129 Cybersecurity jobs in South Africa

Key Responsibilities:
Security Monitoring

• Perform log ingestion, define use cases, and create alerts for critical assets.
• Perform daily SIEM health checks and remediate accordingly.
• Monitor security alerts and events using various tools and technologies.
• Analyze and investigate security incidents to identify potential threats.
• Collaborate with team members to develop and implement effective monitoring strategies.
• Using IOCs and threat intelligence, perform threat hunting across environment.

Incident Response

• Respond promptly to security incidents, provide initial analysis, conduct business impact assessment, isolate, eradiate and recovery from threats.
• Document and report incidents, ensuring accurate and comprehensive records.
• Follow established incident response procedures, playbooks and contribute to their enhancement.

EndPoint Protection

• Manage and maintain endpoint security and EDR solutions.
• Perform daily health checks endpoint security and EDR solutions and remediate accordingly.
• Conduct regular scans and assessments to identify and mitigate potential vulnerabilities.
• Work with IT teams to ensure endpoint security configurations align with organizational standards.

Vulnerability Management

• Assist in the identification and prioritization of vulnerabilities within the organization's infrastructure.
• Collaborate with system owners and IT teams to remediate identified vulnerabilities.
• Stay informed about the latest security threats and vulnerabilities.

Email Security

• Monitor and analyze email traffic for potential security threats.
• Respond to and mitigate email-borne security incidents.
• Work with email security solutions to enhance protection against phishing and malware attacks.

Qualifications and Experience:

• Relevant degree or advanced diploma in Computer Science, Information Systems, Business or related field, or equivalent combination of education/experience.
• One or more certifications in: EC-Council SOC, Security+, AWS Certifications, Microsoft Certifications, Google Certifications
• Must have 3-6 years' experience in a Cybersecurity related role.
• Practical experience with system monitoring SIEM, assessment, and reporting tools (ArcSight, IBM QRadar, Splunk, Sentinel, Exabeam, SIEMonster, AlientVault etc.)
• Practical experience with EDR and XDR tools.
• Proficiency in network security, operating systems, and security technologies.
• Experience with common information technologies (Windows, VMware, and Cisco as well as some UNIX, Linux).
• Experience with Vulnerability and Malware Analysis (threat and attack analysis).
• Experience with security tools (WAF, Proxy, DNS, IDS, firewalls, anti-virus, data loss prevention, etc.).
• Knowledge of Cloud Security Operations (SaaS, PaaS, IaaS), Mobile Architecture, Network and Application Security and/or Data Protection
• Technology experience to be considered; Security+; Microsoft Security Certifications (MS-SC200); Azure Certifications, Recognised SOC certification

Skills:

• Ability to work in independent environments under aggressive timelines.
• Ability to develop and maintain working relationships in a global environment.
• Excellent analytical and problem-solving skills
• Outstanding written skills for preparing reports and briefings.

Behaviours:

• Communicates Effectively - conveys information and communicates ideas in a clear, concise and impactful manner
• Decision Quality - consistently makes timely, well-rounded and informed decisions
• Ensures Accountability - takes accountability and ensures others are held to

The ideal candidate will be responsible for protecting enterprise systems, networks, and client environments from internal and external threats. This role involves proactive threat detection, vulnerability assessments, incident response, and security architecture reviews across hybrid and cloud platforms.

Key Responsibilities

· Monitor, analyze, and respond to security incidents across on-premises, cloud, and hybrid environments.

· Perform vulnerability assessments, threat modeling, and penetration testing using industry tools and frameworks.

· Implement and manage endpoint protection platforms, EDR, and SIEM systems (e.g., SentinelOne, Sophos, FortiSIEM, Microsoft Defender).

· Develop and enforce IT security policies, procedures, and awareness training programs.

· Coordinate incident response efforts and lead investigations, containment, and remediation.

· Manage firewall policies, VPN configurations, and access control across networks.

· Conduct security reviews of applications, systems, and infrastructure for compliance and best practices.

· Assist in client cybersecurity onboarding and provide expert advisory support to clients and internal teams.

