The Security Specialist researches, develops, implements, test and review an organization\u2019s information security in order to protect information and prevent unauthorized access. Systems are protected by defining Incident Response and architecture to integrate detection into Letshego Information Systems.<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
Job Title: Senior- SOC Specialist<\/strong> Job Summary: <\/strong> Requirements:<\/strong> Background\/Experience:<\/strong> Analytical:<\/strong>
\nLocation:<\/strong> Gaborone, South East, Botswana
\nReference #:<\/strong> Senior- SOC Specialist
\nContract Type:<\/strong> Permanent
\nSalary:<\/strong> Market Related<\/p>\n
\nProtects the company from unauthorised access to information and breaches by analysing vulnerabilities and threats with the view to implement and administer controls such as SIEM, AI-based detection systems, Rating systems, Threat Intelligence and Internet monitoring systems.
\nMinimise the company\u2019s attack surface by continuously improving the modelling of logs and event rule sets to detect all critical events for correlation to locate incidents and to prioritise the Incidence handling:
\nMonitor the entire Letshego environment for vulnerabilities, configuration weakness, security control gaps, threats and breaches and drive remediation action,
\nMonitor the entire Letshego network for outages and critical alerts. Network monitoring is critical to ensure the availability of data,
\nCreation and support of systems to ensure that all incidents are cleared,
\nDo Pro-active planning based on threats found to minimise risk against similar future attacks,
\nRaise And maintain Letshego Security Maturity at Threat hunting level,
\nPro-actively align security to current attack vectors,
\nImplement Internet monitoring for damage control and proactive planning purposes.
\nIncident Response planning and maintenance. Assistance with Incident responses.
\nWork closely with the Forensics team to protect evidence while assisting in ensuring fast isolation of breached systems to lateral movement and further damage.
\nIntelligence checking all systems, prioritising AI-based system, ensuring that:
\nThe only hardware that should be on the Letshego network prioritising there and that the hardware is in the correct security zone(s) based on sensitivity and criticality of data.
\nOnly approved software communicate on Letshego hardware and that no BOYD and guest devices have malicious software communicating via the Letshego network especially not towards areas that require higher levels of security
\nThat all software operating in the Letshego environment is the most secure version (without impacting business)
\nThat all systems are configured to the highest security level while allowing those that need to use it simple access
\nThose access rights especially privilege access rights do not get abused
\nThat there are no Malware or Spam outbreaks
\nThat PII, IP and other sensitive data does not flow anywhere unless it supports business
\nThat hacking attempts are found early and controlled
\nThat systems remain available to support the business by monitoring for congestion, space and other capacity issues
\nThat data remains integral at all times
\nThat processes that support the business that requires network or Internet access remain available & secure, e.g. Communications like VoIP, video conferencing systems, power systems, access control, network-based training & marketing systems, and airconditioning.
\nPickup when flows that should be encrypted are not and locate encrypted flows that do not belong on the network
\nSecurity Monitoring Architecture and Integration to be aligned with Letshego chosen architecture frameworks to support policy and business:
\nProper architecture documentation must be maintained for the overall network (High level) and each solution,
\nSolutions must be aligned to fit seamlessly into Network Security Architecture, and exceptions and risks should be raised appropriately.
\nMinimises the company\u2019s attack surface by enhancing Endpoint protection using the appropriate technology for optimum protection:
\nUse a combination of protective and Detective solutions to ensure security when systems are on the Letshego LAN and when they are Out of the Office.
\nEnsure patching and upgrades of all software as per Letshego Standards
\nVulnerability Management and System Hardening:
\nVulnerability Management to ensure that Vulnerabilities are prioritised and managed within reasonable timeframes and that controls are implemented where residual risk remains high;
\nReport Assets and vulnerabilities whenever required by the business using banks chosen metrics;
\nDeals with Supply chain and Supply chain research and makes recommendations to ensure that third party processes and policy (or lack there off) do not expose Letshego Sensitive data, and that chosen provider has capacity and capability to provide in Letshego Support needs.
\nWork with project teams to ensure that all projects produce results that can be monitored from an availability, confidentiality and Integrity perspective and that part of the project ensures integration into monitoring systems.
\nWorks with Internal Audit team and peers in the department to ensure those audit findings are managed to closure.
\nResearches, recommend and review new IT security systems and solutions to ensure the Bank uses modern solutions to address exposure to fast-changing global security risks and make recommendations to IT Management for medium to long term planning;
\nIdentifies opportunities for improving business processes through information systems and non-system driver changes; assists in the preparation of proposals to develop new systems or operational changes;
\nAssist to create and implement security-related disaster recovery plans by conducting disaster recovery planning and testing on controls within the scope of the role, in case of a disruption to business operations ensuring that at least the same level of security exists during disasters and their aftermath and where not possible that business is aware of the risk and its potential impact;
\nContinuously make all staff in radar more aware of their responsibility in making the organisation more secure. Attention should be focused primarily on staff whose duties gives them privileged access or whose functions can make or break security and privacy;
\nDocuments security systems technically and administratively;<\/p>\n
\n\u2022Bachelor\u2019s Degree in Computer Science or Diploma in Information Systems with five years of Information Security experience in a Security
\nEngineering role.
\n\u2022As many Security Industry related Certifications as possible, e.g. CISSP, CISA, CASP+, CEH, OSCP, any GIAC qualifications, any SANS
\nqualifications and specifically SOC Analyst and Incident handling qualifications.
\n\u2022Product Specific Qualifications like Cisco Security Certs, CCSA\/E, F5-CA\/CTS\/CSE, Fortinet NSE4-8 but some specifically in SIEM, Logging
\nand Network Management and Security Operations Solutions.
\n\u2022Proof of continuous learning.<\/p>\n
\nTechnical:<\/strong>
\n\u2022Understanding and knowledge of control frameworks ISO 27002 and CIS
\n\u2022Information Security Engineering Experience
\n\u2022Information Security Architecting Experience
\n\u2022Substantial Technical experience in the following areas a must:
\noSIEM & AI detective network-based tools
\noGood understanding of the working of all technical security controls with an in-depth understanding of how different systems logs information and how to normalise collect and information to be able to correlate events and locate incidents
\noIn-depth understanding of all protocols and especially SNMP, SYSLOG and how to inspected encrypted protocols
\noVulnerability Management including S\/W & H\/W Asset control
\n\u2022Secure Administrative Experience on mentioned security tools
\n\u2022Technical writing including the creation of policies, standards, procedures & guidelines
\n\u2022IT Security Audit fundamentals
\n\u2022Sound IT Security systems concepts and principles
\n\u2022Complex modelling techniques
\n\u2022In-depth understanding of Security Operations Centres and management of Incidents<\/p>\n
\n\u2022Analytical and conceptual expertise
\n\u2022Vulnerability Analysis
\n\u2022Threat Analysis
\n\u2022Incident Response Analysis & handling
\n\u2022Forensic analysis
\n\u2022Planning, documentation, analysis and business requirements management techniques
\n\u2022Object-oriented analysis
\n\u2022Evaluation of profitability\/risk
\n\u2022Testing, verification and validation techniques
\n\u2022Creation of the Business Requirements Document
\n\u2022Administrative and reporting abilities<\/p>\n