Senior IT Security Analyst (Ref 26070)

Responsibilities

1. Oversee the entire incident response lifecycle from detection to resolution.
2. Lead investigations of IT security incidents, ensuring thorough root cause analysis and remediation.
3. Develop and maintain incident response playbooks and procedures.
4. Coordinate with internal, external stakeholders, and vendors during incidents.
5. Conduct post-incident reviews and report findings to management.
6. Develop and implement advanced threat detection and monitoring strategies.
7. Utilize SIEM, EDR, and other security tools for timely incident detection.
8. Perform threat hunting and proactive security assessments.
9. Collaborate with IT teams to deploy and optimize security solutions.
10. Integrate AI and automation technologies to enhance security operations.
11. Develop automated workflows and scripts for incident response and routine tasks using SOAR.
12. Leverage machine learning and AI-driven tools for threat detection and analysis.
13. Stay updated with advancements in AI and evaluate their applicability to security operations.
14. Apply system design thinking to security solutions.
15. Analyze and compile statistics on threats relevant to the Institute, and prepare reports for stakeholders using data visualization tools.
16. Evaluate and integrate new technologies to enhance security operations.
17. Foster a culture of continuous improvement and encourage professional development within the team.
18. Enhance the team's digital forensics capabilities by developing procedures, training team members, and overseeing evidence collection and analysis.
19. Collaborate with legal and compliance teams to ensure regulatory alignment.
20. Conduct regular drills and simulations to ensure forensic readiness.

Requirements

1. Degree in Information Systems, Computer Science, Cybersecurity, or a related field.
2. Professional certifications in incident handling and security analysis are preferred (e.g., GCIH).
3. Minimum of 8 years of progressive experience in IT security, focusing on incident response, with at least 4 years in a SOC environment and proven leadership capabilities.
4. Intermediate knowledge of security operations, incident analysis, vulnerability management, system patching, log analysis, intrusion detection, and firewall administration.
5. Proven experience in managing incident response, threat hunting, and integrating AI and automation in security operations using SOAR.
6. Proficiency in SIEM, EDR, traffic analysis, digital forensics, and cloud security.
7. Experience with Blue/Purple teaming, firewall, IPS, WAF, virtualization, and cloud technologies.
8. Knowledge of Linux/Windows/Database technologies is preferred.
9. Strong understanding of industry standards and security policy frameworks.
10. Hands-on scripting and automation skills to improve security operations.
11. Ability to conduct gap analysis and recommend improvements.
12. Experience in threat environment evaluation and acting as a subject matter expert.
13. Continuous improvement of event correlation and alerting processes.
14. Experience with network security assessment tools.
15. Excellent leadership, team management, and communication skills, capable of interacting with stakeholders at all levels.
16. Ability to drive strategic initiatives, lead change, and think critically under pressure.
17. Skill in interviewing stakeholders to gather business requirements and providing guidance on response plans.

Licence no: 12C6060