Senior Specialist: Cybersecurity Threat Analyst

at  Nexio

TECHNICAL / PROFESSIONAL COMPETENCIES

• Adhere to operational processes in the NIST CSF and MITRE ATT&CK framework
• Proficient in advanced threat-hunting methodologies and techniques to proactively identify and investigate potential security threats and apply playbooks.
• Prior experience to advise, plan, deploy, configure, manage, and monitoring large-scale and complex cyber defence and IT risk management and information or cybersecurity solutions.

QUALIFICATIONS & EXPERIENCE

• Grade 12
• Bachelor’s Degree in Computer Science or a related technical discipline, or the equivalent combination of education, technical certifications
• One or more of these industry Cybersecurity Certifications: CISSP-ISSEP, CISSP-ISSAP, GIAC Certified Incident Handler (GCIH), Certified Computer Security Incident Handler (CSIH), CEH, OSCP, CompTIA
• Minimum of seven (7) years of work experience, and three (3) years of relevant experience in an established SOC and information security/cybersecurity
• Ability to lead exercises, develop playbooks, and automate processes.
• Experience with a ticketing system such as BMC Remedy.
• Basic Linux and Windows Server experience.
• Experience working with cloud environments (Amazon Web Services Security) is desirable.
• Excellent analytical, problem-solving, and critical-thinking skills.
• Strong communication and collaboration abilities with various stakeholders.
• Experience with securing various environments preferred.
• Experience in working across security frameworks and technologies.
• Possess very good knowledge of technological advances within the information security area
• Demonstrate in-depth solution and service knowledge

ROLE PURPOSE

As part of the Customer-facing Nexio SOC team, the Cybersecurity Threat Analyst will be responsible for monitoring enterprise networks and systems, deterring, identifying, investigating, and mitigating, any and all threats that are directed against those systems regardless of their classification level or type. The Cybersecurity Threat Analyst is expected to collaborate with leadership to develop metrics based on situational awareness and provide support for incident response, surveillance, vulnerability identification, secure network design, and threat monitoring at an enterprise level that will be reported based on the approved plan and supporting checklists. The Cybersecurity Threat Analyst must be able to conduct research on emerging threats, maintains proficiency in exploitation tools, and develops threat profiles to rapidly address security incidents alerted primarily by industry-recognized Security tools and technology.
The incumbent should ideally have advanced security incident handling analysis experience in an established SOC environment and contribute to risk management, lead Red Team/Blue Team exercises, mentor junior analysts, and develop playbooks for incident scenarios. The Cybersecurity Threat Analyst monitors network traffic, investigates incidents, and collaborates with the SOC team to enhance the organization’s security posture.

ROLE REQUIREMENT

• Is familiar with the tactical and long-term vision across the Cyber Security function.
• Adheres to the standard operating procedure and playbooks in the SOC.
• Direct impact on the SOC performance.
• Impacts on team’s runbooks and operational processes in the SOC Service.
• Provides security incident handling and technical guidance to SOC Teams.
• Gives regular, comprehensive, and constructive feedback, and coaching and mentoring to the team.
• Mentor junior analysts to enhance their effectiveness in their roles.
• Proactively hunt for advanced threats and conduct in-depth research and analysis.
• Monitor network traffic, analyze data, and identify suspicious activity.
• Investigate incidents, determine root causes, and provide incident response support.
• Develop secure network designs, protection strategies, and audits for information security infrastructure.
• Research and maintain proficiency in computer exploitation tools, attack techniques, and emerging threat sources.
• Contribute to a comprehensive risk management program, identifying critical processes, threats, and vulnerabilities.
• Lead Red Team/Blue Team exercises and identify gaps in monitoring tools and processes.
• Develop playbooks for various incident scenarios and possess knowledge of automation processes.
• Apply security settings and commercial best practices, including SIEM analysis operations.
• Analyze incidents from various sources, combined with threat intelligence feeds into the SIEM.
• Offer subject matter expertise in developing a common operational picture and maintaining a common intelligence picture.
• Assist in coordinating, validating, and managing all-source collection requirements and intelligence activities.
• Conduct nodal analysis, evaluate threat decision-making processes, and identify intelligence gaps.
• Monitor and report changes in threat activities, tactics, capabilities, and objectives.
• Produce timely and fused cyber operations intelligence products, threat assessments, and briefings.
• Support planning, developmental forums, and working groups with subject matter expertise.
• Provide intelligence analysis and support for exercises, planning activities, and time-sensitive operations.
• Report significant network events, intrusions, and intelligence-derived information.
• Collaborate with stakeholders, analysts, and managers to ensure accurate intelligence requirements and collection plans.

Additional Information:

• Individuals at this level have fully developed knowledge of best practices in security incident handling in an established SOC.
• Able to build strong interpersonal relationships with the SOC team and customer stakeholders.
• Excellent communication skills and communication of complex information to non-technical stakeholders.
• Confident in producing and presenting work.
• In-depth understanding of best security incident analysis and incident handling practices, Strong knowledge of networking protocols, operating systems, and security architecture in an established SOC.
• Proficiency in security tools such as SIEM, IDS/IPS, EDR, and network analyzers.