L2 Security Incident Manager

**ROLE PURPOSE**

As part of the Customer-facing Nexio SOC team, the L2 Security Incident Manager will identify, analyse and react to security incidents, events and threats using a reliable set of operating processes and SIEM technologies such as Azure Sentinel, or QRadar, or ArcSight.

The L2 Security Incident Manager will be responsible for monitoring enterprise networks and systems, detecting events and reporting on all threats that are directed against those systems regardless of their classification level or type. The L2 Security Incident Manageris is expected to collaborate with leadership to develop metrics based on situational awareness and threat monitoring at an enterprise level that will be reported based on the approved plan and supporting checklists. The L2 Security Incident Manager must be able to rapidly address security incidents alerted primarily by an industry recognised Security Information and Events Management [SIEM].

He/She should ideally have advanced security incident handling analysis experience in an established SOC environment where ArcSight, or Azure Sentinel, or QRadar was the SIEM platform.

**ROLE REQUIREMENT**
- Is familiar with the tactical and long-term vision across the Cyber Security function.
- Team lead on Security Incident Analysis and Handling within the SOC function.
- Adheres to the standard operating procedure and playbooks in the SOC.
- Direct impact on the SOC performance.
- Being the point of contact to drive all cyber incidents managed by the Nexio Cyber Defense Team
- Creates incident reports
- Tracks cases
- Keeps cases and incidents status up to date through regular updates
- Participates in the incident management process from investigation to resolution
- Maintain daily communication with the SOC Analyst team
- Tracks tickets, severity, and assists to drive incidents to a conclusion based on SLAs and criticality level
- Coordinate the activities of analysts and parties external to the Cyber Defense Team involved incident response
- Prepares weekly incident status report

Additional Information:

- Individuals at this level have fully developed knowledge of best practices in security incident management in an established SOC.
- Able to build strong interpersonal relationships with the SOC team and customer stakeholders.
- Excellent verbal and written communication skills.
- Able to align multiple strategies and ideas.
- Confident in producing and presenting work.
- In-depth understanding of best security incident management practices in an established SOC.

**QUALIFICATIONS & EXPERIENCE**
- Grade 12
- Bachelor’s Degree in Computer Science or a related technical discipline, or the equivalent combination of education, technical certifications
- One or more these industry Cybersecurity Certifications: CISSP-ISSEP, CISSP-ISSAP, GIAC Certified Incident Handler (GCIH), Certified Computer Security Incident Handler (CSIH), CEH, OSCP, CompTiA
- Minimum of five (5) years of work experience, and two (2) years of relevant experience in and established SOC and information security/cybersecurity
- Experience with security incident management and optimising the dashboarding, reporting and visibility of the SOC SLA performance for Customer stakeholders.
- Experience with a ticketing system such as BMC Remedy.
- Strong analytical and organizational skills.
- Concise writing skills, excellent MS Word skills as well as other MS Office Applications.
- Experience with securing various environments preferred.
- Experience in working across security frameworks.
- Experience in working across security technologies.
- Possess very good knowledge of technological advances within the information security area
- Demonstrate in depth solution and service knowledge

**LEADERSHIP COMPETENCY REQUIREMENTS**
- Responsive to reasonable customer, supplier, peer, and line management requests
- Proactive, innovative and reliable
- Put the customer first
- Do things right first time
- Positively contribute to this high-performance team
- Go the extra mile in the best interest of the company
- Develop positive and productive relationships with peers and customers
- Demonstrate emotional intelligence, and act with integrity
- Has demonstrated the ability to work well with others, high performance team work ethic
- Excellent communicator and collaborator
- Willingness to learn range of security technologies and platforms
- Positive attitude
- Delivering results and meeting customer expectations
- Following business-relevant instructions and procedures
- Learning and researching in various areas in cybersecurity

**Application Submission Details**:

- **Updated CV**:

- ** Short motivation Letter**:

- ** Supporting qualifications/certifications if any