Junior Security Specialist – SOC & SIEM

The Security Specialist researches, develops, implements, test and review an organization’s information security in order to protect information and prevent unauthorized access. Systems are protected by defining Incident Response and architecture to integrate detection into Letshego Information Systems

1.Protects the company from unauthorised access to information and breaches by analysing vulnerabilities and threats with the view to implement and administer controls such as SIEM, AI-based detection systems, Rating systems, Threat Intelligence and Internet monitoring systems. 
2.Responsible to do triage when security incidents are found and to log calls at right priority and to manage all logged calls until engineers or other security team members close the tickets.
3.Responsible to ensure that users access to systems are configured based on approval processes.
4.Ensuring that Forensics team gets involved when there are breaches and that evidence does not get tainted before Forensics team gets the opportunity to collect the data.
5.Running preconfigured scans to find vulnerabilities & weakness and logging prioritized calls to clear these issues Calls must be managed – followed up to ensure that they are closed. Various systems are used to find vulnerabilities and compliance issues that will be used.
6.Assist to ensure that certificate are renewed before expiry and that calls are logged to ensure that the new certs and keys are installed. Test to ensure that certs are working and set up in secure fashion.
7.Intelligence checking all systems, prioritising AI-based system, ensuring that:
7.1.The only hardware that should be on the Letshego network prioritising there and that the hardware is in the correct security zone(s) based on sensitivity and criticality of data.
7.2.Only approved software communicate on Letshego hardware and that no BOYD and guest devices have malicious software communicating via the Letshego network especially not towards areas that require higher levels of security
7.3.That all software operating in the Letshego environment is the most secure version (without impacting business)
7.4.That all systems are configured to the highest security level while allowing those that need to use it simple access
7.5.That access rights especially privilege access rights do not get abused
7.6.That there are no Malware or Spam outbreaks
7.7.That PII, IP and other sensitive data does not flow anywhere unless it supports business
7.8.That hacking attempts are found early and controlled
7.9.That systems remain available to support the business by monitoring for congestion, space and other capacity issues
7.10.That data remains integral at all times
7.11.That processes that support the business that requires network or Internet access remain available & secure, e.g. Communications like VoIP, video conferencing systems, power systems, access control, network-based training & marketing systems, and airconditioning.
7.12.Pickup when flows that should be encrypted are not and locate encrypted flows that do not belong on the network
8.Monitors Endpoint protection systems to ensure that they remain active on all workstations and that any outbreaks are identified and urgently repaired.
9.Works with Internal Audit team and peers in the department to ensure those audit findings are managed to closure.
10.Must know DR procedures and will have a prime communicatiosn role during disasters.
11.Continuously make all staff in radar more aware of their responsibility in making the organisation more secure. Attention should be focused primarily on staff whose duties gives them privileged access or whose functions can make or break security and privacy;
12.Assist to document security systems technically and administratively

Qualifications: 

•Bachelor’s Degree in Computer Science or Diploma in Information Systems with five years of Information Security experience in a Security Engineering role.
•As many Security Industry related Certifications as possible, e.g. CISSP, CISA, CASP+, CEH, OSCP, any GIAC qualifications, any SANS qualifications and specifically SOC Analyst and Incident handling qualifications.
•Product Specific Qualifications like Cisco Security Certs, CCSA/E, F5-CA/CTS/CSE, Fortinet NSE4-8 but some specifically in SIEM, Logging and Network Management and Security Operations Solutions. 
•SOC analytical qualification 
•Proof of continuous learning.

Background/Experience:
Technical: 
•Some SOC experience advantageous
•Engineering experience in Security and SOC product specifically advantageous
•Ticket / Call management experience 
•Technical writing experience advantageous
•Sound IT Security systems concepts and principles 
•Some understanding of Security Operations Centres or Network Operations Centres and management of Incidents

Analytical: 
•Analytical and conceptual knowledge
•Vulnerability Analysis
•Threat Analysis
•Incident Response Analysis & handling
•Testing, verification and validation techniques 
•Administrative and reporting abilities 

Business: 
•Business writing 
Coaching: 
•Confidentiality, ethical behaviour, privacy & integrity
•Policies, procedures, standards and guidelines

Communication: 
•Tactful
•Ability to formulate concepts 
•Communication of technical information to a non-technical audience 
•Communication of business information to a technical audience