7 Security Intelligence jobs in South Africa

Make an impact with NTT DATA

Join a company that is pushing the boundaries of what is possible. We are renowned for our technical excellence and leading innovations, and for making a difference to our clients and society. Our workplace embraces diversity and inclusion – it's a place where you can grow, belong and thrive.

Your day at NTT DATA

The Associate Information Security Incident Response Analyst is an entry level subject matter expert, responsible for assisting with the detection and monitoring of threats and suspicious activity affecting the organization's technology domain.

This role acts as the technical first responder by supporting the work of technical staff from various business areas as well as third-party technical experts.

This role uses their technical competencies of systems and automated mechanisms to detect unauthorized activity on company's information assets.

Key responsibilities:

• Assists with the prevention and resolution of security breaches and ensures incident and problem management processes are initiated.
• Supports access management activities according to the policy.
• Assists with the implementation of and discusses security service audit schedules, review access authorization and performs the required access controls and testing to identify security weaknesses.
• Interacts with a global team of Cyber Security Analysts and specialists.
• Notifies internal and/or external teams according to agreed alert priority levels, escalation trees, 1st level triaging of security alerts, events, and notifications.
• Communicates status of response, resolution and final root cause analysis to the appropriate stakeholders.
• Ability to follow and update established and/or ad-hoc processes and work instructions and create procedures where deficiencies are identified.
• Logs, manages and coordinates service requests through to resolution including the identification, isolation, resolution and escalation of IT infrastructure faults.

To thrive in this role, you need to have:

• Knowledge of technological advances within the information security arena.
• Understanding of inter-relationships in an overall system or process.
• Knowledge of information security management and policies.
• Maintain an understanding of current and emerging threats, vulnerabilities, and trends.

Academic qualifications and certifications:

• Bachelor's degree or equivalent in Information Technology, Computer Science or related preferred.
• SANS GIAC Security Essentials (GSEC) or equivalent preferred.
• SANS GIAC Certified Intrusion Analyst (GCIA) or equivalent preferred.
• SANS GIAC Certified Incident Handler (GCIH) or equivalent preferred.

Required experience:

• Entry level experience in a Technology Information Security Industry.
• Experience using End Point Protection Software.
• Experience using Enterprise Detection & Response software.
• Experience or knowledge of SIEM and IPS technologies.
• Experience with Wireshark or tcpdump to identify normal and abnormal/malicious traffic patterns and behaviors.

Workplace type:

Hybrid Working

About NTT DATA

NTT DATA is a $30+ billion trusted global innovator of business and technology services. We serve 75% of the Fortune Global 100 and are committed to helping clients innovate, optimize and transform for long-term success. We invest over $3.6 billion each year in R&D to help organizations and society move confidently and sustainably into the digital future. As a Global Top Employer, we have diverse experts in more than 50 countries and a robust partner ecosystem of established and start-up companies. Our services include business and technology consulting, data and artificial intelligence, industry solutions, as well as the development, implementation and management of applications, infrastructure, and connectivity. We are also one of the leading providers of digital and AI infrastructure in the world. NTT DATA is part of NTT Group and headquartered in Tokyo.

Equal Opportunity Employer

NTT DATA is proud to be an Equal Opportunity Employer with a global culture that embraces diversity. We are committed to providing an environment free of unfair discrimination and harassment. We do not discriminate based on age, race, colour, gender, sexual orientation, religion, nationality, disability, pregnancy, marital status, veteran status, or any other protected category. Join our growing global team and accelerate your career with us. Apply today.

Third parties fraudulently posing as NTT DATA recruiters

NTT DATA recruiters will never ask job seekers or candidates for payment or banking information during the recruitment process, for any reason. Please remain vigilant of third parties who may attempt to impersonate NTT DATA recruiters—whether in writing or by phone—in order to deceptively obtain personal data or money from you. All email communications from an NTT DATA recruiter will come from an email address. If you suspect any fraudulent activity, please contact us .

Make an impact with NTT DATA
Join a company that is pushing the boundaries of what is possible. We are renowned for our technical excellence and leading innovations, and for making a difference to our clients and society. Our workplace embraces diversity and inclusion – it's a place where you can grow, belong and thrive.

Your day at NTT DATA
The Associate Information Security Incident Response Analyst is an entry level subject matter expert, responsible for assisting with the detection and monitoring of threats and suspicious activity affecting the organization's technology domain.

This role acts as the technical first responder by supporting the work of technical staff from various business areas as well as third-party technical experts.

This role uses their technical competencies of systems and automated mechanisms to detect unauthorized activity on company's information assets.

Key responsibilities:

• Assists with the prevention and resolution of security breaches and ensures incident and problem management processes are initiated.
• