Cyber Security Analyst

**The Role**

We are looking for a SOC Analyst to become part of our rapidly expanding team protecting our clients from cyber security threats. This is primarily a blue team role with additional exposure and involvement to penetration testing techniques and tools in order to validate security exposures detected by our attack surface management platform.

Our philosophy is that solid defence requires intimate knowledge of offensive tactics, with our managed security service designed to ensure our analysts are across the latest attack techniques. This approach, combined with our cloud security expertise allows us to provide our clients with the highest level of protection for their digital assets.

You will get the opportunity to work with government, start-up and enterprise clients as part of a passionate and experienced security team; You will also be provided with training and support for Offensive Security Certified Professional (OSCP) certification if that is not yet held.

**Your Responsibilities**

We monitor our client’s systems both internally and externally to ensure we provide proactive response to potential security issues and detect any threats that have breached security controls.

A best of breed cloud-based SIEM is used to ingest and analyse events from client environments, in which we use our cloud security knowledge in conjunction with the MITRE ATT&CK® Cloud Matrix to detect attacks from highly skilled adversaries. In this roll you will respond to alerts within our established SLAs and investigate complex attack chains to ensure breaches are rapidly discovered and contained.

Our attack surface management service includes hourly reconnaissance and exposure testing across our client internet attack surface. Using penetration testing techniques, you will also review new endpoints discovered by our platform and validate any security exposures as soon as they are detected.

Your average day will include the following activities:
**Investigation and response to client SIEM alerts**
- Ownership through to resolution of managed SIEM alerts
- Liaison with clients to provide updates on investigation status
- Incident closure once appropriate action has been taken
- Tuning of client SIEM rules to reduce false positive rate

**Monitoring of client digital attack surface exposures**
- Ownership through to resolution of customer impacting exposures
- Liaison with clients to provide updates on exposure status
- Escalation to senior resources for complex exposures
- Closure of exposures once appropriate action has been taken
- Review of new assets discovered by the attack surface management platform

**Client report writing**
- Issuing of periodic cyber security reports for managed service clients

**Managed security service projects**
- Onboarding of new clients to managed services platforms
- Integration of new log sources for existing managed SIEM clients
- Development of managed incident response playbooks
- Other cyber security project work as required

**Your Experience**

3+ years’ experience as a SOC analyst, Penetration Tester, or relevant field

**Your Skills**

The following technical skills are required to fulfil the responsibilities of the role:

- Understanding of common internet protocols (e.g. TCP/IP, DNS, HTTP, TLS)
- Ability to analyse intercepted HTTP requests and identify basic security issues
- Familiarity with public cloud environments (e.g. AWS, Azure and GCP)
- Familiarity and demonstrated understanding of the Cyber Kill Chain and/or MITRE ATT&CK Framework
- Understanding and experience working with SIEM and Vulnerability management tools
- Proficiency with common penetration testing tools (e.g. Burp Suite, Kali Linux, Metasploit)
- Strong understanding of Windows, UNIX, and Linux Operating Systems
- Formal training and certification in an IT security related area, OSCP, SANS, CompTIA is desired but not essential

The role requires strong written communication skills for reporting on test findings and liaising with clients on validated exposures. The ability to manage time effectively is essential as testing engagements are typically delivered within a set timeframe and our CST service provides service level agreements for validating detected security exposures. The most important requirement however is a passion for learning about how systems are compromised, and security exploits are developed.

**Job Types**: Full-time, Permanent

Ability to commute/relocate:

- Johannesburg, Gauteng: Reliably commute or planning to relocate before starting work (required)

**Experience**:

- Security Analyst: 3 years (required)

**Language**:

- English (required)

Shift availability:

- Day Shift (required)
- Night Shift (required)