• The Security Operations Centre (SOC) Principal Specialist will establish, maintain and continuously improve an industry leading SOC in order to monitor and defend the Cell C network and enterprise by directing and coordinating the activities of the SOC team.
• The SOC will operate from a single, centralized location which will provide real-time network and enterprise monitoring; detailed, audit compliant reporting. In addition, the SOC Principal Specialist will determine risk levels and assets effected by security breaches; discover and prioritize events, recommend and / or execute remedial action and implement security assessment and incident response protocols.
• Furthermore, the SOC Principal Specialist will compile, develop and maintain policies and procedures to ensure regulatory compliance and will establish and maintain metrics which will provide the highest level of productivity and operational readiness, whilst also determining strategic objectives in respect of network and enterprise enhancement and controls.
• The successful incumbent will have a proven track record in leading information security teams and technologies.
• The SOC Principal Specialist supervises the activity of the SOC team. Recruits, hires, trains, and assesses the staff. Manages the escalation process and reviews incident reports. Develops and executes crisis communication plan to all stakeholders. Runs compliance reports and supports the audit process. Measures SOC performance metrics and communicates the value of security operations to business leaders.
• Knowledge and / or understanding of regulatory and privacy laws is essential.

Strategy and Governance:

• Develop a SOC strategy in order to analyze, identify, manage, escalate and resolve breaches through regular business audits, technical audits, and event monitoring geared towards operational excellence
• Provide input to a legal opinion where legislations require.
• Identify and propose infrastructure and business applications of the network and enterprise
• Identify and implement strategies to ensure the network and enterprise is projected by identifying and managing vulnerabilities within the network and enterprise
• Establish and maintain procedures to monitor the network and enterprise for real-time threats, policy violations, security breaches or anomalous and symptomatic evets, or deviations
• Analyze historical event logs for patterns and trends symptomatic of an attack or compromise
• Demonstrate a vision in alignment with business objectives, priorities and risk posture
• Draft and maintain the policies associated with the SOC
• Define People, processes and technologies to maintain /run the SOC
• SOC maturity and ISO standards improvements strategy
• Defines and implements threat defense/intelligence strategy
• Defines and chairs SOC compliance meetings including frequencies
• Defines and implements a ProActive SOC monitoring strategy
• Identifies all business-critical services and systems to associate effective protection

Planning and Execution:

• Budgeting and Financial Management
• Identifies and implements projects and initiatives
• Staffing and shift management
• Maintain Technology roadmaps
• Plan and document all stakeholders SLA/OLAs
• Communications plan
• Build and mange stakeholder relations both internal and external to the organization
• Continuous improvement to processes /monitoring/policies and technologies associated with the SOC
• Vendor KPIS/Managed services if required
• Participate and execute SOC requirements across all Technical projects

Operations:

• Form a Cyber Security Defense team.
• Establish agreements and operational level contracts with the 24x7x365 monitoring team (Fault Management).
• Establish agreements and operational level contracts with all other stakeholders (internal), based on the output of this functional unit.
• Develop metrics and reporting frameworks that compiles and analyzes data for accurate and timely reporting of security activities, threats or breaches.
• Implement measures to ensure trouble tickets are accurate and attended to.
• Accountable point of contact as triggered for high severity tickets and incidents.
• Maintain knowledge of threat landscape by monitoring Open-source intelligence (OSINT) and related sources
• Collaborate on and participate in Incident Response exercises
• Creating and tuning detection signatures, Indicators of Compromise (IOCs), and other content to detect malicious ·      activity or trends. Manage the SOC team to ensure incidents are triaged and investigated
• Defining and maintaining all events analysis, impact assessment and prioritisation identified with each threat/ event
• Maintain and update all associated operational manuals for the SOC
• Participates and chairs all SOC meetings
• Maintains system integrity by conducting certain audits and assessments with the assistance of various stakeholders

Service Operations—including: o Trend analysis. o Tracking of remediation items. o Reporting to the organization on SOC activities. o Classification of issues. o Software license compliance. o Tracking and inventory of assets.

• Continuous Service Improvement— Continuous Service Improvement identifies and structures an improvement process to enhance the SOC over time. This includes:

o Determining what to measure, such as use cases, alerts, shift logs, etc. o Defining what you can measure. o Gathering the data, in the SIEM, a Governance Risk and Compliance (GRC) system, or manually.o Processing and analyzing the data. o Reporting or sorting through the data to help understand and identify improvements. o Implementing the corrective controls and actions.Staff Management:

• Manage the daily operations of the team.
• Coach, mentor and support team members.
• Evaluate Key Deliverables and conduct performance appraisals.
• Uphold and enforce HR policies and procedures.
• Develop and maintain Work Instructions, Standard Operating procedures and Policies
• Ensure the continued learning and development of the SOC team

Analytics and Reporting:

• Ensure consistency, accuracy and integrity of all related data and reports emanating from the department.
• Assist and guide on the analysis and interpretations of reports (weekly / monthly / ad-hoc) towards remedial action(s).
• Create post-incident feedback loop to team to enhance capability.
• Pro-active and routine reporting on network security health

Further expectations:

• Contribute to align department strategy to company strategy.
•  Assess and develop incoming and outgoing business requirements.
•  Assume the role of Change Agent in the department
• Keep abreast of industry evolution through continuous learning and development, and research

• Minimum of 3-year degree / diploma in Information Technology and or,
• Relevant Cyber – or Information Security credentials.
• ISO27001, ITILv3, COBIT and / or associated standards knowledge.

Experience

• 5 years of demonstrated experience in leading / managing an Operations Center,
• Cisco / Checkpoint / Juniper firewalls, VPN solutions, IPsec, TACACS and Access-Lists, load-balancers and patch management experience advantageous
• Firewalls, IPS (Intrusion Prevention System), ACS (Access Control systems), NAC (Network Admission Control), ADC (Application Delivery Controller),
• Hands-on experience with security technologies:
• Endpoint Detection & Response tools (EDR)
• Intrusion Detection & Prevention (IDP)
• Next-Gen IDS
• Security Information & Event Management (SIEM)
• Network Analysis tools