce the occurrence of false positive alerts.

• Drive SOC strategy by collaborating with the technical lead to develop Proof of Concepts for technologies offering enhanced value.
• Deliver presentations to senior leaders of the group, outlining SOC strategies and recommendations.

• Guide and support junior team members in the planning and implementation of phishing campaigns on a quarterly basis to simulate cyber threats and assess clients' security awareness.
• Analyse phishing campaign outcomes and promptly distribute statistical reports to clients, offering insights into the effectiveness of security awareness efforts.
• Assist in the development and delivery of security awareness programs.
• Provide training to junior team members to improve team behaviour and work etiquette in customer interactions and feedback.

• Respond to Tier 2 client inquiries and incidents via email within the specified SLA timeframe, providing timely updates and resolutions.
• Manage escalations from junior team members and provide telephonic and email communication to clients according to SLA timeframe.

• Oversee ongoing investigations into past incidents to uncover deeper insights and enhance understanding on previous incidents.
• Lead ongoing market research to identify external trends for internal implementation.
• Guide junior team members in implementing remediation measures to address identified security threats by following established procedures and guidelines.

• Manage audits of client environments, guiding junior team members in data collection and vulnerability identification within client environments.
• Create incident reports and communicate findings with the clients as required.
• Guide junior team members in resolving discrepancies or mismatches identified during audits.
• Collaborate with team leaders to address shortcomings in audit results presentations.
• Drive improvements in reporting aspects to provide more value to the clients.

• Review documented guides compiled by interns and technicians as first point of review and then share with the Team Leaders to sign off.
• Provide guidance and feedback to interns and technicians to improve documentation quality.

• Stay up-to-date with industry trends and best practices to enhance technical expertise.
• Engage in hands-on learning by shadowing senior Security members.
• Attend CyberLearning sessions on a weekly basis.
• Continuously upskill in the cyber security domain.

• Participate in weekly compulsory standby on a rotating basis.
• Serve as second point of contact for client inquiries, including handling tier two escalations.

• Set up accounts for applications and solutions for clients.

• Support and mentor junior team members in conducting investigations and utilising tools effectively.
• Assign tasks to analysts and interns, delegating responsibilities accordingly.
• Provide leadership and guidance to junior technicians and interns, fostering their professional development.

• Participate in project initiatives, provide guidance to junior team members, and support in driving projects to successful completion.

• Lead software upgrade initiatives, ensuring all upgrades are conducted efficiently and in compliance with security standards.
• Oversee and execute security configuration changes, ensuring alignment with best practices and organisational policies.
• Advise clients on advanced security measures required for devices.

• Lead the creation of complex scripts for PowerShell, Bash, or Terminal to automate critical changes on devices.
• Conduct comprehensive testing of scripts in sandboxes, evaluate their behaviour, and ensure they are safe for deployment while providing guidance to team members.

• Lead in-depth research on vulnerabilities, assess their potential impact on the environment, and develop and recommend effective mitigation strategies to ensure robust security measures are in place.

KEY REQUIREMENTS: Required:

• 2-3 years of experience
• National Certificate or equivalent
• Darktrace
• Threat Visualizer Part 1 Familiarization.
• Threat Visualizer Part 2 Investigation.
• Cyber Analyst Part 1 & Part 2.
• Darktrace / Email Part 1 Familiarization
• Darktrace / Email Part 2 – Customization
• Qualys
• Vulnerability Management Self-Paced Training.
• Patch Management Self-Paced Training.
• Web Application Scanning Self-Paced Training.
• Cloud Agent Self-Paced Training.
• Qualys API Fundamental Self-Paced Training.
• Qualys Query Language Training
• SC-200
• SC-100
• CySa+
• CASP+
• Ethical hacking related certification
• AZ-500

Beneficial:

• CompTIA S+
• Malware Analysis Certification
• Forensic Certification
• Network Certifications: Network + and / or CCNA

COMPETENCIES:

Technical Competencies & Skills:

• Basic understanding Office 365 Platform.
• Advanced knowledge in network and email security.
• Advanced knowledge of Computer Networks.
• Demonstrate competence in delivering remote support.
• Proficient knowledge of computer hardware components.
• Competent in documenting processes and procedures in relation to SOC operations, services, and tooling.
• Advanced level in Microsoft Word.
• Intermediate level in Microsoft Excel.
• Advanced knowledge of Vulnerability Tools such as Qualys or Nessus.
• Advanced understanding with Ticketing tools such as Autotask or helpdesk software.
• Advanced understanding of RMM tools such as N-central.
• Understanding of Patch Management.
• Python coding (beneficial)
• Exposure to SOAR and playbooks (beneficial)
• Understanding command and control / understanding how hackers may compromise your system.
• Advanced understanding of SOC tooling, such as Darktrace, MS Sentinel, Qualys, MS Defender, Sentinel 1 etc. (beneficial).

ICT jobs