· Stay current on evolving cyber threats, vulnerabilities, and regulatory compliance standards (e.g., POPIA, GDPR, ISO 27001).

· Document risks, controls, and maintain reports for audits and management dashboards.

Requirements

· Minimum 4 years' experience in cybersecurity, network security, or information security roles.

· Proficiency in configuring and maintaining firewalls, EDR, SIEM, anti-virus, and threat detection systems.

· Hands-on experience with security audits, vulnerability scanners, and compliance frameworks.

· Understanding of TCP/IP, DNS, IDS/IPS, email security, and authentication protocols.

· Experience with Microsoft 365 and Azure security tools (Defender for Endpoint, Purview, Conditional Access).

· Ability to manage and respond to incidents under pressure with clear documentation and communication.

· Strong analytical, troubleshooting, and reporting skills.

Preferred Qualifications

· Relevant certifications such as CompTIA Security+, CEH, Microsoft SC-200/SC-300, or CISSP.

· Familiarity with MDR/XDR platforms and cybersecurity frameworks (NIST, MITRE ATT&CK).

· Experience supporting cybersecurity in an MSP or client-facing environment.

Share this job as a link in your status update to LinkedIn.

Job Title

Cybersecurity Engineer

Location

King George, VA 22485 US (Primary)

Category

Information Technology

Job Type

Full-time

Staff

Education

Bachelor's Degree

Travel

Security Clearance Required

Ability to obtain and maintain a U.S. Security Clearance

Job Description

TMC Technologies is looking for a Cybersecurity Engineer to join our team supporting the mission of the Naval Surface Warfare Dahlgren Division (NSWCDD). The TMC team provides development and maintenance of tactical initiatives and baseline developments in support of Naval Weapons Systems /Combat Systems (e.g. AEGIS, Aegis BMD, FMS, etc). The Computer Program Engineering Services (CPES) provided include support for Weapon System Element and Combat System Domain Engineering, Fleet and Land Based Test Site Support.

TASKING:

Engineering support for technical implementation of cybersecurity solutions in conjunction with the Navy tactical configuration development and associated tactical applications, applying principles and techniques of network engineering, cybersecurity engineering, and systems administration.

Conduct vulnerability research, malware analysis, penetration testing, and reverse engineering development of computer network operations, as required.

Conduct installation and integration of Commercial Off-The-Shelf (COTS) cybersecurity tools and applications and perform proof-of-concept, product evaluation of those tools and applications to determine feasibility of meeting the Navy’s cybersecurity requirements.

Responsible for researching, deriving, and documenting cybersecurity requirements as they relate to Navy tactical applications at the A-Level and B-Level specifications. These cybersecurity requirements must align with Department of Navy (DoN) cybersecurity instructions 8500.1 and NAVSEA 9400.2, plus other combat system-specific requirements documented in PEO IWS 5239.1.

Responsible for mapping and evaluating specific cybersecurity guidance and controls documented in CNSSI1253, NIST 800-53, and NIST 800-125B, etc., against the associated A-level and B-level specification cybersecurity requirements.

Generate Plans of Action and Milestones (POA&Ms) for the tasking and ability to monitor and track task completion against plan and define mitigation strategies due to task re-planning

Job Requirements

Ability to obtain a Secret security clearance (US Citizenship required)

Bachelor’s Degree in Computer Science or related field

Knowledge of cybersecurity concepts that identify, exploit, protect against, or mitigate cyber security vulnerabilities

Knowledge of Virtual Machine (VM) architecture and configurations is preferred

We are equal opportunity/affirmative action employers, committed to diversity in the workplace. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, gender identity, sexual orientation, national origin, disability, or protected veteran status, or any other protected characteristic under state or local law.

