18 Oct
Gijima Holdings
Pretoria
Reference: JHB000426-AM-1
Gijima Staffing Solutions is responding to a tender: We are seeking Incident Monitoring Officer is responsible for monitoring and analyzing security events to detect potential cyber threats and respond to security incidents in a timely manner. The role focuses on managing and utilizing Security Information and Event Management (SIEM) tools to ensure the security and integrity of IT systems and data. This position requires expertise in threat detection, incident response, and continuous monitoring of IT environments.Duties & ResponsibilitiesKey Responsibilities:
- Security Monitoring & Analysis:
Monitor security alerts and events generated by SIEM tools to detect and analyze potential security threats,
vulnerabilities, and anomalous activities across the IT environment.
- Incident Detection & Response:
Investigate and respond to security incidents, ensuring proper escalation, documentation, and resolution. Collaborate with other security teams to mitigate risks and resolve incidents promptly.
- SIEM Management:
Manage and configure SIEM tools (e.g., Splunk, IBM QRadar, ArcSight) to enhance threat detection capabilities. Regularly update rules, filters, and alerts to reflect the evolving threat landscape.
- Threat Intelligence & Hunting:
Use threat intelligence data to improve the accuracy of incident detection and proactively identify potential risks. Conduct threat-hunting activities to uncover undetected security issues within the IT infrastructure.
- Security Event Correlation:
Analyze data from multiple sources (firewalls, IDS/IPS, antivirus, etc.) to correlate events and identify potential security breaches or policy violations.
- Reporting & Documentation:
Generate detailed reports on security incidents, trends, and system vulnerabilities. Ensure proper documentation of all incident response activities and maintain an incident log.
- Collaboration & Communication:
Work closely with other IT and security teams to resolve security issues, implement preventative measures, and improve overall security posture. Provide regular updates to management on incidents and threats.
- Continuous Improvement:
Stay up-to-date with the latest security threats, trends, and technologies. Provide recommendations for improving incident detection, response processes, and SIEM configurations.
Required Qualifications and Skills:
- Education:
- Bachelor’s Degree in Information Security, Cybersecurity, Information Technology, or a related field.
- Experience:
- Minimum of 5 years of experience in security monitoring, incident response, or cybersecurity operations.
- Technical Skills:
- Expertise with SIEM platforms such as Splunk, IBM QRadar, ArcSight, or LogRhythm.
- Proficiency in log analysis, event correlation, and threat detection.
- Knowledge of network protocols, intrusion detection/prevention systems (IDS/IPS), and firewall technologies.
- Familiarity with threat intelligence platforms, malware analysis, and endpoint security tools.
- Understanding of cybersecurity frameworks (e.g., NIST, ISO 27001).
- Soft Skills:
- Strong analytical and problem-solving skills.
- Excellent attention to detail.
- Good communication and reporting skills.
- Ability to work in a high-pressure environment and respond quickly to incidents.
Tools & Technologies:
- SIEM Platforms: Splunk, IBM QRadar, ArcSight, LogRhythm
- Security Tools: Firewalls, IDS/IPS, Antivirus/Endpoint Protection (e.g., Symantec, McAfee), Vulnerability Scanners
- Threat Intelligence: Recorded Future, ThreatConnect, AlienVault
- Incident Response Tools: SOAR (Security Orchestration Automation and Response) platforms, Wireshark, OSSEC
Additional Considerations:
- Security certifications such as CISSP, CISM, CEH, or GIAC are highly preferred.
- Experience with incident management frameworks such as MITRE ATT&CK;, SANS Incident Handling, or NIST Cybersecurity Framework is beneficial.
▶️ Incident Monitoring Officer SIEM
🖊️ Gijima Holdings
📍 Pretoria