Responsible to ensure accurate and rapid response to security events
- Analyze security logs, SIEM alerts, and incident reports to identify and mitigate risks.
- Respond to and investigate security incidents, including breaches, malware outbreaks, and
phishing attacks. Monitor networks and systems for security breaches, alerts, and anomalous
activity.
- Conduct root-cause analysis to prevent future incidents and develop incident response
procedures.
- Provide analysis and trending of security log data from various security devices
- Configure and maintain SIEM tools to align with the organization’s security objectives and
threat landscape.
- Create custom SIEM dashboards and reports for different stakeholders to visualize critical
security metrics and incident data.
- Develop and optimize SIEM content, including rules, alerts, and correlation logic, to improve
threat detection and response.
- Advise and consult internal/ external customers on risk assessment, threat modelling and
vulnerability management. Perform risk assessments and recommend security measures to mitigate potential risks.
- Document risks, vulnerabilities, and remediation strategies in a detailed risk management
report.
- Maintain up-to-date knowledge of the IT security industry, including awareness of new or
revised security solutions, improved security processes and development of new attacks and
threat vectors
- Manage and optimize security tools, such as firewalls, antivirus software, and intrusion
detection/prevention systems (IDPS).
- Perform 1st level troubleshooting on servers and network issues with regards to log
collection/ security tools
- Generate reports on security metrics, incidents, and remediation efforts for management.
- Maintain accurate documentation of incidents, security changes, and system configurations.
- Any other ad-hoc duties as required or assigned.
Strong knowledge of cybersecurity principles, practices, and technologies.
- Expertise in SIEM tools and content management, including rule creation, alert tuning, and
report customization.
- Proficiency with security tools like firewalls, IDPS, antivirus, and vulnerability scanners.
- Knowledge of scripting (Python, PowerShell) for automation within the SIEM environment is a
plus.
- Ability to analyze and interpret security data to identify vulnerabilities and potential threats.
- Excellent communication skills, with the ability to explain complex security concepts to non
technical stakeholders.
- Strong analytical skills and attention to detail.
- Ability to work on-call or off-hours as needed to respond to security incidents.
- May require occasional travel for training or workshop.
- Bachelor Degree or Advanced Diploma in Computer Science, Information Technology,
Cybersecurity from a recognized university or related field (or equivalent experience)
- At least 1-3 years in a cybersecurity role, with hands-on experience in SIEM content
management, network security, threat monitoring, or incident response.
- Experience in the application of threat modelling or other risk identification techniques
- Detailed knowledge of system security vulnerabilities and remediation techniques, including
penetration testing and the development of exploits
- Breadth of knowledge in information security space with emphasis on TCP/IP network
security, operating system security, common attack patterns and exploitation techniques
- Relevant certifications (e.g., CompTIA Security+, Certified Information Systems Security
Professional (CISSP), Certified Ethical Hacker (CEH), GIAC Security Essentials (GSEC)) are a
plus
- Effective leadership skills and a team player
- Strong sense of ownership and drive