424 Cybersecurity Analysts jobs in South Africa

Information Security Analyst

Acacium Group – Woodstock, Cape Town

Permanent, Full Time

Salary: R35 000 per month plus amazing benefits

Unlock Your Potential

Are you a technically minded individual with a passion for cybersecurity? Are you eager to grow and develop within a global organisation?

This is an excellent entry-level opportunity to launch your career in Information Security.

As an Information Security Analyst, you will play a key role in supporting our security operations and governance frameworks. You'll work closely with both technical teams—such as Infrastructure, Service Delivery, and Application Management—and non-technical teams including Legal, Compliance, HR, Audit, and Risk. You'll also engage with end users to promote best practices and ensure ongoing compliance across the organisation.

Every Day, You Will…

• Conduct threat hunting activities to proactively identify and mitigate risks.
• Assist in security incident management, including triaging alerts and coordinating responses.
• Support regular reviews of suppliers, project risks, and user access.
• Help update IT security policies and practices.
• Deliver and assess IT Security & Cyber Awareness training, audits, and testing.
• Contribute to maintaining compliance with standards like ISO 27001, Cyber Essentials Plus, NHS DSP Toolkit, and GDPR.
• Compile monthly and quarterly security reports.
• Assist in cyber incident response and business continuity efforts.

What's In It For You?

• Hands-on technical training and exposure to a wide range of systems
• Opportunities to earn certifications in the Information Security field
• Access to senior stakeholders and involvement in impactful corporate projects
• Mentorship from experienced professionals to guide your development
• A strong focus on your career growth, with the tools, support, and guidance to help you thrive
• Unmatched career progression, thanks to being part of a global group spanning healthcare, staffing, and life sciences
• Exciting events and incentives, both locally and across the wider group
• Employer contributions to medical aid
• Subsidised transport options

Join Us and Make a Difference

Acacium Group is a global healthcare solutions partner offering staffing, managed services, and innovative delivery models to health and social care systems and the life sciences industry. We are powered by the best people and have an unrivalled and diverse range of capabilities, all while incorporating our company values into everything we do:

Putting People First, Always by Your Side, Driven by Excellence.

Join us and play a key part in shaping the future of society and improving people's lives

To Thrive in This Role, You Must Have…

• A positive, logical, and proactive approach to problem-solving
• Strong organisational and time management skills
• The ability to prioritise tasks and deliver high-quality outcomes
• Clear written communication skills, especially when creating technical documentation for non-technical audiences
• The ability to identify and manage risks within the business and Information Security framework
• Confidence and strong verbal communication skills
• CompTIA Security+
• Microsoft Security Operations Analyst

Employment Equity

The Company's approved Employment Equity Plan and Targets will be considered as part of the recruitment process. As an Equal Opportunities employer, we actively encourage and welcome people with various disabilities to apply.

Company Description

INTERCERT is a multinational company headquartered in Texas, USA, operating in over 28 countries. Founded in 2009, INTERCERT is dedicated to building a secure and sustainable world through customer-centric services. We are accredited by leading organizations, including America's accreditation board under IAF for ISO Certification Services, Cloud Security Alliance for CSA STAR Certification services, AICPA CPA Firm for SOC1 & SOC2 Audit Attestation and CREST accreditation for PEN Testing Services. Our services also encompass CMMC, PCI DSS Certification, and Data Protection compliance for standards such as GDPR, HIPAA, and Cybersecurity frameworks. With a team of over 150 experienced assessors, we deliver global assessment services with a focus on compliance and excellence.

Role Description

This is a full-time, on-site role for an Information Security Analyst / Interns at INTERCERT INC., located in South Africa. The Information Security Analyst / Intern will be responsible for day-to-day tasks such as assist with the planning and execution of GRC audits such as ISO 27001, ISO 22301, ISO 27701, SOC2, GDPR etc.

