Job Description

Responsibilities

• Act as Incident first responder for a 24/7 staffed SOC, reviewing and verifying system alerts
• Assist with the development of incident response plans, workflows, and SOPs
• Maintain security sensors and tools
• Monitor security sensors and review logs to identify intrusions
• Escalate security incidents using established policies and procedures
• Perform initial analysis of security events, network traffic, and logs to engineer new detection methods, or create efficiencies when available
• Work directly with threat intelligence analysts to convert intelligence into useful detection
• Identify incident root cause and take proactive mitigation step
• Perform lessons learned activities
• Provide analysis of security log data from a large number of heterogeneous security devices
• Review vulnerabilities and track resolution
• Review and process threat intel reports
• Implement detection use cases
• Liaise with Ensign customers on security intrusions and provide swift and accurate remedial action

• Diploma/Degree in Information System/Information Security from a recognized institution
• 3 -5 years working experience in a Security Operations Centre
• Good knowledge of network routing and switching fundamentals to include knowledge of Multiprotocol Layer Switching (MPLS)
• Good technical understanding of operating systems, network architecture and design
• Good knowledge of encryption, key management and cryptology
• Proven ability to plan and prioritize work, both their own and that of project team.
• Sound understanding of organizational issues and challenges. Able to work effectively with participants at all levels in an organization
• Ability to analyze problems and determine root causes, generating alternatives, evaluating and selecting alternatives and implementing solutions.
• Possess excellent writing skills and the ability to communicate to teammates as well as technical and executive level staff
• Results Oriented

• SANS recognized certification
• Professional information technology/security certifications such as ITIL, CCNA and CEH will be preferred but related qualification (i.e. GCIA, CISSP etc.)

• Able to perform 12-hour shift duties (2 days’ work with 2 off-days). Working hours: AM - 8:30am to 8:30pm; PM - 8:30pm to 8:30am. Shift patterns and duration may vary from time to time.