The Security Operations Centre (SOC) is the cybersecurity team responsible for monitoring and analysing an organisation's security posture on an ongoing basis. The SOC team aims to provide 24x7x365 capabilities to detect, analyse, and respond to cybersecurity incidents using a combination of technology solutions and strong processes.
The SOC staff collaborate closely with our customers and eir evo's Network Operation Centre (NOC) team to ensure security issues are addressed promptly upon discovery.
The Cyber Security Engineer supports technologies used for security threat monitoring, detection, event analysis, and incident reporting for the cybersecurity team.
This is a contract-based position for a duration of 6 – 12 months.
We seek a Cyber Security Engineer to perform the following duties:
1. Support the day-to-day operation of a highly available distributed multi-clustered multi-tenant SIEM, SOAR, EDR deployment.
2. Support onboarding and maintenance of a wide variety of data sources, including OS, appliance, and application logs.
3. Create queries, dashboards, and visualisations to support customer requirements.
4. Perform troubleshooting and remediation of issues with data ingestion.
5. Track and resolve security engineering incidents regularly, collaborating with other teams for resolution and suggesting areas for improvement.
6. Manage the complete lifecycle of event source system administration, including coordination and planning for system upgrades and new systems, as well as maintaining current operational event flows.
7. Lead and coordinate relationships, projects, and open issues with vendor support.
8. Design and administer security controls, services, and architecture, including infrastructure, network systems, application security tools, and incident response functions.
9. Maintain documentation for the environment and develop technical documentation as required.
10. Configure enterprise security log sources into SIEM, EDR, SOAR, and VA solutions.
11. Continuously assess current security monitoring and recommend improvements.
12. Research the latest threats and technological advancements.
Job schedule: Business Hours, Monday-Friday (On Call)
To be successful in this role, you should have:
* A passionate and professional security mindset.
* Strong customer service skills to follow up with clients and handle escalations.
* Ability to ensure confidentiality and discretion in sensitive tasks.
* Experience in a technical customer support environment adhering to SLAs.
* 3-4 years of experience in information security or IT.
* 2-3 years of experience in SIEM deployment.
* Strong understanding of SIEM and UEBA.
* Proficiency in scripting languages such as Python and PowerShell.
* Knowledge of machine learning in cybersecurity.
* Understanding of cloud technologies.
* Good knowledge of infrastructure, log collection, and aggregation techniques.
* Experience with endpoint security and host-based intrusion detection solutions.
* Expertise in TCP/IP network traffic and event log analysis.
* Bachelor's Degree or equivalent (preferably).
* Fluent in English.
We strive to create an inclusive and supportive work environment. If you require any reasonable adjustments during the application or interview process, please let us know, and we will work with you to meet your needs.