Qualifications

Bachelor's Degree or equivalent focused on Information
Security/Cybersecurity

Experience Level

0-6 months

Roles and Responsibilities

Assist with the planning and execution of GRC audits such as ISO 27001, ISO 22301, ISO 27701, SOC2, GDPR etc.

Help assess the design and effectiveness of internal controls, including business and IT controls.

Prepare reports and documentation for external audits and communicate audit findings and recommendations.

Stay updated on evolving regulatory changes, industry standards, and best practices related to GRC, risk management, and auditing.

Company Description

INTERCERT is a multinational company headquartered in Texas, USA, operating in over 28 countries. Founded in 2009, INTERCERT is dedicated to building a secure and sustainable world through customer-centric services. We are accredited by leading organizations, including America's accreditation board under IAF for ISO Certification Services, Cloud Security Alliance for CSA STAR Certification services, AICPA CPA Firm for SOC1 & SOC2 Audit Attestation and CREST accreditation for PEN Testing Services. Our services also encompass CMMC, PCI DSS Certification, and Data Protection compliance for standards such as GDPR, HIPAA, and Cybersecurity frameworks. With a team of over 150 experienced assessors, we deliver global assessment services with a focus on compliance and excellence.

Role Description

This is a full-time, remote working role for an Information Security Analyst in South Africa. The Information Security Analyst will be responsible for day-to-day tasks such as assist with the planning and execution of GRC audits such as ISO 27001, ISO 22301, ISO 27701, SOC2, GDPR etc.

Qualifications

Bachelor's Degree or equivalent focused on Information
Security / Cybersecurity

Experience Level

0-6 months

Roles and Responsibilities

Assist with the planning and execution of GRC audits such as ISO 27001, ISO 22301, ISO 27701, SOC2, GDPR etc.

Help assess the design and effectiveness of internal controls, including business and IT controls.

Prepare reports and documentation for external audits and communicate audit findings and recommendations.

Stay updated on evolving regulatory changes, industry standards, and best practices related to GRC, risk management, and auditing.

Our clients in the consulting space are on the hunt for a seasoned Senior Information Security Analyst to join their teams in the Western cape. Work and collaborate with Dynamic teams, architects and stakeholders on a hybrid model and expand your skillset exponentially.

Responsibilities:

Role Purpose

This position is responsible for performing various tasks. This role is also required to conduct ongoing research in the IT security arena and regularly assist in the sales process.The ideal candidate will be responsible for conducting comprehensive penetration tests, identifying vulnerabilities, and providing recommendations to improve security posture. The ideal candidate must have experience in all forms of complex technical security assessments of clients' information technology systems (including the Internet, Intranet, applications, hosts, firewalls, mobile applications, etc.) and related policies and procedures. They must be highly motivated and have a good command of industry best practices.

Requirements

• 5+ years of experience in penetration testing, vulnerability assessment, or a related field.
• Deep knowledge of security testing methodologies and frameworks (OWASP, NIST, etc.).
• Proficiency with advanced penetration testing tools such as Metasploit, Burp Suite, Nessus, Nmap, etc.
• Strong scripting skills (Python, Bash, PowerShell, etc.) for automating security tasks.
• In-depth understanding of network protocols, operating systems, web technologies, and cloud environments.
• CISSP and CEH certification preferred.
• OSCP, OSEP, CCSP, CRTE, CRTP, or CRTO certification or equivalent is an advantage.

Duties and Responsibilities

• Lead and conduct comprehensive penetration tests on networks, applications, and systems to identify security weaknesses.
• Develop and implement advanced security test plans, scenarios, and scripts.
• Perform in-depth vulnerability assessments and security analysis using both automated tools and manual techniques.
• Document and report security findings, providing actionable insights to clients and detailed recommendations for remediation.
• Collaborate with cross-functional teams to prioritize and resolve security vulnerabilities.
• Research and stay current with emerging security threats, vulnerabilities, and technology trends.
• Participate in security incident response activities when required.
• Assist in the development and refinement of security policies, procedures, and standards.
• Provide training, guidance, and mentorship to junior penetration testers and other security staff.
• Perform security assessments, including application scans (using tools such as Nessus, Burp Suite) and code reviews, to ensure compliance with Momentum Group's SDLC policies.
• Participate in a variety of other internal security projects and information security activities as required.