Whether you’re interested in your next big role or would just like to join our network, we’d love to hear from you! #J-18808-Ljbffr

Key Responsibilities: Security Monitoring Perform log ingestion, define use cases, and create alerts for critical assets. Perform daily SIEM health checks and remediate accordingly. Monitor security alerts and events using various tools and technologies. Analyze and investigate security incidents to identify potential threats. Collaborate with team members to develop and implement effective monitoring strategies. Using IOCs and threat intelligence, perform threat hunting across environment. Incident Response Respond promptly to security incidents, provide initial analysis, conduct business impact assessment, isolate, eradiate and recovery from threats. Document and report incidents, ensuring accurate and comprehensive records. Follow established incident response procedures, playbooks and contribute to their enhancement. End Point Protection Manage and maintain endpoint security and EDR solutions. Perform daily health checks endpoint security and EDR solutions and remediate accordingly. Conduct regular scans and assessments to identify and mitigate potential vulnerabilities. Work with IT teams to ensure endpoint security configurations align with organizational standards. Vulnerability Management Assist in the identification and prioritization of vulnerabilities within the organization's infrastructure. Collaborate with system owners and IT teams to remediate identified vulnerabilities. Stay informed about the latest security threats and vulnerabilities. Email Security Monitor and analyze email traffic for potential security threats. Respond to and mitigate email-borne security incidents. Work with email security solutions to enhance protection against phishing and malware attacks. Qualifications and Experience: Relevant degree or advanced diploma in Computer Science, Information Systems, Business or related field, or equivalent combination of education/experience. One or more certifications in: EC-Council SOC, Security+, AWS Certifications, Microsoft Certifications, Google Certifications Must have 3-6 years' experience in a Cybersecurity related role. Practical experience with system monitoring SIEM, assessment, and reporting tools (Arc Sight, IBM QRadar, Splunk, Sentinel, Exabeam, SIEMonster, Alient Vault etc.) Practical experience with EDR and XDR tools. Proficiency in network security, operating systems, and security technologies. Experience with common information technologies (Windows, VMware, and Cisco as well as some UNIX, Linux). Experience with Vulnerability and Malware Analysis (threat and attack analysis). Experience with security tools (WAF, Proxy, DNS, IDS, firewalls, anti-virus, data loss prevention, etc.). Knowledge of Cloud Security Operations (Saa S, Paa S, Iaa S), Mobile Architecture, Network and Application Security and/or Data Protection Technology experience to be considered; Security+; Microsoft Security Certifications (MS-SC200); Azure Certifications, Recognised SOC certification Skills: Ability to work in independent environments under aggressive timelines. Ability to develop and maintain working relationships in a global environment. Excellent analytical and problem-solving skills Outstanding written skills for preparing reports and briefings. Behaviours: Communicates Effectively - conveys information and communicates ideas in a clear, concise and impactful manner Decision Quality - consistently makes timely, well-rounded and informed decisions Ensures Accountability - takes accountability and ensures others are held to

Share this job as a link in your status update to Linked In. Job Title Cybersecurity Engineer Location King George, VA 22485 US (Primary)Category Information Technology Job Type Full-time Staff Education Bachelor's Degree Travel Security Clearance Required Ability to obtain and maintain a U. S. Security Clearance Job Description TMC Technologies is looking for a Cybersecurity Engineer to join our team supporting the mission of the Naval Surface Warfare Dahlgren Division (NSWCDD). The TMC team provides development and maintenance of tactical initiatives and baseline developments in support of Naval Weapons Systems /Combat Systems (e.g. AEGIS, Aegis BMD, FMS, etc). The Computer Program Engineering Services (CPES) provided include support for Weapon System Element and Combat System Domain Engineering, Fleet and Land Based Test Site Support. TASKING: Engineering support for technical implementation of cybersecurity solutions in conjunction with the Navy tactical configuration development and associated tactical applications, applying principles and techniques of network engineering, cybersecurity engineering, and systems administration. Conduct vulnerability research, malware analysis, penetration testing, and reverse engineering development of computer network operations, as required. Conduct installation and integration of Commercial Off-The-Shelf (COTS) cybersecurity tools and applications and perform proof-of-concept, product evaluation of those tools and applications to determine feasibility of meeting the Navy’s cybersecurity requirements. Responsible for researching, deriving, and documenting cybersecurity requirements as they relate to Navy tactical applications at the A-Level and B-Level specifications. These cybersecurity requirements must align with Department of Navy (Do N) cybersecurity instructions 8500.1 and NAVSEA 9400.2, plus other combat system-specific requirements documented in PEO IWS 5239.1. Responsible for mapping and evaluating specific cybersecurity guidance and controls documented in CNSSI1253, NIST 800-53, and NIST 800-125 B, etc., against the associated A-level and B-level specification cybersecurity requirements. Generate Plans of Action and Milestones (POA&Ms) for the tasking and ability to monitor and track task completion against plan and define mitigation strategies due to task re-planning Job Requirements Ability to obtain a Secret security clearance (US Citizenship required) Bachelor’s Degree in Computer Science or related field Knowledge of cybersecurity concepts that identify, exploit, protect against, or mitigate cyber security vulnerabilities Knowledge of Virtual Machine (VM) architecture and configurations is preferred We are equal opportunity/affirmative action employers, committed to diversity in the workplace. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, gender identity, sexual orientation, national origin, disability, or protected veteran status, or any other protected characteristic under state or local law. Whether you’re interested in your next big role or would just like to join our network, we’d love to hear from you! #J-18808-Ljbffr

