Senior-Security-Specialist_SOC

The Security Specialist researches, develops, implements, test and review an organization’s information security in order to protect information and prevent unauthorized access. Systems are protected by defining Incident Response and architecture to integrate detection into Letshego Information Systems.

1.Protects the company from unauthorised access to information and breaches by analysing vulnerabilities and threats with the view to implement and administer controls such as SIEM, AI-based detection systems, Rating systems, Threat Intelligence and Internet monitoring systems. 
2.Minimise the company’s attack surface by continuously improving modelling of logs and event rule sets to detect all critical events for correlation to locate incidents and to prioritise the Incidence handling:
2.1.Monitor the entire Letshego environment for vulnerabilities, configuration weakness, security control gaps, threats and breaches and drive remediation action,
2.2.Monitor the entire Letshego network for outages and critical alerts. Network monitoring is critical to ensure the availability of data,
2.3.Creation and support of systems to ensure that all incidents are cleared,
2.4.Do Pro-active planning based on threats found to minimise risk against similar future attacks,
2.5.Raise And maintain Letshego Security Maturity at Threat hunting level,
2.6.Pro-actively align security to current attack vectors,
2.7.Implement Internet monitoring for damage control and pro-active planning purposes.
3.Incident Response planning and maintenance. Assistance with Incident responses.
4.Work closely with the Forensics team to protect evidence while assisting in ensuring fast isolation of breached systems to lateral movement and further damage.
5.Intelligence checking all systems, prioritising AI-based system, ensuring that:
5.1.The only hardware that should be on the Letshego network prioritising there and that the hardware is in the correct security zone(s) based on sensitivity and criticality of data.
5.2.Only approved software communicate on Letshego hardware and that no BOYD and guest devices have malicious software communicating via the Letshego network especially not towards areas that require higher levels of security
5.3.That all software operating in the Letshego environment is the most secure version (without impacting business)
5.4.That all systems are configured to the highest security level while allowing those that need to use it simple access
5.5.That access rights especially privilege access rights do not get abused
5.6.That there are no Malware or Spam outbreaks
5.7.That PII, IP and other sensitive data does not flow anywhere unless it supports business
5.8.That hacking attempts are found early and controlled
5.9.That systems remain available to support the business by monitoring for congestion, space and other capacity issues
5.10.That data remains integral at all times
5.11.That processes that support the business that requires network or Internet access remain available & secure, e.g. Communications like VoIP, video conferencing systems, power systems, access control, network-based training & marketing systems, and airconditioning.
5.12.Pickup when flows that should be encrypted are not and locate encrypted flows that do not belong on the network
6.Security Monitoring Architecture and Integration to be aligned with Letshego chosen architecture frameworks to support policy and business:
6.1.Proper architecture documentation must be maintained for the overall network (High level) and each solution,
6.2.Solutions must be aligned to fit seamlessly into Network Security Architecture, and exceptions and risks should be raised appropriately.
7.Minimises the company’s attack surface by enhancing Endpoint protection using the appropriate technology for optimum protection:
7.1.Use a combination of protective and Detective solutions to ensure security when systems are on the Letshego LAN and when they are Out of the Office. 
7.2.Ensure patching and upgrades of all software as per Letshego Standards
7.3.Vulnerability Management and System Hardening:
7.4.Vulnerability Management to ensure that Vulnerabilities are prioritised and managed within reasonable timeframes and that controls are implemented where residual risk remains high;
7.5.Report Assets and vulnerabilities whenever required by the business using banks chosen metrics;
8.Deals with Supply chain and Supply chain research and makes recommendations to ensure that third party processes and policy (or lack there off) do not expose Letshego Sensitive data, and that chosen provider has capacity and capability to provide in Letshego Support needs.
9.Work with project teams to ensure that all projects produce results that can be monitored from an availability, confidentiality and Integrity perspective and that part of the project ensures integration into monitoring systems.
10.Works with Internal Audit team and peers in the department to ensure those audit findings are managed to closure.
11.Researches, recommend and review new IT security systems and solutions to ensure the Bank uses modern solutions to address exposure to fast-changing global security risks and make recommendations to IT Management for medium to long term planning;
12.Identifies opportunities for improving business processes through information systems and non-system driver changes; assists in the preparation of proposals to develop new systems or operational changes; 
13.Assist to create and implement security-related disaster recovery plans by conducting disaster recovery planning and testing on controls within the scope of the role, in case of a disruption to business operations ensuring that at least the same level of security exists during disasters and their aftermath and where not possible that business is aware of the risk and its potential impact;
14.Continuously make all staff in radar more aware of their responsibility in making the organisation more secure. Attention should be focused primarily on staff whose duties gives them privileged access or whose functions can make or break security and privacy;
15.Documents security systems technically and administratively;

Qualifications: 

•Bachelor’s Degree in Computer Science or Diploma in Information Systems with five years of Information Security experience in a Security Engineering role.
•As many Security Industry related Certifications as possible, e.g. CISSP, CISA, CASP+, CEH, OSCP, any GIAC qualifications, any SANS qualifications and specifically SOC Analyst and Incident handling qualifications.
•Product Specific Qualifications like Cisco Security Certs, CCSA/E, F5-CA/CTS/CSE, Fortinet NSE4-8 but some specifically in SIEM, Logging and Network Management and Security Operations Solutions. 
•Proof of continuous learning.

Background/Experience:
Technical: 
•Understanding and knowledge of control frameworks ISO 27002 and CIS 
•Information Security Engineering Experience
•Information Security Architecting Experience
•Substantial Technical experience in the following areas a must:
oSIEM & AI detective network-based tools
oGood understanding of the working of all technical security controls with an in-depth understanding of how different systems logs information and how to normalise collect and information to be able to correlate events and locate incidents
oIn-depth understanding of all protocols and especially SNMP, SYSLOG and how to inspected encrypted protocols
oVulnerability Management including S/W & H/W Asset control
•Secure Administrative Experience on mentioned security tools 
•Technical writing including the creation of policies, standards, procedures & guidelines
•IT Security Audit fundamentals
•Sound IT Security systems concepts and principles 
•Complex modelling techniques 
•In-depth understanding of Security Operations Centres and management of Incidents

Analytical: 
•Analytical and conceptual expertise
•Vulnerability Analysis
•Threat Analysis
•Incident Response Analysis & handling
•Forensic analysis
•Planning, documentation, analysis and business requirements management techniques 
•Object-oriented analysis 
•Evaluation of profitability/risk 
•Testing, verification and validation techniques 
•Creation of the Business Requirements Document
•Administrative and reporting abilities 

Business: 
•Knowledge of business processes within the context of Financial Services
•Improvement of business and engineering processes 
•Strategic planning 
•Case development
•Business writing 
Coaching: 
•Vulnerability Management
•Digital Leakage & Prevention
•Identity & Access Management 
•Confidentiality, ethical behaviour, privacy & integrity
•Policies, procedures, standards and guidelines

Communication: 
•Ability to formulate concepts 
•Communication of technical information to a non-technical audience 
•Communication of business information to a technical audience 
•Negotiation Skills 
•Tactful