- Detect Information Security incidents in real time through centralised monitoring
- Analyse Information security events from multiple sources, including SIEM, IPS/IDS, firewalls, etc. and identify the cause of incidents
- Respond to Information Security incidents by applying containment and eradication strategies
- Supervise incident response actions owned by internal and external teams
- Inform and advise management regarding Security incidents
- Mentor and train team members as required - Deliver technical training in areas such as log monitoring, security event analysis, and incident handling
- Drive innovation and improvement by identifying opportunities in new technologies, capabilities, processes and procedures
Skills and Abilities:
- Be a dependable team player with strong business insight, enthusiasm and a positive attitude.
- Be an excellent communicator, whether writing, speaking or presenting.
- Possess an impeccable work ethic and a high degree of integrity.
- Ability to make rapid informed decisions, while working in an agile environment.
- A good all-round knowledge of IT
Qualifications/Education, Experience and Eligibility:
- 5 years of experience in a similar position (Information Security operations / Incident Response) - Hands on experience in detecting, responding to, containing and remediating live security incidents is essential
- Demonstrated understanding of large enterprise computing environments, applications, and TCP/IP networks and protocols
- Knowledge of operating systems including Windows, Linux and macOS
- Experience with phishing, malware and dynamic analysis
- Proficient understanding of Information Security risks, threats, best practices and prevention measures
- A good all-round knowledge of IT systems & architecture
- Ability to work in team environments
- Excellent written and oral communication skills
- Knowledge of programming and scripting languages (Python, SQL, Bash, etc.)
Industry recognized certifications such as:
- SANS/GIAC certifications (GCFA, GCIH, GCIA, GNFA, GREM, etc.)
- Offensive Security certifications (OSCP, OSCE, etc.)
- CompTIA certifications (CySA+, Security+, CASP+, etc.)
- CERT certifications (CSIH - Computer Security Incident Handler, etc.)
- ISC2 certifications (e.g. CISSP)