Share this job as a link in your status update to Linked In. Job Title Cybersecurity Engineer Location King George, VA 22485 US (Primary)Category Information Technology Job Type Full-time Staff Education Bachelor's Degree Travel Security Clearance Required Ability to obtain and maintain a U. S. Security Clearance Job Description TMC Technologies is looking for a Cybersecurity Engineer to join our team supporting the mission of the Naval Surface Warfare Dahlgren Division (NSWCDD). The TMC team provides development and maintenance of tactical initiatives and baseline developments in support of Naval Weapons Systems /Combat Systems (e.g. AEGIS, Aegis BMD, FMS, etc). The Computer Program Engineering Services (CPES) provided include support for Weapon System Element and Combat System Domain Engineering, Fleet and Land Based Test Site Support. TASKING: Engineering support for technical implementation of cybersecurity solutions in conjunction with the Navy tactical configuration development and associated tactical applications, applying principles and techniques of network engineering, cybersecurity engineering, and systems administration. Conduct vulnerability research, malware analysis, penetration testing, and reverse engineering development of computer network operations, as required. Conduct installation and integration of Commercial Off-The-Shelf (COTS) cybersecurity tools and applications and perform proof-of-concept, product evaluation of those tools and applications to determine feasibility of meeting the Navy’s cybersecurity requirements. Responsible for researching, deriving, and documenting cybersecurity requirements as they relate to Navy tactical applications at the A-Level and B-Level specifications. These cybersecurity requirements must align with Department of Navy (Do N) cybersecurity instructions 8500.1 and NAVSEA 9400.2, plus other combat system-specific requirements documented in PEO IWS 5239.1. Responsible for mapping and evaluating specific cybersecurity guidance and controls documented in CNSSI1253, NIST 800-53, and NIST 800-125 B, etc., against the associated A-level and B-level specification cybersecurity requirements. Generate Plans of Action and Milestones (POA&Ms) for the tasking and ability to monitor and track task completion against plan and define mitigation strategies due to task re-planning Job Requirements Ability to obtain a Secret security clearance (US Citizenship required) Bachelor’s Degree in Computer Science or related field Knowledge of cybersecurity concepts that identify, exploit, protect against, or mitigate cyber security vulnerabilities Knowledge of Virtual Machine (VM) architecture and configurations is preferred We are equal opportunity/affirmative action employers, committed to diversity in the workplace. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, gender identity, sexual orientation, national origin, disability, or protected veteran status, or any other protected characteristic under state or local law. Whether you’re interested in your next big role or would just like to join our network, we’d love to hear from you! #J-18808-Ljbffr

Company Description

Aspen TESS is Aspen's technology enabled shared services business, established to be a partner in unlocking business value through digital innovation and process efficiency. Aspen TESS will eliminate repetitive effort and use technology to optimize standardized processes, by delivering cost-effective services and innovative solutions to Aspen business units globally. 

