Cyber Security Analyst

Summary

Join Cyberlogic as a Senior Cyber Security Analyst and play a pivotal role in advancing the security objectives of our clients and organization. You will be responsible for developing, implementing, and maintaining technical security solutions, processes, and controls. As a key member of the Security team, you will lead efforts to strengthen clients' defenses against cyber threats. This remote position (Johannesburg/Cape Town) requires expertise in security protocols, incident response, and tool management. You will also mentor junior team members and contribute to SOC strategy development. The role demands strong technical skills and relevant certifications.

Requirements

• 2-3 years of experience
• National Certificate or equivalent
• Darktrace - Threat Visualizer Part 1 - Familiarization
• Darktrace - Threat Visualizer Part 2 - Investigation
• Darktrace - Cyber Analyst Part 1 & Part 2
• Darktrace/ Email Part 1 - Familiarization
• Darktrace/ Email Part 2 – Customization
• Qualys - Vulnerability Management Self-Paced Training
• Qualys - Patch Management Self-Paced Training
• Qualys - Web Application Scanning Self-Paced Training
• Qualys - Cloud Agent Self-Paced Training
• Qualys - Qualys API Fundamental Self-Paced Training
• Qualys - Qualys Query Language Training
• SC-200
• SC-100
• CySa+
• CASP+
• Ethical hacking related certification
• AZ-500

Responsibilities

• Assess and address complex security issues
• Lead the implementation of security protocols and tools following established procedures
• Identifying and resolving security gaps through technical analysis of systems and procedures
• Conduct security audits and evaluate current security measures for improvement
• Provide support to team heads and leads in developing and maintaining security documentation, procedures, and standards, including CoCs and SOPs
• Oversee the monitoring of security alerts and events
• Action escalated tickets from technicians within SLA timeframes and provide support and guidance where needed to facilitate learning opportunity
• Collaborate with technicians to monitor incidents, offering assistance, training and guidance to junior team members
• Identify recurring patterns or trends in security events and conduct investigations to identify the root cause of the security incidents
• Lead incident response procedures to contain, mitigate, and resolve security incidents as required according to the SLA timeframe
• Participate in incident response exercises and simulations to test the effectiveness of response procedures and enhance readiness to handle security incidents
• Communicate escalation and incident response outcomes appropriately to team leader, clients and relevant stakeholders
• Implement strategies to minimise unnecessary alerts and noise within security queues
• Modify the security tools to reduce the occurrence of false positive alerts
• Drive SOC strategy by collaborating with the technical lead to develop Proof of Concepts for technologies offering enhanced value
• Deliver presentations to senior leaders of the group, outlining SOC strategies and recommendations
• Guide and support junior team members in the planning and the implementation of phishing campaigns on a quarterly basis to simulate cyber threats and assess clients' security awareness
• Analyse phishing campaign outcomes and promptly distribute statistical reports to clients, offering insights into the effectiveness of security awareness efforts
• Assisting in the development and delivery of security awareness programs
• Providing training to junior team member to improve team behaviour and work etiquette in customer interactions and feedback
• Respond to Tier 2 client inquiries and incidents via email within the specified SLA timeframe, providing timely updates and resolutions
• Manage escalations from junior team members and provide telephonic and email communication to clients according to SLA timeframe
• Oversee ongoing investigations into past incidents to uncover deeper insights and enhance understanding on previous incidents
• Lead ongoing market research to identify external trends for internal implementation
• Guide junior team members in implementing remediation measures to address identified security threats by following established procedures and guidelines
• Manage audits of client environments, guiding junior team members in data collection and vulnerability identification within client environments
• Create incident reports and communication finding with the clients as required
• Guide junior team members in resolving discrepancies or mismatches identified during audits
• Collaborate with team leaders to address shortcomings in audit results presentations
• Drive improvements in reporting aspects to provide more value to the clients
• Review documented guides compiled by interns and technicians as first point of review and then share with the Team Leaders to sign off
• Provide guidance and feedback to interns and technicians to improve documentation quality
• Stay up-to-date with industry trends and best practices to enhance technical expertise
• Engage in hands-on learning by shadowing senior Security members
• Attend CyberLearning sessions on a weekly basis
• Continuously upskill in the cyber security domain
• Participate in weekly compulsory standby on a rotating basis
• Serve as second of contact for client inquiries, including handlings tier two escalations
• Set up accounts for applications and solutions for clients
• Support and mentor junior team members in conducting investigations and utilising tools effectively
• Assign tasks to analysts and interns, delegating responsibilities accordingly
• Provide leadership and guidance to junior technicians and interns, fostering their professional development
• Participate in project initiatives, provide guidance to junior team members, and support in driving projects to successful completion
• Lead software upgrade initiatives, ensuring all upgrades are conducted efficiently and in compliance with security standards
• Oversee and execute security configuration changes, ensuring alignment with best practices and organisational policies
• Advise clients on advanced security measures required for devices
• Lead the creation of complex scripts for PowerShell, Bash, or Terminal to automate critical changes on devices
• Conduct comprehensive testing of scripts in sandboxes, evaluate their behaviour, and ensure they are safe for deployment while providing guidance to team members
• Lead in-depth research on vulnerabilities, assess their potential impact on the environment, and develop and recommend effective mitigation strategies to ensure robust security measures are in place

Preferred Qualifications

• CompTIA S+
• Malware Analysis Certification
• Forensic Certification
• Network Certifications: Network + and/or CCNA
• Python coding
• Exposure to SOAR and playbooks
• Advanced understanding of SOC tooling, such as Darktrace, MS Sentinel, Qualys, MS Defender, Sentinel 1 etc