Key Responsibilities:
Incident Handler
Primarily responsible for incident response
Analysis and determination of an incident response strategy to use in response to a declared incident.
Coordinate client CSIRT team activities to ensure incidents are resolved in a timely manner
Report on status of incidents to client and the business
Document incident response actions from detection to eradication and share with the team for review and debrief, and to facilitate information sharing between TIC and other teams.
To provide management oversight for the management of incident detected by the SOC, and escalations according to defined set of policies, processes, procedures, and SLA’s.
Analyst II role
Analyse events escalated by tier 1 analysts and approve, if necessary, further investigation of the events
Mentor tier 1 analysts to improve decision-making and analysis of incidents
Correctly scope extent and breadth of incidents by identifying IOCs, all infected hosts, and root cause/ patient zero
Review shift logs and handover reports for any escalations or key events that require urgent attention
Where possible, institute initial containment, eradication, and recovery measures for declared incidents
Vulnerability Management
Review vulnerability reports for scans ran by Analyst I
Refine reports and share with clients, and organize sessions to guide clients on closure of critical vulnerabilities
SIEM Support
Document noisy SIEM rules for review to reduce false positives
Ensure uptime of agents and collectors
Work closely with vendor to deliver desired client reports and dashboards
Document detection gaps for review and detection engineering
Automation Support
Review daily SOC activities to identify possible automation areas
Work closely with SOAR team in defining playbooks and testing automations
REQUIRED EDUCATION, EXPERIENCE, AND SKILLS
Academic Qualifications:
University degree in Information technology/Computer Science/Electrical Engineering/Telecommunications.
Professional:
Training in Security event triage
Security certification e.g. Security+, CySA, CEH,
Incident Handler training/certification e.g. ECIH,
SIEM Certification e.g. Splunk, QRadar, Fortinet
Desired work experience:
Two years’ experience in security and Network infrastructure support in medium to large organizations.
Experience working with different SIEM solutions
Two years’ experience in security event triage and analysis.
Technical Competencies
Knowledge and experience in modern practices for IT infrastructure security architecture and operations in medium to large organizations to provide guidance on incident handling
Interpersonal skills to effectively communicate with and manage customer expectations (internal and external), and other stakeholders who impact performance.
Technical skills to effectively perform or guide performance of analysis and incident handling activities/tasks in a manner that consistently produce high quality of service.
Behavioural Competences
Self-empowerment to enable development of open communication, teamwork and trust that are needed to support performance and customer-service oriented culture.
Leadership to nurture and sustain employee satisfaction, and to manage changes.
Interpersonal skills to effectively communicate with and manage customer expectations (internal and external), and other stakeholders who impact performance.
KNOWLEDGE, SKILLS AND ATTRIBUTES:
Basic understanding and appreciation of technical design and business principles
Demonstrates fundamental project management and administration ability
Display customer engagement skills
Demonstrate relevant domain specialist knowledge
Good verbal communication skills
Client focused and display a proactive approach to solving problems
Ability to work under pressure
Apply via :
careers.services.global.ntt
