At Content+Cloud we help our clients to succeed and to transform the way their businesses operate, the way their users work, and provide them with flexible and secure platforms with which to do it.
Our portfolio of Professional and Managed Services enables our clients to truly leverage the power of Microsoft’s three clouds : Microsoft 365, Azure and Dynamics 365.
As our reputation has grown over the years, we’ve been able to attract exceptionally talented individuals. Whether they are a world-renowned technology specialist or a highly skilled member of a 24 / 7support team, all our people are driven by a desire to deliver success for our clients.
The Cyber Security Specialist role is part of the Cyber Security Operations Centre (CSOC) and sits within the Cyber Services Department of IT Lab
The candidate will be the technical lead within the Cyber Security Operations Centre (CSOC) for all SIEM and security platforms by managing and improving each to meet the requirements of the business.
You are expected to think beyond a conventional SIEM approach and seek to enhance the security suite to a comprehensive automation and orchestration capability.
This is a hands-on technical role and requires a high level of technical ability and understanding across a variety of security systems, particularly within Microsoft.
Although the focus is on Cyber Security, a broad knowledge and / or experience of modern IT systems and infrastructure is necessary to assist with the development and continuous improvement of the security platforms within IT Lab and its customer’s environments.
You will be a technical lead / SME for the CSOC and SIEM service offering by managing and improving the platforms to meet the requirements of the business and / or client.
Configure and develop SIEM tooling, and associated tool sets, to deliver effective and efficient SOC services through automation and orchestration, and to improve MTTD and MTTR whilst reducing false positives and negatives.
Ensure all security platforms are optimised to detect and prevent security threats across all on-prem and cloud environments to meet business objectives and regulatory requirements
Provide technical oversight and support for the identification, triage and response to events or incidents of a suspicious or malicious nature, and apparent security breaches.
You will work collaboratively with infrastructure teams and key stakeholders inside and out of the business ensuring security and monitoring requirements are determined and implemented through onboarding or continuous improvement activities
Actively support the onboarding of new clients throughout the transition to service delivery lifecycle.
Conduct project activities including planning and execution of Changes, documentation, training / skills / knowledge transfer to the team and clients.
Maintain a continuous understanding of the threat landscape with in-depth knowledge around threat actors, TTPs and vulnerabilities
Be a technical mentor to the CSOC Specialists and Analysts, providing technical knowledge and training to the team
Location and Environment
This role will be based in our beautiful Century City offices in Cape Town however, you will work amongst a wider team split across our Cape Town and Manchester offices.
At Content+Cloud we look for a particular kind of person. Someone who likes nothing better than helping others to achieve their goals.
Someone who is driven by a desire to go the extra mile for our clients, focusing on the little things that make a big difference.
Someone who loves technology, not for its own sake, but for what it can deliver in terms of organisation.
This is the real Content+Cloud difference : the mindset of our people.
We see every client challenge as an opportunity for fresh thinking, and every client journey as an adventure.
Required Skills and Capabilities
Excellent soft-skills in the form of team working, problem solving and communication.
A keen self-starter who can evidence excellent customer service and can collaborate effectively.
Experience with a variety of SIEM platforms and monitoring tools, configuration management tools, host virtualisation, containerisation, vulnerability scanners, proxies, WAFs.
Significant experience with intrusion analysis and investigation.
Demonstrable technical knowledge, skills and / or experience in intrusion analysis, and network and security investigation using a variety of security tools (EDR, DLP, AV, Snort, Wireshark, TCPdump etc.).
Working knowledge and experience of core security and infrastructure technologies (e.g. firewall logs, network security tools, malware detonation devices, proxies, IPS / IDS)
Technical experience in a Security Operations Centre, Incident Response Team or similar environment.
An in-depth knowledge of log formats, log transports and log analysis as well as automating log ingestion and normalisation in a SOC environment.
Strong awareness of cyber-attack techniques and how protective monitoring systems can be used for detection, mitigation, remediation and protection.
Awareness of risk management and the ability to contextualise technical issues into business risk relevant to the business and clients.
Having achieved at least a BSc or MSc in Cyber Security incorporating Ethical Hacking, Digital Forensics or Information Security; or
One or more of the following industry certifications : CEH, GCIA, GCIH, GSEC, Security+, GCTI
Experience in secured cloud architectures (Azure, AWS) and engineering solutions
Formal experience in Digital Forensics or experience using EnCase, FTK Imager or similar
An understanding of multiple operating systems and their programming interfaces such as UNIX Shell and PowerShell.
An awareness of cyber security related standards and regulations, for example, NIST, CIS, ISO 27001 and PCI DSS
Salary dependent on experience
Role based out of our Century City offices (currently working remotely)
40 hours per week (Monday Friday)
20 days annual leave
Multiple HIIT, general fitness, yoga and meditation classes run virtually each week! (In addition to other wellness events and other social activities...)
Continual professional development plans
Content+Cloud is proud to be an equal opportunity workplace that is committed to attracting and retaining the best talent regardless of race, sex, age, national origin, religion, sexual orientation, gender identity, disability or criminal history.
As part of our compliance requirements, we do undertake background checks which, dependant on levels of security required for the role or client assignment, may include a criminal record check.
Please do let us know if you would like more details on the level of checks for the specific role you are applying to.
We are happy to provide any reasonable adjustments you may need to ensure you feel you have the best experience across our selection process and future employment,