OBJECTIVE

The Cybersecurity Engineer plays a crucial role in protecting Aspen’s infrastructure by implementing, maintaining, and enhancing security technologies and processes. This role works closely with the SOC, IT, and Compliance teams to ensure systems and data remain secure and threats are identified and mitigated.

p>Below is a general description of the key responsibilities, qualifications, and skills needed for this role:

KEY RESPONSIBILITIES

Incident Response and Escalation

• Act as a Tier 2/3 escalation point for complex security incidents raised by the SOC or IT teams.
• Lead and support incident response activities, including forensic analysis and root cause investigation.
• Support red/blue team exercises to test and improve detection, response, and defense capabilities.

Security Platform Management

• Manage configurations and policies for the Cyber Security platforms, ensuring optimal performance and alignment with security standards.

Vulnerability Management

• Analyze vulnerability scan reports to identify and assess security weaknesses.
• Coordinate remediation efforts with relevant teams and ensure timely closure of vulnerabilities

Secure Systems and Network Configuration

• Collaborate with IT teams to implement secure system and network configurations, following industry best practices and compliance requirements.

Training and Mentorship

• Provide training and mentorship to junior analysts, fostering their professional development and enhancing team capabilities.

Project Involvement

• Participate in cross-functional IT and business projects to ensure security requirements are identified, integrated, and enforced throughout the project lifecycle

SKILLS AND COMPETENCIES:

• Hands-on experience with Cisco Umbrella, Defender for Endpoint, Identity, Office, and Sentinel.
• Working knowledge of SIEM, SOAR, EDR, vulnerability and data protection tools.
• Scripting skills (e.g., PowerShell, Python, KQL) for automation and threat hunting.
• Strong understanding of networking, authentication, certificates and cloud security principles.
• Familiarity with MITRE ATT&CK, NIST CSF, and other industry frameworks.
• Strong analytical and problem-solving skills.
• Clear and concise communication for incident handling and documentation.
• Collaborative mindset with the ability to work independently when required.
• Effective multitasking under pressure.

QUALIFICATIONS & EXPERIENCE

• Bachelor’s degree in Computer Science, Information Technology, or related field (or equivalent experience).
li>Preferred certifications:

Microsoft Certified: Security Operations Analyst Associate

Microsoft Security, Compliance, and Identity Fundamentals

Cisco Certified CyberOps Associate or CCNP Security

CompTIA Security+, CySA+, or similar

Canonical Cape Town, Western Cape, South Africa

Join or sign in to find your next job

Join to apply for the Threat Intelligence Lead role at Canonical

Continue with Google Continue with Google

Canonical Cape Town, Western Cape, South Africa

Join to apply for the Threat Intelligence Lead role at Canonical

Get AI-powered advice on this job and more exclusive features.

Sign in to access AI-powered advices

Continue with Google Continue with Google

Continue with Google Continue with Google

Continue with Google Continue with Google

Continue with Google Continue with Google

Continue with Google Continue with Google

Continue with Google Continue with Google

The Threat Intelligence Lead will own Canonical's threat intelligence strategy and execution, including understanding of which cyber threat actors are targeting Canonical, and the use of intelligence on Tactics, Techniques and Procedures (TTP) to better our products and internal cybersecurity controls. You will collaborate with internal stakeholders as well as with the wider cybersecurity community, making sure that Canonical is recognised as a thought leader on open source threat intelligence.

This role will report to the CISO.

You will lead intelligence gathering and development activities on threat actors targeting software supply chains. You'll study attack trends across the wider open source software landscape, report findings to internal security teams, and advise the wider engineering community on the best course of action to detect and mitigate possible threats.

As the publisher of Ubuntu, Canonical products are directly or indirectly present in almost every organisation and household in the world, making them a prime target for threat actors. This team's mission is to help Canonical, and by extension countless community members and companies around the world, secure their software infrastructure.