As an applicant, please verify the legitimacy of this job advert on our company career page

Job title: Information Security Architect

Contract duration: Start with 6 months

First preference: EEE candidates

Location: JHB

The Head of Security Architecture for the organization is responsible for designing, implementing, and maintaining robust security architectures that protect sensitive data in compliance with regulations such as POPIA, GDPR. This role is critical in safeguarding the confidentiality, integrity, and availability of electronic health records (EHR), patient and employee information, medical devices, and cloud-based healthcare services. The role will focus on designing and developing security architecture that aligns business and corporate security strategy. The role will collaboratively direct Security Architects, IT, and Engineers to design and build security controls and solutions compliant with approved enterprise architecture frameworks and standards across business and digital.

Key Responsibilities:

• Design and develop complex and comprehensive security architectures for our systems, applications, and infrastructure, considering both current and future needs.
• Collaborates with stakeholders, including developers, engineers, and project managers, to integrate security requirements into the system design and development lifecycle.
• Provides guidance and expertise in secure coding practices, network security, identity and access management, data protection, and other security domains.
• Model threats and risks, designing the controls necessary to mitigate them, on both an organizational and technical level – thinking like an attacker, understanding and anticipating the moves and tactics that a hacker might use to attack systems.
• Follow the architecture analysis process, which consists of research, validation, and evaluation of all new initiatives, with phase gate reviews presented to all stakeholders during key forums, including current trends such as AI and LLMS.
• Evaluates and selects security technologies, tools, and frameworks to support the organization’s security.
• Define portfolio vision and reusable security patterns aligned with the EA strategy.
• Lead architecture reviews for high-risk projects, driving recommendations to resolution.
• Advise on security controls for hybrid and cloud platforms, balancing usability, cost, and compliance.
• Defines and applies security policies, standards, and procedures to ensure compliance with industry regulations and best practices.
• Leads incident response activities, including identification, containment, eradication, and recovery, in coordination with the incident response team.
• Experience with Cloud Security platform vendors and technologies such as Azure and AWS.
• Manage security architects and mentor engineers, developers, and vendors.

What will you bring?

• Risk-based decision-making - expert in ISO 27001 / NIST / CIS controls, able to quantify and articulate risk, then select proportionate, cost-effective controls.
• Pen-testing & threat-modelling - scoping, overseeing, and translating results into enforceable patterns and backlog items.
• Influential communication - proven ability to engage C-suite and delivery stakeholders alike, adapting style to gain agreement and drive secure-by-design culture.
• Teamwork and Energy – work across different functional and business teams with effective collaboration.
• Technical depth - hands-on knowledge of cloud security, IAM, container & API security, network segmentation, encryption, and DevSecOps toolchains; capable of explaining the exploitability of complex vulnerabilities. Zero trust design thinking.
• Mentoring & governance - experience in line-managing or coaching security architects/engineers and running architecture assurance or design-review boards.
• Secure-system design leadership - demonstrable track record creating or validating architectures for large-scale, high-risk services using recognised frameworks (SABSA, TOGAF).

Requirements / Skills and Competence

• Tertiary qualification in Computer Science, Engineering, or related field (preferred)
• Minimum of 5-10 years of experience in Security Architecture.
• CISSP, CISA, CISM, or other relevant security-related designation(s) preferred.
• Certifications in CISSP-ISSAP, TOGAF, or SABSA, cloud architecture (Microsoft, AWS, GCP)
• Experience in identifying gaps in existing architectures.
• Understanding of security infrastructure in Public and Private Cloud, e.g., virtual network infrastructure, hybrid IaaS/PaaS/SaaS solutions.
• Experience in designing security architectures to mitigate threats and sound knowledge of security strategies and technologies.
• Direct the Project and Security teams with the guidance to build policies, standards, risks, and controls frameworks supporting operational requirements for the business.
• Good experience in security architecture design in Cloud and on-prem.
• Design and implementation of IOT, endpoint protection, and secure IAM.
• Understanding of authentication and authorisation technologies (SAML, LDAP, PKI, etc.) and other IAM technologies
• Understanding of the implementation, operation, and maintenance of SIEM, boundary protection technologies (firewalls, mail gateways), Antivirus, and AD security products
• Knowledge of web application architectures and threat modelling.

