Cyber Security Analyst I

TFG’s Information Technology team is responsible for the company’s technological systems and the maintenance of its digital and technological infrastructure. By selecting future-fit technology and methodologies, they help the business meet its strategic objectives. They assess our business landscape and our market to ensure adaptability, scalability, expansion, and risk reduction.

Who we are is because of our people. They are our greatest asset. TFG is an internationally diversified retail portfolio of 34 speciality lifestyle and apparel brands that Inspire our Customers to live their Best Lives and are woven into the lives of millions. Our vision is to create the most remarkable omnichannel experiences for our customers. TFG is more than a workplace, it's a launchpad for your growth. Join us and explore endless growth opportunities across our diverse brands. We’re a purpose-led business, and on this team, you’ll share the pride of making an impact across a whole industry.

We’re the designers, the makers, the shakers and the teams behind the scenes.

Are you with us?

Key Responsibilities:

Security Monitoring

• Continuously monitor: Monitor security alerts and events from various sources, including Microsoft Sentinel, Defender for Endpoint and Defender for Cloud.
• Perform log management: Perform log ingestion, define use cases, and create alerts for critical assets.
• Develop Detection Rules: Create, implement, and fine-tune analytical rules, alerts, and queries in Microsoft Sentinel and Defender to detect security incidents and reduce false positives.
• Behavioural Analytics: Leverage user and entity behaviour analytics (UEBA) to identify abnormal activities and enhance detection capabilities.
• Customize Playbooks: Develop and customize automation playbooks in Sentinel and defender to streamline incident response processes and improve efficiency.
• Threat Hunting: Using IOCs and threat intelligence, perform threat hunting across environment.

Incident Response

• Analyze and investigate security incidents to identify potential threats.
• Respond promptly to security incidents, provide initial analysis, conduct business impact assessment, isolate, eradicate and recovery from threats.
• Document and report incidents, ensuring accurate and comprehensive records.
• Follow established incident response procedures, playbooks and contribute to their enhancement.

Testing and Validation

• Participate in Blue\Red\Purple team exercises.
• Participate in Cyber crisis simulations.
• Participate in Table-top exercises.

Business Context and Risk Management

• Understand the Business value chain.
• Understand key Business processes.
• Understanding the Business architecture and mapping to crown jewels (critical assets)
• Risk management with the ability to conduct risk assessments when required.

EndPoint Detection and Response (EDR)

• Manage and maintain endpoint security and compliance.
• Perform daily health checks endpoint security and EDR solutions and remediate accordingly.
• Conduct regular scans and assessments to identify and mitigate potential vulnerabilities.
• Collaborate with IT teams to ensure endpoint security configurations align with organizational standards.

Qualifications and Experience:

• Must have 1-3 years’ experience in a SOC or Cybersecurity related role.
• Candidates with the following technology experiences will be preferred: Microsoft Defender XDR, EDR, JAMF, Symantec DCS, DNS, network security, Online Brand Protection platforms, Mimecast, Symantec DLP, Next DLP, FortiAnalyzer, Sophos, CrowdStrike and Azure Sentinel.
• Experience with common information technologies (Windows, VMware, and Cisco as well as some UNIX, Linux).
• Experience with security tools (WAF, Proxy, DNS, IDS, firewalls, anti-virus, data loss prevention, Azure Entra ID, IAM, PAM, MFA, NAC, DLP).
• Knowledge of Cloud Security Operations (SaaS, PaaS, IaaS), Mobile Architecture, Network and Application Security and/or Data Protection.

Skills:

• Communication: Excellent written and verbal communication skills in English, with the ability to effectively communicate technical information to both technical and non-technical audiences.
• Collaboration: Willing and able to share knowledge and learn from colleagues
• Time Management: Ability to work in independent environments under aggressive timelines and pressure.
• Reporting skills: Outstanding written skills for preparing email feedback and incident reports
• Ability to manage stress and pressure.
• Passion for continuous learning and development
• A “go getter” who is willing to go the extra mile to identify problems and recommend innovative solutions.

Behaviours:

• Action Oriented - readily takes on new challenges and opportunities with a sense of urgency and eagerness
• Communicates Effectively - conveys information and communicates ideas in a clear, concise and impactful manner
• Courage - confronts and tackles challenging situations with courage
• Decision Quality - consistently makes timely, well-rounded and informed decisions
• Ensures Accountability - takes accountability and ensures others are held to account on agreed upon performance targets
• Manages Complexity - interprets and simplifies complex and contradictory information when resolving organisational problems
• Plans and Aligns - develops plans and prioritises initiatives that align to the organisational goals and objectives
• Tech Savvy - leverages new technology to enhance productivity, improve problem solving, and support business growth

Preference will be given, but not limited to candidates from designated groups in terms of the Employment Equity Act.