What you'll do in this role

• Build and own Canonical's threat intelligence strategy
• Build and maintain OSINT research environments
• Develop OSINT tradecraft, principals, and techniques
• Identify and track targeted intrusion cyber threats, trends, and new developments by cyber threat actors through analysis of proprietary and open source datasets
• Collaborate across teams to inform on activity of interest
• Coordinate adversary/campaign tracking
• Contribute to the wider threat intelligence community, establishing Canonical as a key contributor and thought leader in the space
• Work with product and engineering teams to explain cybersecurity threats and advise on mitigation strategies
• Work with the OPSEC and IS team to help implement/update security controls prioritising cyber defence
• Identify intelligence gaps and propose new tools and research projects to fill them
• Conduct briefings for executives, internal stakeholders and external customers
  
  

The successful Threat Intelligence Lead will be

• An experienced threat intelligence leader (or similar)
• Knowledgeable about the current open source threat landscape and computer networking/infrastructure concepts
• Highly competent with OSINT tools (e.g., Buscador, Trace Labs OSINT VM, OSINT Framework, Maltego, Shodan, social media scraping tools, etc.)
• Able to identify, organise, catalogue, and track adversary tradecraft trends — often with incomplete data
• Experienced using threat intelligence data to influence enterprise architecture or product development decisions
• An excellent communicator with the ability to clearly articulate and tailor technical content to a variety of audiences
• Able to travel twice a year, for company events up to two weeks long
  
  

Desired Characteristics

• A professional portfolio of OSINT related scripts, tools, or frameworks
• Demonstrated involvement in the larger OSINT community (please share relevant links)
• Degree qualified, with a bachelor's degree in computer science, information security, or a related field
• Certifications in related areas (e.g. GOSI, SANS SEC487 & SEC587, IntelTechniques OSIP, etc)
• Experience in a tech company or government/military signal intelligence departments
  
  

What we offer you

We consider geographical location, experience, and performance in shaping compensation worldwide. We revisit compensation annually (and more often for graduates and associates) to ensure we recognise outstanding performance. In addition to base pay, we offer a performance-driven annual bonus. We provide all team members with additional benefits, which reflect our values and ideals. We balance our programs to meet local needs and ensure fairness globally.

• Distributed work environment with twice-yearly team sprints in person
• Personal learning and development budget of USD 2,000 per year
• Annual compensation review
• Recognition rewards
• Annual holiday leave
• Maternity and paternity leave
• Employee Assistance Programme
• Opportunity to travel to new locations to meet colleagues
• Priority Pass, and travel upgrades for long haul company events
  
  

About Canonical

Canonical is a pioneering tech firm at the forefront of the global move to open source. As the company that publishes Ubuntu, one of the most important open source projects and the platform for AI, IoT and the cloud, we are changing the world on a daily basis. We recruit on a global basis and set a very high standard for people joining the company. We expect excellence - in order to succeed, we need to be the best at what we do. Canonical has been a remote-first company since its inception in 2004. Working here is a step into the future, and will challenge you to think differently, work smarter, learn new skills, and raise your game.

Canonical is an equal opportunity employer

We are proud to foster a workplace free from discrimination. Diversity of experience, perspectives, and background create a better work environment and better products. Whatever your identity, we will give your application fair consideration.

Seniority level

• Seniority level Mid-Senior level

Employment type

• Employment type Full-time

Job function

• Job function Information Technology
• Industries Software Development

Referrals increase your chances of interviewing at Canonical by 2x

Get notified about new Threat Intelligence Lead jobs in Cape Town, Western Cape, South Africa .

We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.

