Role purpose:
The Position holder will be responsible for monitoring, assessing, and defending Safaricom Ethiopia Enterprise Information Systems. And will be part the Cyber Security Operation Center team who will continuously develop and investigate correlated security event feeds, escalating any identified security incidents. They are the primary contact for any suspected security incidents, working together with remediation teams, resolving incidents, and foiling Cyber Security threats against the Safaricom Brand.
The successful candidate will lend support in Cyber threat detection, working in 24/7 shifts, providing eyes-on-the-glass service at the Safaricom Ethiopia CSOC, performing real-time monitoring and identification of security incidents. He/She will help identify suspicious activity, open incident investigation tickets, and escalate any key concerns to Level 2/3 for additional analysis & communication.
Key accountabilities and decision ownership:
· Works in 24*7 shifts performing real-time monitoring of security alerts generated by various security tools deployed by Safaricom.
· Serves as a primary point of contact for reporting potential cyber security incidents.
· Validate, classify and open tickets for cyber security incidents.
· Analyze and assess security alerts and escalate to Level 2/3 analysts for further investigations and communication.
· Anticipate threats, incidents, and alerts to help prevent the likelihood of them occurring.
· Document cyber security incidents as identified by the case management process.
· Provide feedback on enhancing the operations of the cyber security operations Center.
· Respond to generated cyber security alerts within the time window as defined in procedural SLAs.
· Pick out potential intrusions from seemingly benign sets of audit logs or cyber security alerts.
· Triage (primary investigation) of detected cyber security alerts and make necessary escalation decisions.
· Ensure investigation steps are clearly documented & accurately escalated to Level 2/3 when needed.
· Escalation to appropriate teams, follow-ups and provide assistance during remediation.
· Responsible for managing & configuring security monitoring tools.
· Responsible for generating reports for managers and IT administrators to evaluate the effectiveness of current security protocols.
· Collaborate with other departments and team members to implement security procedures, methods, and best practice.
· Assist with defining, testing & operating new ways of working with new technology solutions or processes supplied to the CSOC team.
Core competencies, knowledge, and experience:
Knowledge and Skills:
· Network Defending
· Ethical hacking or penetration testing
· Incident response
· Digital forensics
· Reverse Engineering
Business Know how
· Business Continuity
· Risk Management
· Telecommunications
· Good all-round experience of multiple infrastructure technologies
Creativity and Innovation
· Finds creative ways to analyze and solve problems
· Experiments with unorthodox approaches
· Enthusiasm, curiosity, thirst for knowledge and passion for the job is required
Working with Change
· Detailed oriented and flexible minded to contribute to the 24/7 defensive capabilities of the SOC for the overall security of the organization.
Personal Qualities:
· Excellent interpersonal skills
· Ability to communicate technical information to non-technical stakeholders
· Genuine enthusiasm and drive to work within cyber security
Functional Competencies:
· Knowledge of common SIEM solutions, the purpose of them and an understanding of how they work.
· Knowledge of common network protocols such as TCP/IP, HTTP, DNS, etc.
· Experience with Microsoft Windows and *NIX operating systems is required.
· Knowledge and/or experience with common security tools such as anti-virus, Intrusion Prevention Systems and Firewalls.
· Knowledge and/or experience with Relational Database Management Systems (RDBMS) – Oracle, MS SQL, My SQL, Pervasive SQL.
· Knowledge of security best practices and standards
· Familiarity with scripting and automation tools
Must have technical / professional qualifications:
· Bachelor’s degree in Computer Science /Electrical Engineering/ Software Engineering/ IT Security/Information Technology
Desired
· Professional security training and certifications like CCNA, Security+, Certified SOC Analyst will have an added advantage.
Key performance indicator:
· Time to detection: How long does it take to become aware of a potential security incident?
· Detection Accuracy: False Positive and False Negative Rates and the time to identify events as false positive/negative.
· Escalation level
· Mean Time to Attend and Analyze (MTTA&A): measures the time taken to attend and analyze the security Alert.
· Number of events per analyst: How many events were addressed by an analyst?
· Mean Time for Investigation: How long is it taking to complete an investigation process?
How To Apply
If you feel that you are up to the challenge and possess the necessary qualification and experience, kindly proceed to update your candidate profile on the career portal and then Click on the apply button. Remember to attach your resume.
The closing date for receiving applications is Thursday October 10,2024