IT Security Analyst - Networks & IT

The IT Security Analyst plays a critical role in fortifying the organization's cybersecurity defenses. The IT Security Analyst supports the IT Security team by monitoring and analyzing the organization's security posture to prevent, detect, analyze, and respond to cybersecurity incidents.

The role involves thorough monitoring of network and system activities to identify and mitigate potential threats, conducting detailed risk and vulnerability assessments, assisting in the implementation of security solutions, and participating in the development and enforcement of security policies and procedures to protect the organization's information assets.

KEY FUNCTIONS

Annual Operating Strategy

• Keep abreast of the latest cybersecurity threats, trends, and adversary tactics to proactively strengthen defenses.
• Engage in ongoing research to stay ahead of potential system breaches through the adoption of innovative security measures.

Security Monitoring and Analysis

• Continuously monitor security systems and tools to identify and assess potential threats and vulnerabilities. Utilize advanced analytics to detect anomalies and signs of unauthorized access.
• Generate comprehensive reports detailing the findings from security monitoring, assessments, and incidents.
• Monitor email and ticketing systems for security-related issues and follow through until resolution.

Patch Management Compliance 

• Conduct compliance audits and coordinate remediation efforts with IT teams to ensure timely application of security patches and updates.

Security Incident Response 

• Act as a primary responder to security incidents.
• Proactively identify potential security threats, preserve critical evidence, analyse security incidents, and implement containment strategies to minimize impact.
• Oversee the recovery process to restore system integrity, and conduct thorough investigations to understand attack vectors and prevent future breaches.
• Collaborate with relevant teams to enhance security measures and ensure comprehensive incident management.

Privilege Management 

• Assist in managing access to privileged accounts, ensuring compliance with access control policies, and monitoring for abuse or unauthorized activities.

Security Information Events Management

• Support the management of SIEM tools, including the configuration of alerts, analysis of security data, and development of actionable intelligence.

Vulnerability Management

• Conduct thorough vulnerability assessments and risk analyses to evaluate the security posture of IT systems and applications. Develop and implement strategies to mitigate identified risks.
• Identify and resolve false positive findings reported by information security tools.

Third Party Cyber Risk Management

• Continuously assess the cybersecurity posture of third-party vendors, ensuring compliance with security standards and implementing risk mitigation strategies for external partnerships.

Endpoint Detection and Response Management

• Assist in managing endpoint security solutions, monitoring for threats, and responding to security incidents involving endpoints.
• Participate in proactive threat-hunting activities to identify and address potential security threats before they impact the organization.

Consultancy Services

• Offer expert advice on security project design and implementation, ensuring seamless integration of security measures with business operations.

Contract Management/ Solution Procurement

• Assist in the procurement of security solutions, evaluating vendors, and negotiating contracts that meet security and business needs.
• Workplace Safety- to conform to the OSH Act and company HSE policies and procedures and oversee compliance by contracted service providers.
• To perform any such related duties that may be assigned by the IT Security Manager.

EDUCATION:

• An undergraduate degree in Information Security, Computer Information Systems, Network Security, Computer Science or a related field of study.
• At least 2 of the following IT Security certifications (or equivalent)-

⮚       CompTIA Network+

⮚       CompTIA Security+

⮚       CompTIA CySA+

⮚       Certified Ethical Hacker (CEH)

⮚       Certified Network Defender (CND)

⮚       EC-Council Certified Security Analyst (ECSA)

⮚       GIAC Security Essentials (GSEC)

⮚       GIAC Certified Incident Handler (GCIH)

⮚       Certified Information Systems Auditor (CISA)

⮚       ISC2 Certified in Cybersecurity

⮚       Cisco Certified Cyber Ops Associate

⮚       ITIL Foundation (Certification would be an asset)

EXPERIENCE/ TRAINING:

• A minimum of three (3) years in IT roles with a significant focus on cybersecurity tasks, including threat analysis, security monitoring, and incident response.
• At least one (1) year of experience specifically in administering security solutions to protect against modern cyber threats.
• Strong working knowledge of security challenges, defense strategies, and the implications of various security

FUNCTIONAL COMPETENCIES:

• Cloud First Focus – Ability to adopt, implement and maintain a cloud-first approach to the overall IT solution support, design and application development in conjunction with Technology Vendors to deliver solutions that align with current and future business requirements, both internally and helping our customers make use of secure, scalable and reliable cloud solutions at a competitive price.
• Solution Design & Implementation – The specification, design, and implementation of information systems solutions (security, applications, network, database, cloud, data center etc.) to meet defined business needs either internally or commercially that are in alignment with corporate strategy, industry best practice and within constraints of cost, security, and sustainability. It spans the identification of concepts and their translation into an implementable design; planning, development, testing and the go-live of the final product or service and ensures the optimum use of current solutions, retention of compatibility with enterprise and solution architectures and avoiding solution duplication.
• IT Service Management – The ability to manage IT solutions and resources required to plan for, develop, deliver, and support IT services and products to meet the current and future needs of the business that will strengthen the company's competitive advantage. It includes the preparation for new or changed services, management of the change process and the maintenance of standards. The identification, analysis, clarification, and communication of the context of use in which solutions will operate, and of the goals of products, systems or services. Analysis and prioritization of stakeholders’ “user experience” needs and definition of required system behaviour and performance. This includes negotiation, implementation and monitoring of service level agreements, seeking continually and proactively to improve service delivery and sustainability targets.
• Digital Transformation – Ability to perform creative problem solving, partnering with vendors and using a variety of techniques to come up with innovative solutions using technology to assist with the defining or redefining of TSTT’s products and services. These include the management of all activities required to launch a new product, service, process or concept using digital tools and platforms including the ability to manage digital products as they move through the typical stages of their product lifecycle: Development and Introduction, Growth, Maturity/Stability, and Decline. Ability to identify, implement and utilize specific solutions that will deliver on TSTT’s digital value proposition.
• IT Project Mgt. – The management and delivery of projects from design, development, and implementation of IT solutions to meet identified business needs using industry best practices. This includes the ability to categorize the solution into cycles to deliver a working product within time constraints using agile principles that allows teams to respond rapidly, efficiently, and effectively to changes. Ensures the delivery of features with the greatest business value first, and having the realtime information to tightly manage cost, time, scope and quality.
• Information Security Risk Management – Working knowledge of how to safeguard the confidentiality, integrity, and availability of information and information processing facilities using defined IT security principles, controls, and best practices that are aligned with the business objectives and through security awareness.

CORE AND LEADERSHIP COMPETENCIES:

Organisational Awareness: Contributes to the organisation by understanding and aligning actions with the organisation's goals, core functions, needs, and values. Contributes to the organisation by actively demonstrating the alignment of activities with the organisation strategies, key initiatives, core functions, needs, and values and supporting others to do the same.

Customer Focus: Prioritises and takes action on the needs of both internal and external customers. Designs and delivers products and services with the customer experience top of mind.

Planning and Results Orientation: Invests time in upfront planning to achieve organisational goals and objectives while meeting quality standards, following the appropriate processes, and continuously assessing results.

Creativity and Innovation: Thinks beyond the confines of traditional models to recognise opportunities and find new and better ways of doing things to be and remain an agile broadband provider. Encourages experimentation and accepts failure as a driver of innovation.

Communication: Effectively and appropriately interacts with others to build relationships, influence others, and facilitate sharing ideas and information. Uses tact and diplomacy to navigate demanding situations. Relays key messages by creating a compelling story targeted to specific audiences.

Strategic Leadership and Execution: Applies vision to think beyond the immediate situation and explore multiple potential paths. Invests time in planning, discovery, and reflection to drive decisions and more efficient implementation. Ensures that business goals are met by executing, monitoring, and adjusting the organizational action plan.

People Leadership: Inspires, motivates, and empowers people to achieve organizational goals. Coaches, mentors, and manages employee experience and performance through mindful preparation. Creates space for others to lead.

Managing Through Change and Uncertainty: Adjusts thinking and behaviour to resiliently face change and uses experience to fuel growth. Embraces failure as a learning opportunity for themselves and others. Enables the process of change and transition while helping others deal with the effects of change.

Relationship Building: Develops internal and external trusting, professional relationships. Purposefully develops networks to build value through collaboration.

Deadline date for applications: Friday 6th December 2024