Senior Specialist: Cybersecurity Infrastructure

**ROLE PURPOSE**

As part of the Customer-facing Nexio SOC team, the Senior Specialist: Cybersecurity Infrastructure Support will identify, analyze and react to security incidents, events, and threats using a reliable set of operating processes and SIEM technologies such as Azure Sentinel, or QRadar, or ArcSight. The Senior Specialist: Cybersecurity Infrastructure Support will support the architecture, deployment, management, and maintenance of these SIEM platforms. The Senior Specialist also oversees the extensive work with Security Information and Event Management (SIEM) platforms, ensuring their stability and efficient operation.

**ROLE REQUIREMENT**
- Is familiar with the tactical and long-term vision across the Security function.
- Sets technical platform architectural direction.
- Adheres to the standard operating procedure and playbooks in the SOC
- Direct impact on the SOC performance.
- Impacts on customer satisfaction and confidence in the SOC Service and service level performance.
- Provides Cybersecurity Infrastructure leadership to customers and SOC Team.
- Provides technical guidance and coaching to SOC Teams.
- Gives regular, comprehensive, and constructive feedback to the team.
- Proactively seeks feedback from team members and deals constructively with any criticism.
- Adjusts management style to get the best from the individuals within the team.
- Delegates work to team members taking into account their capacity, level of skill, and exposure to different types of work and complexity; provides clear instructions and direction, with reasonable deadlines.
- SIEM Management: Monitor the environmental stability of the SIEM platform(s), manage the health of log collection methods, facilitate SIEM change requests, and manage the scheduled SIEM platform upgrades.
- SIEM Architecture Support: Support SIEM architecture changes, tool deployments, and advanced content development. Deploy SIEM hardware and software installations, both on-premise and cloud, and perform system patching and upgrades.
- SIEM Configuration: Responsible for configuration, implementation, testing, and performance enhancements for SIEM technologies, with a preference for ArcSight appliances, Azure Sentinel, or QRadar.
- Documentation: Build and maintain operational documentation to support the SIEM platform(s), write and maintain process documentation, and create, maintain, and implement detailed documentation and standard operating procedures.
- Incident Response: Assist in the response to cybersecurity incidents, providing technical expertise and support.
- Policy Enforcement: Ensure that all systems and networks comply with applicable cybersecurity policies

and standards.
- Support: Provide support on a weekday business hours schedule, also responsible for on-call, extended hour, and weekend support as required by mission or emergency situations.
- Be able to work in a rapid-paced security operations environment.
- Work with systems engineers, enterprise architects, systems administrators and other technical staff on the implementation, testing, deployment and integration of computing systems.
- Interact with users and evaluate vendor products.
- Create, maintain, and implement detailed documentation and maintain standard operating procedures.
- Application of security settings and other commercial best practices such as SIEM Analysis services.
- Application of open source and commercial threat intelligence feeds into the SIEM.

Additional Information:

- Individuals at this level have fully developed knowledge of the business, marketplace and clients. Is recognized as an expert in own area within the organization
- Interprets internal or external business issues and recommends best practices. Provides technical guidance to more junior levels of staff
- Able to build strong interpersonal relationships with peers, brand leaders, and other senior management throughout the company
- Excellent verbal and written communication skills
- Able to align multiple strategies and ideas
- Confident in producing and presenting work
- In-depth understanding of the technologies and industry

**TECHNICAL / PROFESSIONAL COMPETENCIES**
- Adhere to operational processes in the MITRE ATT&CK framework.
- Adhere to the technical methods in SIEM platform.
- Responsible for configuration, implementation, testing, and performance enhancements for SIEM technologies with a preference for ArcSight appliances (loggers, smart connectors, forwarders, ArcMC, and ESM), or Azure Sentinel, or QRadar.
- Work with systems engineers, enterprise architects, systems administrators, and other technical staff on the implementation, testing, deployment, and integration of computing systems.
- Application of security settings and other commercial best practices such as SIEM Analysis services.
- Application of open source and commercial threat intelligence feeds into the SIEM.

**QUALIFICATIONS & EXPERIENCE**
- Grade 12
- Bachelor’s Degree in Computer Science or a