L3 Incident Analyst

Overview

The L3 Incident Analyst will be responsible for monitoring enterprise networks and systems, detecting events and reporting on any and all threats that are directed against those systems regardless of their classification level or type. The Incident Response Analyst is expected to collaborate with leadership to develop metrics based on situational awareness and threat monitoring at an enterprise level that will be reported based on the approved plan and supporting checklists.

The L3 Incident Analyst must be able to rapidly address security incidents alerted primarily by an industry recognised Security Information and Events Management [SIEM].

• Provides support for complex computer network exploitation and defence techniques to include deterring, identifying and investigating computer and network intrusions.
• Provide high incident response and remediation support.
• Performing comprehensive computer surveillance/monitoring and identifying vulnerabilities.
• Developing secure network designs and protection strategies and audits of information security infrastructure.
• Provides technical support for continuous monitoring, computer exploitation and reconnaissance, target mapping and profiling and network decoy and deception operations in support of computer intrusion defence operations.
• Researches and maintains proficiency in open and closed source computer exploitation tools, attack techniques, procedures and trends.
• Performs research into emerging threat sources and develops threat profiles.
• Provides technical support for a comprehensive risk management program identifying mission critical processes and systems, current and projected threats and system vulnerabilities.
• Facilitate Red Team / Blue Team exercises and identify gaps in current monitoring tools and processes.
• Represent Incident Response Team in high severity incident war rooms.
• Develop playbooks for various incident scenarios and have a knowledge of automation processes and products.
• Mentor junior analysts to become more effective at their jobs.

• Bachelor’s Degree in Computer Science or a related technical discipline, or the equivalent combination of education, technical certifications.
• One or more of these industry Cybersecurity
  
  Certifications:
  
  CISM, CISA, CISSP-ISSEP, CISSP-ISSAP, Certified Computer Security Incident Handler (CSIH), CEH, OSCP, CompTIA Security Plus.
• Strong analytical and organizational skills.
• Concise writing skills, excellent MS Word skills as well as other MS Office Applications.
• Experience with securing various environments preferred.
• Experience in working across security technologies.
• Managed security services experience across complex architectures.
• In depth understanding of the role of incident analysis tools.
• In depth understanding of various types of log analysis.

• Prior experience to advise, plan, deploy, configure, manage and monitor large scale and complex cyber defence and IT risk management and information or cybersecurity solutions. Experience Required
• Proven track record of effectively delivering MSS for the stated security solutions at customers
• Two years’ experience in large scale Security operations using cyber security products.
• Three (3) years of relevant experience in incident analysis in a Security Operations Center [SOC]
• Evidence of capability to optimise the stated security solution deployments at customers
• Ability to work independently and as part of teams
• Experience in responding to day-to-day cloud and data requests at customers will be key to our decision
• Record of relationship building, proven by provided client references