Responsible to ensure accurate and rapid response to security events
- Analyze security logs, SIEM alerts, and incident reports to identify and mitigate risks.
- Respond to and investigate security incidents, including breaches, malware outbreaks, and
phishing attacks. Monitor networks and systems for security breaches, alerts, and anomalous
activity.
Conduct root-cause analysis to prevent future incidents and develop incident responseprocedures.
Provide analysis and trending of security log data from various security devicesConfigure and maintain SIEM tools to align with the organization's security objectives andthreat landscape.
Create custom SIEM dashboards and reports for different stakeholders to visualize criticalsecurity metrics and incident data.
Develop and optimize SIEM content, including rules, alerts, and correlation logic, to improvethreat detection and response.
Advise and consult internal / external customers on risk assessment, threat modelling andvulnerability management. Perform risk assessments and recommend security measures to mitigate potential risks.
Document risks, vulnerabilities, and remediation strategies in a detailed risk managementreport.
Maintain up-to-date knowledge of the IT security industry, including awareness of new orrevised security solutions, improved security processes and development of new attacks and
threat vectors
Manage and optimize security tools, such as firewalls, antivirus software, and intrusiondetection / prevention systems (IDPS).
Perform 1st level troubleshooting on servers and network issues with regards to logcollection / security tools
Generate reports on security metrics, incidents, and remediation efforts for management.Maintain accurate documentation of incidents, security changes, and system configurations.Any other ad-hoc duties as required or assigned.Strong knowledge of cybersecurity principles, practices, and technologies.
Expertise in SIEM tools and content management, including rule creation, alert tuning, andreport customization.
Proficiency with security tools like firewalls, IDPS, antivirus, and vulnerability scanners.Knowledge of scripting (Python, PowerShell) for automation within the SIEM environment is aplus.
Ability to analyze and interpret security data to identify vulnerabilities and potential threats.Excellent communication skills, with the ability to explain complex security concepts to nontechnical stakeholders.
Strong analytical skills and attention to detail.Ability to work on-call or off-hours as needed to respond to security incidents.May require occasional travel for training or workshop.Bachelor Degree or Advanced Diploma in Computer Science, Information Technology,Cybersecurity from a recognized university or related field (or equivalent experience)
At least 1-3 years in a cybersecurity role, with hands-on experience in SIEM contentmanagement, network security, threat monitoring, or incident response.
Experience in the application of threat modelling or other risk identification techniquesDetailed knowledge of system security vulnerabilities and remediation techniques, includingpenetration testing and the development of exploits
Breadth of knowledge in information security space with emphasis on TCP / IP networksecurity, operating system security, common attack patterns and exploitation techniques
Relevant certifications (e.g., CompTIA Security+, Certified Information Systems SecurityProfessional (CISSP), Certified Ethical Hacker (CEH), GIAC Security Essentials (GSEC)) are a
plus
Effective leadership skills and a team playerStrong sense of ownership and drive