Job Description

Responsibilities. Act as Incident first responder for a 24/7 staffed SOC, reviewing and verifying system alerts. Assist with the development of incident response plans, workflows, and SOPs. Maintain security sensors and tools. Monitor security sensors and review logs to identify intrusions. Escalate security incidents using established policies and procedures. Perform initial analysis of security events, network traffic, and logs to engineer new detection methods, or create efficiencies when available. Work directly with threat intelligence analysts to convert intelligence into useful detection. Identify incident root cause and take proactive mitigation step. Perform lessons learned activities. Provide analysis of security log data from a large number of heterogeneous security devices. Review vulnerabilities and track resolution. Review and process threat intel reports. Implement detection use cases. Liaise with Ensign customers on security intrusions and provide swift and accurate remedial actionRequirements. Diploma/Degree in Information System/Information Security from a recognized institution. 3 -5 years working experience in a Security Operations Centre. Good knowledge of network routing and switching fundamentals to include knowledge of Multiprotocol Layer Switching (MPLS). Good technical understanding of operating systems, network architecture and design. Good knowledge of encryption, key management and cryptology. Proven ability to plan and prioritize work, both their own and that of project team.. Sound understanding of organizational issues and challenges. Able to work effectively with participants at all levels in an organization. Ability to analyze problems and determine root causes, generating alternatives, evaluating and selecting alternatives and implementing solutions.. Possess excellent writing skills and the ability to communicate to teammates as well as technical and executive level staff. Results OrientedPreferred Skills /Qualities. SANS recognized certification. Professional information technology/security certifications such as ITIL, CCNA and CEH will be preferred but related qualification (i.e. GCIA, CISSP etc.)Other Special Working Conditions. Able to perform 12-hour shift duties (2 days' work with 2 off-days). Working hours: AM - 8:30am to 8:30pm; PM - 8:30pm to 8:30am. Shift patterns and duration may vary from time to time.
Not Specified