Senior Cyber Security Operations Analyst (L2) - Ecobank

Ecobank

  • Ghana
  • Permanent
  • Full-time
  • 20 days ago
Job PurposeThe Senior Cyber Security Operations Center Analyst L2 is a technical and supervisory role. He/She will be a knowledgeable, hands-on technical specialist, handling the escalation of complex and detailed technical work necessary to provide comprehensive SIEM monitoring, threat detection, and coordinating incident response within the Cyber Security Operations Center.The role also monitors the Ecobank group network for attacks and malware as well as actively and aggressively hunt for the evidence and indicators of compromise within the environments. The job targets monitoring for compliance violations and escalate to appropriate teams for immediate mitigations.JOB CONTEXTEcobank’s Senior Cyber Security Operations Center Analyst level 2 assistance to the front line(L1 Analysts) in carrying out response against cyber-attacks on a 24x7x365 basis. This includes operations, managed detection and response, threat hunting and data analysis, assisting with hunt reporting.The Senior SOC Analyst will work within a team to spot, track, and eradicate hackers and malware. This team monitors, analyses and responds to infrastructure threats and vulnerabilities on a 24x7 basis. Mentoring and training of fellow team members is expected as a means of information sharing and skill enhancement of the team. The continual enhancement and development of organizational processes and standards are also key components of this job role. This person will report to the Security Operations Center Manager.The role requires strong enterprise IT background including the analysis of data from numerous kinds of systems and architectures including cloud platforms as well as prioritizing and resolving incidents in accordance with SLAs.[ad]Key Responsibilities
  • Provide supervision to L1 analysts charged with threat monitoring and first level incident response and serve as an escalation resource and mentor for them.
  • Monitor and analyze all security incidents detected by the SIEM in attempted efforts to compromise security protocols. Identify and investigate activities and conduct and provide analyses regarding results.
  • Monitor the network for compliance violations on 24x7 basis
  • Develop and support strategic plans and projects to meet Global Security and SOC goals and objectives
  • Drive execution of daily, weekly, and monthly metrics for statistical threats and KPIs
  • Maintain an in-depth knowledge of common attack vectors, common security exploits, and countermeasures.
  • Maintain a solid working knowledge of Information Security principles and practices.
  • Provide recommendations for improvements to Security Policies, Procedures, and Architecture based on operational insights
  • Perform investigations and escalation for complex or high severity security threats or incidents
  • Support and facilitate the integration of security technologies as well as critical business application in to the SIEM with the approval of the Head of SOC
  • Perform SIEM Engineering activities and operate all data analysis platforms; collaborating with other security partners to develop and refine correlation rules, following approval from the Head of SOC
  • Perform health checks of SIEM Components and review SEIM logs to identify and report possible security issues.
  • Participate in knowledge sharing with other team members and industry collaboration organizations to advance the security monitoring program
  • Provide tier-2 support of security infrastructure including triage of problems from SIEM, endpoint antivirus, vulnerability management, Windows, Linux/UNIX systems etc.
  • Use a Service Desk ticketing system to track escalated issues
  • Effectively perform activities to track detection and response for clients, entailing hunting of varied data sources
  • Author and coordinate security status reports to provide system status, report potential and actual security violations and provide procedural recommendations
  • Report on threat and vulnerability data using risk-evaluation methodologies
  • Analyze, troubleshoot, and investigate security-related, information systems' anomalies based on security platform reporting, network traffic, logs, host-based and automated security alerts.
  • Perform internal and external vulnerability scans against the network infrastructure and connected devices to validate their security compliance in respect to standards.
JOB PROFILEExperience & Qualifications
  • Bachelor’s degree in computer science, Computer Engineering, Cyber Security, Forensics, Information Technology, or related field preferred. (A master’s degree in similar areas is a plus)
  • 5+ years of working experience in an information Technology and/or Cyber/ Information security environment
  • Minimum of 2-year experience working with systems monitoring. May include log monitoring, event management & compliance monitoring, vulnerability scanning tools, ITIL, ISO, etc.
  • Minimum of 1-year experience working with full packet capture products
  • Thorough understanding of fundamental security and network concepts (Operating systems, intrusion/detection, TCP/IP, ports, TCP/IP, HTTP, DNS, web application security, data loss prevention, mobile device management, etc.)
  • Knowledge of industry recognized analysis frameworks (Kill Chain, Diamond Model, MITRE ATT&CK, NIST Incident Response, etc.)
  • Analytical and problem-solving skills
  • Knowledge of Security Architecture & design concepts to include defense in depth
  • Understanding of the 6 phases of Incident Handling (Preparation, Identification, Containment, Mitigations, Remediation and Lessons Learned)
  • Experience with ticketing systems, to include workflow, escalation and resolution documentation
  • High level of personal integrity and the ability to handle confidential matters with proper judgment
  • Familiarity with Industry Standards (PCI-DSS, NIST 800-53, NIST 800-82, ISO 27001, etc.), Maturity Models and Security operations best practices.
  • Strong verbal & written communication skills as well as presentation skills to effectively communicate to various levels throughout the organization.
  • Previous experience working with network tools and technologies such as firewall (FW), proxies, IPS/IDS devices, full packet capture (FPC), email platforms, Access Control, Encryption, Data Loss Prevention, Multi-factor Authentication, Identity management platforms, Endpoint Security and Security Information and Event Management Tools
  • Experience and knowledge conducting cyber threat analysis originating from phishing emails
  • Required Security certifications: CISSP, CISM and/or CISA.
  • Additional Professional Security certifications are a plus. (GCIA, GCIH, CEH, CFCE, OSCP, SANS, CRISC, CEH, CHFI, etc.)
[ad2]Skills, Capabilities & Direct Attributes
  • Strong interpersonal skills, including strong verbal, written communication skills and excellent listening skills are required.
  • Must have a good attention to detail skills and a capacity to interact, escalate to and influence senior managers and customers
  • Must have enterprise IT experience and a good working knowledge of the use of productivity tools
  • Good knowledge in systems architecture
  • Demonstrated ability to quickly understand complex systems
  • Ability to work on many tasks simultaneously in a high-pressure environment

JobSearch Ghana