Job Description

  • Back
  • /
  • Job Description

SIEM Platform Manager

Gauteng Market Related
Sector: IT / Computers / Software
Posted: Wednesday, 22 June 2022





Signup/Login to apply

Job Details

SPECIFICATION

An IT solutions company are looking for an SIEM Platform Manager to join their team, to be part of the security operations centre SOC team. The SOC Team will identify, analyse, and react to cyber security threats using a reliable set of processes and security technologies. The SOC Team includes the SOC Manager, SIEM Platform Manager, Case Manager, SOC Tier 1,2 and 3 Analysts and Security Specialists. They work with IT operational teams to address security incidents and events quickly. The SOC Team will provide a critical layer of analysis needed to seek out any irregular activity that could suggest a security incident.

DUTIES WILL INCLUDE, BUT ARE NOT LIMITED TO:

  • Responsible for new SIEM architecture design, scoping and deployment.
  • Possesses in-depth knowledge of network, endpoint, threat intelligence, forensics, and malware reverse Analysis, as well as the functioning of specific applications or underlying IT infrastructure
  • Acts as an incident “hunter,” not waiting for escalated incidents
  • Closely involved in developing, tuning, and implementing threat detection analytics
  • Acts as the escalation for Tier 1 and 2 SOC Analysts
  • Responds to and oversees the remediation of a declared security incident
  • Completes the Root Cause Analysis Report for P1 to P4
  • Provides guidance to Tier 1 and 2 SOC Analysts
  • Act as Team Leader of Tier 1 and 2 SOC Analysts
  • Uses threat intelligence such as updated rules and Indicators of Compromise (IOCs) to pinpoint affected systems and the extent of the attack
  • Monitors shift-related metrics ensuring applicable reporting is gathered and disseminated to the SOC Manager
  • Make recommendations to the SOC Manager
  • Oversees the analysis on running processes and configs on affected systems
  • Undertakes in-depth threat intelligence analysis to find the perpetrator, the type of attack, and the data or systems impacted
  • Oversees the containment and recovery
  • Oversees the deep-dive incident analysis by correlating data from various sources
  • Validates if a critical system or data set has been impacted
  • Provides support for analytic methods for detecting threats
  • Conducts advanced triage based on defined run books of alerts
  • Undertakes threat intelligence research
  • Validates false positives, policy violations, intrusion attempts, security threats and potential compromises
  • Undertakes security incident triage to provide necessary context prior to escalating to relevant Security Specialists to perform deeper analysis when necessary
  • Further analyses alarms by method e.g. credentials compromised and by asset class
  • Based on the correlation rules and alarms within the SIEM and run books, further analyses anomaly tactic using the MITRE ATT&CK framework
  • Manages security incidents using the SIEM platform and defined operational procedures
  • Performs a further investigation of potential incidents, and escalate or close events as applicable
  • Closes out deeper analysis and review activities
  • Assist senior SOC staff with operational responsibilities

REQUIREMENTS              

  • SIEM Technology certification - QRadar, McAfee ESM, Splunk, Azure Sentinel
  • ITIL Foundation qualification
  • Degree or Diploma in Computer Technology
  • CompTIA CySa and CASP, CEH or OSCP
  • CNNA or Fortigate NSE 3 or equivalent
  • 5 – 10 years’ experience working in a SOC
  • 5 – 10 years’ experience in senior SOC role as Tier 3 or Security Engineer responsible for deployments and SIEM Platform management
  • Strong knowledge and experience working with SIEM Solutions, QRadar, McAfee ESM, Azure Sentinel
  • Strong knowledge and experience working SOAR solution and Incident ticketing systems
  • Strong knowledge and experience working with Linux Operating systems
  • Proven experience with Office 365, Active Directory, SQL, Azure and Microsoft Exchange.
  • Proven experience working with Nessus or Qualys
  • Proven experience of the ITIL and MITRE ATT&CK framework
  • Good knowledge and experience of TCP/ IP networks including LAN and various WAN technologies including Wireless
  • Good experience working with Mimecast or Forcepoint
  • Good experience working Cofense Phisme or Proofpoint
  • Brilliant with a support ticketing system and experience in meeting SLA targets.
  • Familiarity with risk management and quality assurance control.
  • Excellent interpersonal skills and professional demeanor
  • Excellent verbal and written communication skills
  • Candidate must be eligible to obtain National Security Clearance

Additional Skills/Attributes:

  • Advanced Microsoft Excel experience, specifically data interpretation
  • Good understanding of IT infrastructure
  • A high command of the English language both written and verbal is essential.
  • Self-motivated with the ability to work unsupervised.
  • Attention to detail
  • Punctuality
  • Excellent verbal and written communication skills
  • Ability to remain flexible and adapt to changing priorities with promptness, efficiency, and ease
  • Possess proficient analytical and decision-making skills
  • Demonstrated capacity for gathering and scrutinizing data to identify issues, opportunities, and patterns
  • Proficient relationship building skills – predict customer behavior and respond accordingly
  • A strong service-oriented (‘can-do’) culture, with a strong focus on the ‘internal customer’ approach, committed to exceeding customer expectations
  • Good communicator with the customer environment
  • Dynamic but aware of the views and feelings of others
  • Able to operate as a good team player
  • Drive and Energy
  • Demonstrate clear purpose, enthusiasm, and commitment