Overall Purpose of the Job;
The Cyber Security Specialist is responsible for managing and enhancing the security posture of Advtech. This role involves overseeing the lifecycle of digital certificates, assessing and improving security scores, analysing vulnerabilities, and implementing threat detection and response strategies. The specialist will collaborate with various teams to ensure effective remediation of vulnerabilities, maintain robust security configurations, and drive proactive threat intelligence and incident response capabilities across the organisation.
Responsibilities for this Position:
Security Posture Management & Digital Certificate Lifecycle:
-
Manage the entire lifecycle of digital certificates, including issuance, renewal, and revocation.
-
Regularly assess and enhance ADvTECH’s security posture based on Microsoft’s recommendations; implement configurations to improve the overall Secure Score.
-
Analyse vulnerability and exposure scores to identify and prioritise weaknesses; collaborate with teams to remediate vulnerabilities efficiently.
-
Administer LastPass user assignments; review and update password policies based on emerging threats and industry standards.
-
Design and implement Attack Surface Reduction (ASR) rules; apply security baselines to enforce recommended security configurations on enrolled devices.
Vulnerability Management & Remediation Coordination:
-
Actively exploit vulnerabilities to assess potential impact; generate detailed reports summarising findings, identified risks, and recommended remediation steps.
-
Collaborate with dedicated IT teams to ensure timely and effective remediation of identified vulnerabilities; track and consolidate remediation tasks and provide regular updates to stakeholders.
-
Plan and coordinate controlled simulated attacks performed by Pentesting Vendors to identify vulnerabilities; oversee regular vulnerability scans and analyse results for remediation prioritisation.
Threat Intelligence & Dark Web Monitoring:
-
Incorporate threat intelligence feeds into Microsoft Defender for proactive threat detection; customise threat analytics rules to align with ADvTECH’s threat landscape.
-
Continuously monitor open sources for indicators of compromise (IOCs); leverage custom Onion Crawler (covering 300+ onion links) to detect leaked credentials, exposed servers, and dark web threats.
-
Actively engage in trusted APT forums to gather insights on pre-planned cyber-attacks; monitor forums for discussions on emerging threats and vulnerabilities.
-
Integrate SOCRadar and Flare into threat intelligence processes; develop and maintain Onion Crawler for 24/7 deep and dark web monitoring, cross-verifying findings to identify and mitigate risks.
Analytical Rules, Microsoft Sentinel & SOC Collaboration:
-
Collaborate with the SOC Team to implement and refine analytical rules in Microsoft Sentinel for accurate threat detection.
-
Build and enhance Sentinel workbooks for comprehensive security reporting and visualisation.
-
Assist the security team in managing daily cyber-SOC tickets; provide guidance on addressing incidents and escalating to senior security staff where required.
Incident Response & Threat Hunting:
-
Escalate and consult on security incidents identified by Microsoft Defender; conduct advanced threat hunting to proactively identify potential threats.
-
Review and update threat intelligence sources integrated into Microsoft Sentinel; align threat intelligence with ADvTECH’s risk profile and business context.
-
Maintain and refresh Threat Intelligence news reports for Senior Management; stay informed about emerging threats and TTPs discussed in underground and APT forums.
Security Reporting, Training & Development:
-
Compile monthly security reports and quarterly Steercom reports covering SOC activities, incident response, threat intelligence, Secure Score, and dark web monitoring findings.
-
Document security risks, penetration testing outcomes, and security incidents with a focus on recommendations and preventative measures, including ransomware.
-
Provide training to team members on MDE, BitLocker, and Patch Management systems; assist and guide the security team in day-to-day cyber security operations.
-
Contribute weekly to the SecOps register; assist with cyber insurance requirements and drive security awareness initiatives across the group.
Education:
- Degree / Diploma in Information Technology or Cyber Security
Experience:
-
ICT industry experience of 5-8 years.
-
5 Years experience in Cyber Security / IT Security
-
5 Years experience in Vulnerability Management
-
2 Years experience in Threat Intelligence / SOC
-
2 Years experience in Incident Response / Penetration Testing
