The Role

Specifically, the successful jobholder will be required to:

• Be part of a 24hr active Monitoring and analysis of the Bank’s networks for malicious activity using Security Incident and Event Management (SIEM) toolsets. This will include responding to and investigating alerts, assisting with developing new security monitoring use cases, and ensuring all investigative activity is properly documented in the bank’s ticketing systems and followed by relevant support teams.
• Conduct proactive cyber threat research & analysis. Monitoring open-source intelligence sources for potential threats against the Bank, & ensuring appropriate defensive actions are taken.
• Triage and investigate alerts generated from various security monitoring solutions and SIEM; indicators of compromise (IOCs like file hashes, IP addresses, domains, etc.) and escalate them to the ICT respective units and ensure that appropriate follow-up actions are taken to mitigate the exposure.
• Document all activities during an incident and provide leadership with status updates during the life cycle of the incident.
• Analyze a variety of network and host-based security appliance logs (Firewalls, NIDS, HIDS, Sys Logs, etc.) to determine the corrective or mitigation actions and escalation paths for each incident.
• Independently follow procedures to contain, analyze, and eradicate malicious activity.
• Be available, on-call, to rapidly troubleshoot any problems resulting from infrastructure changes, security breaches, or other unplanned/unforeseen circumstances.
• Assist the ICT Security team in developing and maintaining SoC documentation and processes.
• Form part of the Bank’s Security Incident Response team, assisting with whatever activities are deemed necessary by the incident leader.
• Submit period and ad-hoc reports as required by HOD

Skills, Competencies and Experience

The successful candidate will be required to have the following skills and competencies:

• Bachelor’s degree in information technology, computer science or any related field.
• CISSP CISA/CISM/CEH/Certified SOC analyst (CSA)/Security+/Network+/CCNA/SSCP or other related certifications.
• 1+ years’ experience as a Security/Network Administrator or equivalent knowledge.
• Technical knowledge of databases, networks, and operating systems security.
• Knowledge of various security methodologies and processes, and technical security solutions (firewall and intrusion detection systems). Knowledge and experience using one or more tools related to SIEM, intrusion detection and prevention systems, network security managers, firewalls and end point logging.
• Knowledge of TCP/IP Protocols, network analysis, and network/security applications.
• Strong written communication skills in report writing for incident reporting Knowledge of specific tools and languages such as Wireshark, PowerShell, Python and SQL knowledge highly desirable.