Job Reference: FSCA-580 Investment and banking/finance are two industries. Permanent employment type One position is open. The ICT Security Engineer: Analysis and Support, will play a critical role in safeguarding the organisations information and cyber security posture.
The Security Operations Centre (SOC), as well as support, cyber threat analysis, and investigation activities for managing security events and incidents, are the primary responsibilities of this position.
Description of Job The Job’s Purpose:
The organization’s information and cyber security posture will be protected by the ICT Security Engineer: Analysis and Support. This position is primarily responsible for the Security Operations Centre (SOC) and support, cyber threat analysis and investigative activities to manage the security events and incidents. This role will also be responsible for the training programme to encourage a culture of cyber security awareness, compliance to policies, standards procedures and regulatory requirements. For security project initiatives and to facilitate mitigation plans throughout the organization, the successful candidate will collaborate with cross-functional teams and stakeholders. The person who is chosen for this position will report to the Head of the Department for ICT Security and Risk.
Key Performance Areas:
• Respond to security incident response actions and monitor the cyber security operations center.
• Coordinate the cyber security incident response (CSIRT) and, as necessary, update the crisis management plan (CMP) and cyber security incident response plan (CSIRP) on a regular basis. •Coordinate the periodic security penetration testing and security vulnerability remediation activities.
• Control and maintain the Security Operations Center solutions’ optimal performance (log collector agents, SIEM, XDR, and vulnerability management)
•Define and develop the annual cyber security awareness programme, calendar and publish awareness content to the organisation.
•Perform a review of ICT security policies, standards and procedures as required and in line with industry frameworks (NIST CSF, ISO27001, COBIT).
• Coordinate requests for governance, assurance, business resilience audit, and control assessments from information technology general control (ITGC).
• Work with cross-functional teams to make sure that project initiatives are designed to be secure.
• Create operational ICT security and cyber threat intelligence reports on a monthly basis.
Other Important Skills:
The candidate must demonstrate the following skills and attributes:
•Good verbal and written communication skills, interpersonal skills, and must collaborate effectively with other team members.
•The candidate must be enthusiastic, able to quickly grasp new ideas, and able to work independently and under pressure when necessary.
•In accordance with its Employment Equity Plan, FSCA is committed to increasing the representation of underrepresented groups. •Disability-informed applicants are encouraged to apply.
•Please note that correspondence and communication will only be conducted with shortlisted candidates and that the FSCA reserves the right not to appoint if a suitable candidate is not identified.
Job Requirements
Equal qualifications will also be taken into account. A valid CompTIA PenTest+, Offensive Security Certified Professional (OSCP), or Certified Ethical Hacker (CEH) certification is required. Advantageous credentials include ISC2 SSCP or other relevant information security credentials. Experience working directly with information and cyber security operations for at least three years. a history of successfully overseeing cybersecurity education programs, including phishing simulation campaigns.
Familiarity with key industry regulations and frameworks, including but not limited to: ISO/IEC27001, NIST CSF, PCI-DSS, MITRE ATT$CK and COBIT. Understanding and development of IT security policies, standards, and procedures is beneficial. Experience with multiple operating systems, including Windows, Red Hat, Debian and other Unix-based platforms is advantageous.