Our client has an EE opportunity available for an Information Security Officer based in Selby.

7 years’ experience in technology security or risk management roles of which should include:

• 4 years in technology policy writing.
• 4 years’ experience in designing, implementing and closing technology general control gaps.
• 3 years’ experience in directly assessing and communicating risk exposures and developing risk mitigation plans.
• 3 years’ experience in coordinating large projects or initiatives.
• 4 years’ experience in people management including coaching and mentoring.
• IT related bachelor’s degree or degree in computer science or IT based practice.
• Professional registration or membership in information security forums would be advantageous.
• Security related certification would be advantageous.

• Implement the Technology Strategy and innovation for your area of responsibility.
• Execute analysis and planning activities.
• Research, develop and maintain a knowledge base of the IT threat landscape, security trending, etc.
• Implement the design for your area of responsibility.
• Design and manage a road map for information security.
• Build and measure business relationships with key internal and external stakeholders.
• Provide consulting and engagement services to various business units in the procurement process.
• Establish relevant internal control metrics and audits to measure outcomes and performance related to security.
• Conduct risk and quality management.
• Develop and maintain an internal security audit framework.
• Conduct financial management.
• Provide input into the departmental budget.
• Create awareness of IT security good practices to the IT end user and technical community.

Join Interfile—South Africa’s leading Electronic Bill Presentment & Payment (EBPP) fintech—where we design, build, and run large-scale digital services used by millions, partnering with top banks, major corporates, and government. You’ll work on modern architectures across both new builds and enhancements in a culture that prizes innovation, seamless integration, and exceptional delivery. We’re customer-obsessed and known for helping organizations modernise. Our Fourways office—right across from Montecasino—offers a modern workspace with a Vitality-certified gym, canteen, and great chill areas.

Lead and continuously improve our information security posture across on-prem and cloud—covering platforms, hardware, networks, and data centres. You’ll drive vulnerability remediation through both automation and hands‑on work, ensure compliance with POPIA, and design, implement, and uplift security standards and frameworks (e.g., ISO 27001 / 27002, NIST CSF 2.0). You’ll also own risk management and incident response while championing a security‑first culture across the business.

• Conduct regular security assessments across infrastructure, applications, and data environments.
• Implement and manage SAST and DAST tools and processes.
• Track, report, and drive remediation of vulnerabilities and security issues.

• Develop and maintain dashboards and reports that clearly communicate the organization’s security posture.
• Define and track KPIs for security posture, remediation velocity, and compliance.
• Collaborate with internal teams to ensure visibility and accountability for remediation efforts.

• Design and implement automated security controls and remediation workflows.
• Work with DevOps and IT teams to integrate security into CI / CD pipelines.

• Ensure alignment with POPIA and other applicable data protection regulations.
• Support audits and compliance reporting requirements.
• Work with legal and compliance teams to ensure data handling aligns with privacy laws.

• Contribute to the design and rollout of security standards such as ISO 20027.
• Align security practices with NIST CSF 2.0 and other relevant frameworks.

• Conduct risk assessments and maintain a security risk register.
• Collaborate with business units to understand and mitigate security risks tied to operations and products.

• Develop and maintain incident response plans.
• Lead investigations into security breaches and coordinate post‑incident reviews.

• Design and deliver security awareness programs for staff.
• Promote a security‑first culture across technical and non‑technical teams.