#J-18808-Ljbffr

Canonical Cape Town, Western Cape, South Africa Join or sign in to find your next job Join to apply for the Threat Intelligence Lead role at Canonical Continue with Google Continue with Google Canonical Cape Town, Western Cape, South Africa Join to apply for the Threat Intelligence Lead role at Canonical Get AI-powered advice on this job and more exclusive features. Sign in to access AI-powered advices Continue with Google Continue with Google Continue with Google Continue with Google Continue with Google Continue with Google Continue with Google Continue with Google Continue with Google Continue with Google Continue with Google Continue with Google The Threat Intelligence Lead will own Canonical's threat intelligence strategy and execution, including understanding of which cyber threat actors are targeting Canonical, and the use of intelligence on Tactics, Techniques and Procedures (TTP) to better our products and internal cybersecurity controls. You will collaborate with internal stakeholders as well as with the wider cybersecurity community, making sure that Canonical is recognised as a thought leader on open source threat intelligence.This role will report to the CISO.You will lead intelligence gathering and development activities on threat actors targeting software supply chains. You'll study attack trends across the wider open source software landscape, report findings to internal security teams, and advise the wider engineering community on the best course of action to detect and mitigate possible threats.As the publisher of Ubuntu, Canonical products are directly or indirectly present in almost every organisation and household in the world, making them a prime target for threat actors. This team's mission is to help Canonical, and by extension countless community members and companies around the world, secure their software infrastructure.What you'll do in this roleBuild and own Canonical's threat intelligence strategy Build and maintain OSINT research environments Develop OSINT tradecraft, principals, and techniques Identify and track targeted intrusion cyber threats, trends, and new developments by cyber threat actors through analysis of proprietary and open source datasets Collaborate across teams to inform on activity of interest Coordinate adversary/campaign tracking Contribute to the wider threat intelligence community, establishing Canonical as a key contributor and thought leader in the space Work with product and engineering teams to explain cybersecurity threats and advise on mitigation strategies Work with the OPSEC and IS team to help implement/update security controls prioritising cyber defence Identify intelligence gaps and propose new tools and research projects to fill them Conduct briefings for executives, internal stakeholders and external customers The successful Threat Intelligence Lead will beAn experienced threat intelligence leader (or similar) Knowledgeable about the current open source threat landscape and computer networking/infrastructure concepts Highly competent with OSINT tools (e.g., Buscador, Trace Labs OSINT VM, OSINT Framework, Maltego, Shodan, social media scraping tools, etc.) Able to identify, organise, catalogue, and track adversary tradecraft trends — often with incomplete data Experienced using threat intelligence data to influence enterprise architecture or product development decisions An excellent communicator with the ability to clearly articulate and tailor technical content to a variety of audiences Able to travel twice a year, for company events up to two weeks long Desired CharacteristicsA professional portfolio of OSINT related scripts, tools, or frameworks Demonstrated involvement in the larger OSINT community (please share relevant links) Degree qualified, with a bachelor's degree in computer science, information security, or a related field Certifications in related areas (e.g. GOSI, SANS SEC487 & SEC587, Intel Techniques OSIP, etc) Experience in a tech company or government/military signal intelligence departments What we offer youWe consider geographical location, experience, and performance in shaping compensation worldwide. We revisit compensation annually (and more often for graduates and associates) to ensure we recognise outstanding performance. In addition to base pay, we offer a performance-driven annual bonus. We provide all team members with additional benefits, which reflect our values and ideals. We balance our programs to meet local needs and ensure fairness globally.Distributed work environment with twice-yearly team sprints in person Personal learning and development budget of USD 2,000 per year Annual compensation review Recognition rewards Annual holiday leave Maternity and paternity leave Employee Assistance Programme Opportunity to travel to new locations to meet colleagues Priority Pass, and travel upgrades for long haul company events About CanonicalCanonical is a pioneering tech firm at the forefront of the global move to open source. As the company that publishes Ubuntu, one of the most important open source projects and the platform for AI, Io T and the cloud, we are changing the world on a daily basis. We recruit on a global basis and set a very high standard for people joining the company. We expect excellence - in order to succeed, we need to be the best at what we do. Canonical has been a remote-first company since its inception in 2004. Working here is a step into the future, and will challenge you to think differently, work smarter, learn new skills, and raise your game.Canonical is an equal opportunity employerWe are proud to foster a workplace free from discrimination. Diversity of experience, perspectives, and background create a better work environment and better products. Whatever your identity, we will give your application fair consideration.Seniority level Seniority level Mid-Senior level Employment type Employment type Full-time Job function Job function Information Technology Industries Software Development Referrals increase your chances of interviewing at Canonical by 2x Get notified about new Threat Intelligence Lead jobs in Cape Town, Western Cape, South Africa . We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI. #J-18808-Ljbffr