Technical Cyber Security Threat Analyst

Gauteng, Full Time Deadline: Not specified

Brief Description

The main purpose of this position is to facilitate predictive and early reactive cyber defence through the analysis or creation of technical and tactical threat intelligence.

Detailed Description
The successful candidate will be responsible for the following key performance areas:

Collect, analyse and interpret cyber-threat data from multiple technical information sources for the development of actionable intelligence.
Perform malicious software (malware) analysis on artefacts flowing from the incident response process in order to identify the behaviours and indicators of compromise.
Liaise with internal and external technical stakeholders, providing intelligence regarding threat actor techniques, tactics and procedures in order to ensure correct and timely focused threat detection and mitigation.
Work closely with technical owners and administrators to define and rationalise corrective actions based on assessment outcomes.
Produce high-quality technical and tactical threat intelligence reports highlighting vulnerabilities covering the cyber-threat landscape.
Proactively hunt for cyber-threats through the in-depth analysis of internal technical incident and system information.
Identify, imbed and support cyber technical threat intelligence tools and technologies in the South African Reserve Bank (SARB) Group.

Job Requirements
To be considered for this position, candidates must be in possession of:

a Bachelor’s degree (NQF7) in Security/Information Technology or an equivalent qualification;
five to eight years’ relevant cybersecurity work experience, of which at least two years must be as a cyber threat intelligence expert;
a security certification in one of the following: Certified Incident Handler, Certified Forensic Analyst, Network Forensics Analyst, Offensive Security (OSCP/OSCE) or any other relevant certifications (an ethical hacking certification would be an added advantage);
sound knowledge of cyber threat intelligence processes and tradecraft (e.g. the Cyber Kill Chain and Diamond Model of Intrusion Analysis);
an understanding of networking (including the OSI Model, TCP/IP, DNS, HTTP, HTTPS, SMTP);
experience working in a Blue team;
knowledge of intelligence technologies, including Silobreaker, , , Anomali, Maltego, VirusTotal Intelligence, MISP);
knowledge of threat intelligence conventions, including YARA, OpenIOC and STIX frameworks; and
knowledge of programming or scripting languages such as Python, Perl, Powershell and R. (Adventageous)

Additional requirements include:

service and stakeholder focus;
effective communication;
impact and influence;
problem-solving and analytical skills;
developing and managing relationships;
conceptual thinking; and