• Assess and manage security risks related to vendors, partners, and third‑party services.
• Ensure contracts and SLAs include appropriate security clauses.

• Participate in solution architecture reviews to ensure security is embedded from the start.
• Advise on secure design patterns and threat modeling.

Bachelor’s degree in Information Security, Computer Science, or related field.

At least one security certification : CISSP, CISM, CEH, CompTIA Security+, ISO 27001 Lead Implementer (or similar).

• Proven security experience across infrastructure, applications, and data environments.
• Hands‑on with SAST / DAST tools (e.g., SonarQube, OWASP ZAP, Burp Suite).
• Strong vulnerability management and remediation workflow expertise.
• Familiarity with automation / scripting (e.g., Python, PowerShell) and CI / CD tooling.
• Working knowledge of POPIA and other data‑protection regulations.
• Experience with security frameworks (e.g., NIST CSF, ISO 27001 / 27002).
• Ability to communicate technical risks and remediation plans to non‑technical stakeholders.

• Proactive, detail‑oriented, strong sense of ownership.
• Comfortable collaborating across multiple teams and disciplines.
• Passion for security, compliance, and continuous improvement.
• Multiple or advanced security certifications.

Role Overview

Information Security Officer

Maintain Operational Systems, Networks and Security

• Facilitate annual PCI audits and ensure ongoing compliance.
• Ensure Linux systems are patched promptly and securely, coordinating through the correct change control process if customer impact is anticipated.
• Maintain and monitor Elastic SIEM, respond to alerts, and perform in-depth investigations.
• Troubleshoot system issues across all technology stacks including production / QA environments, databases, networks, and integrations.
• Deploy and manage tooling to enhance operations, security, and efficiency.
• Research and implement new tools (open source or commercial) that improve system performance, monitoring, logging, security, or compliance.
• Develop Python scripts and tools to automate repetitive tasks.
• AWS Cloud Infrastructure: Securely architect and manage AWS services, including but not limited to: VPC, EC2, ECS / Fargate, ECR; GuardDuty, CloudWatch, CloudTrail.
• Load balancers, VPNs, and WAFs.
• Maintain robust connectivity between third parties, banking partners, and on-premises data centres.
• Implement and enforce best practices in system isolation, scope reduction, and security.
• Hardware Security Modules (HSM): Support field engineers and maintain internal HSMs (Futurex, Thales).
• Conduct key management ceremonies and maintain PCI compliance.
• Security Governance & Compliance: Assist with audits and regulatory requirements including PCI-DSS & PCI+PIN, ISO 27001 (Stretch goal), GDPR.
• Maintain accurate and current documentation of infrastructure, procedures, and security policies.
• Promote a security-aware culture within the company.
• Automation & Efficiency: Implement automation to enhance both infrastructure and security management; optimise costs while maintaining high security and performance standards.
• Security Monitoring & Reporting: Ensure weekly vulnerability scans are completed, tracked, and resolved within SLA; review and sign off on daily / weekly PCI business-as-usual activities; analyse data and report security metrics monthly; collaborate with 3rd parties to complete and pass PCI certification audits.
• Review and uphold The Companys security commitments to external partners.

• Bachelors degree in Computer Science, Information Security, or related field.
• At least 3 years relevant experience in security or infrastructure roles.
• Experience in the payments or banking sector preferred.
• Familiarity with PCI audits, DevOps practices, Linux, MySQL, and AWS.

• Strong understanding of PCI-DSS requirements and security standards.
• Hands-on experience with: Linux (security patching, system administration), MySQL, AWS services and virtual networking (VPC, ALB / NLB, WAF, VPNs, etc.).
• Automation tools: CloudFormation, Ansible, Puppet, Chef.
• CI / CD: Bitbucket Pipelines, Jenkins.
• Scripting: Bash, Python.
• Containers: Docker, Kubernetes, ECS.
• Monitoring: Zabbix, Nagios.
• Logging & SIEM: ELK Stack, CloudWatch, Elastic, Splunk.