L2 Security Incident Case Manager

**ROLE PURPOSE**
As part of the Customer-facing SOC team, the L2 Security Incident Case Manager will identify, analyse and react to security incidents, events and threats using a reliable set of operating processes and SIEM technologies such as Azure Sentinel, or QRadar, or ArcSight.

The L2 Security Incident Case Manager will be responsible for monitoring enterprise networks and systems, detecting events and reporting on any and all threats that are directed against those systems regardless of their classification level or type. The L2 Security Incident Manager is expected to collaborate with leadership to develop metrics based on situational awareness and threat monitoring at an enterprise level that will be reported based on the approved plan and supporting checklists. The L2 Security Incident Managermust be able to rapidly address security incidents alerted primarily by an industry recognised Security Information and Events Management [SIEM].

He/She should ideally have advanced security incident handling analysis experience in an established SOC environment where ArcSight, or Azure Sentinel, or QRadar was the SIEM platform.

**ROLE REQUIREMENT**
- Is familiar with the tactical and long-term vision across the Cyber Security function.
- Team lead on Security Incident Analysis and Handling within the SOC function.
- Adheres to the standard operating procedure and playbooks in the SOC.
- Direct impact on the SOC performance.
- Impacts on team’s operational process efficiency on security incident management in the SOC Service.
- Provides security security incident management to SOC Teams.
- Gives regular, comprehensive and constructive feedback, and coaching and mentoring to team and conducts their performance appraisals.
- Delegates work to team members taking into account their capacity, level of skill and exposure to different types of work and complexity; provides clear instructions and direction, with reasonable deadlines.
- Being the point of contact to drive all cyber incidents managed by the Nexio Cyber Defense Team
- Creates incident reports
- Tracks cases
- Keeps cases and incidents status up to date through regular updates
- Participates in the incident management process from investigation to resolution
- Maintain daily communication with the SOC Analyst team
- Tracks tickets, severity, and assists to drive incidents to a conclusion based on SLAs and criticality level
- Coordinate the activities of analysts and parties external to the Cyber Defense Team involved incident response
- Provides input into improvements of incident playbooks
- Prepares weekly incident status report

Additional Information:

- Individuals at this level have fully developed knowledge of best practices in security incident management in an established SOC.
- Able to build strong interpersonal relationships with the SOC team and customer stakeholders.
- Excellent verbal and written communication skills.
- Able to align multiple strategies and ideas.
- Confident in producing and presenting work.
- In-depth understanding of best security incident management practices in an established SOC.

**TECHNICAL / PROFESSIONAL COMPETENCIES**
- Adhere to operational processes in the NIST CSF and MITRE ATT&CK framework
- Adhere to the technical methods in the playbooks.
- Prior experience to advise, plan, deploy, configure, manage and monitor large scale and complex cyber defence and IT risk management and information or cybersecurity solutions.
- Prior experience in security incident management.
- Proficiency in preparation of reports, dashboards, and documentation.
- In-depth knowledge of security concepts such as cyber-attacks and techniques, Threat Vectors, Controls/Compliance, Risk Management and Incident Response.

**QUALIFICATIONS & EXPERIENCE**
- Grade 12
- Bachelor’s Degree in Computer Science or a related technical discipline, or the equivalent combination of education, technical certifications
- One or more these industry Cybersecurity Certifications: CISSP-ISSEP, CISSP-ISSAP, GIAC Certified Incident Handler (GCIH), Certified Computer Security Incident Handler (CSIH), CEH, OSCP, CompTiA
- Minimum of five (5) years of work experience, and two (2) years of relevant experience in and established SOC and information security/cybersecurity
- Experience with security incident management and optimising the dashboarding, reporting and visibility of the SOC SLA performance for Customer stakeholders.
- Experience with a ticketing system such as BMC Remedy.
- Strong analytical and organizational skills.
- Concise writing skills, excellent MS Word skills as well as other MS Office Applications.
- Experience with securing various environments preferred.
- Experience in working across security frameworks.
- Experience in working across security technologies.
- Possess very good knowledge of technological advances within the information security area
- Demonstrate in depth solution and service knowledge

**LEADERSHIP COMPETENCY REQUIRE