L3 Security Incident Handling Analyst

**ROLE PURPOSE**
As part of the Customer-facing Nexio SOC team, the L3 Security Incident Handling Analyst will be responsible for monitoring enterprise networks and systems, detecting events and reporting on any and all threats that are directed against those systems regardless of their classification level or type. The L3 Security Incident Handling Analyst is expected to collaborate with leadership to develop metrics based on situational awareness and threat monitoring at an enterprise level that will be reported based on the approved plan and supporting checklists. The L3 Security Incident Handling Analyst must be able to rapidly address security incidents alerted primarily by an industry recognised Security Information and Events Management [SIEM].

He/She should ideally have advanced security incident handling analysis experience in an established SOC environment where ArcSight, or Azure Sentinel, or QRadar was the SIEM platform.

**ROLE REQUIREMENTS**
- Is familiar with the tactical and long-term vision across the Cyber Security function.
- Team lead on Security Incident Analysis and Handling within the SOC function.
- Adheres to the standard operating procedure and playbooks in the SOC.
- Direct impact on the SOC performance.
- Impacts on team’s runbooks and operational processes in the SOC Service.
- Provides security incident handling and technical guidance to SOC Teams.
- Gives regular, comprehensive and constructive feedback, and coaching and mentoring to team.
- Delegates work to team members taking into account their capacity, level of skill and exposure to different types of work and complexity; provides clear instructions and direction, with reasonable deadlines.
- Provides support for complex computer network exploitation and defence techniques to include deterring, identifying and investigating computer and network intrusions
- Provides incident response and remediation support; performing comprehensive computer surveillance/monitoring, identifying vulnerabilities; developing secure network designs and protection strategies, and audits of information security infrastructure.
- Provides technical support for continuous monitoring, computer exploitation and reconnaissance; target mapping and profiling; and, network decoy and deception operations in support of computer intrusion defence operations.
- Provides technical support for forensics services to include evidence seizure, computer forensic analysis and data recovery, in support of computer crime investigation.
- Researches and maintains proficiency in open and closed source computer exploitation tools, attack techniques, procedures and trends. Performs research into emerging threat sources and develops threat profiles.
- Provides technical support for a comprehensive risk management program identifying mission critical processes and systems; current and projected threats; and system vulnerabilities.
- Lead Red Team / Blue Team exercises and identify gaps in current monitoring tools and processes.
- Develops playbooks for various incident scenarios and have a knowledge of automation processes and products.
- Mentors Junior Analysts to become more effective in their roles.
- Application of security settings and other commercial best practices such as SIEM Analysis operations.
- Incident analysis from ingested source systems combined with threat intelligence feeds into the SIEM from open source and commercial feeds.

Additional Information:

- Individuals at this level have fully developed knowledge of best practices in security incident handling in an established SOC.
- Able to build strong interpersonal relationships with the SOC team and customer stakeholders.
- Excellent verbal and written communication skills.
- Able to align multiple strategies and ideas.
- Confident in producing and presenting work.
- In-depth understanding of best security incident analysis and incident handling practices in an established SOC.

**QUALIFICATIONS & EXPERIENCE**
- Grade 12
- Bachelor’s Degree in Computer Science or a related technical discipline, or the equivalent combination of education, technical certifications
- One or more these industry Cybersecurity Certifications: CISSP-ISSEP, CISSP-ISSAP, GIAC Certified Incident Handler (GCIH), Certified Computer Security Incident Handler (CSIH), CEH, OSCP, CompTiA
- Minimum of five (5) years of work experience, and two (2) years of relevant experience in and established SOC and information security/cybersecurity
- Experience with defining SOC playbooks.
- Experience with a ticketing system such as BMC Remedy.
- Basic Linux and Windows Server experience.
- Experience working with virtual environments.
- Strong analytical and organizational skills.
- Concise writing skills, excellent MS Word skills as well as other MS Office Applications.
- Experience with securing various environments preferred.
- Experience in working across security frameworks.
- Experience in working across security technologies.
- Poss