Analyses and monitors the organization's cyber security measures; responds to actual penetration attempts by malicious parties
* Perform forensic analysis and gather evidence
* Correlation monitoring using multiple SIEM technologies
* Assist in gathering forensic data and physical equipment
* Act as incident responder for potential incident identified
* Ability to work under pressure
* In-depth understanding of the cyber threat landscape and advances adversary tactics
* Conduct security assessments regularly to identify vulnerabilities and performing risk analysis.
* Analyse the breach to reach the root cause.
* Generate reports for IT administrators, business managers, and security leaders. These reports serve as an input to evaluate the efficacy of the security controls.
* Advise and implement necessary changes required to counter the attack or improvise security standards.
* Keep the security systems up to date and contributing to security strategies.
* Document incidents to contribute to incident response and disaster recovery plans.
* Perform internal and external security audits.
* In the case of third-party vendors, verify their security strength and collaborate with them.
* Monitoring security infrastructure, identifying and reporting Real Time attacks and vulnerabilities on the client network.
* Identification of incidents and subsequent analysis and investigation to determine their severity and the response required.
* Ensure that incidents are correctly reported and documented in accordance with the relevant policies and procedures.
* Be prepared to provide a Technical Escalation Point during security incidents, establishing the extent of an attack, the business impacts, and advising on how best to contain the incident along with advice on systems hardening and mitigation measures to prevent a re-occurrence.
* Maintain a keen understanding of evolving threats and vulnerabilities to ensure the security of the client network.
* As required update Protective Monitoring/SOC documentation, processes and procedures and ensure currency.
Skills and Experiences
Ability to work under pressure
In-depth understanding of the cyber threat landscape and advances adversary tactics
The role requires an intermediate knowledge and experience of Linux; Windows; Azure; AWS; Elastic Stack; Tennable; Threat Intel gathering; Mitre Att&ck Framework; Office 365 security centre; Endpoint manager as well as Carbon black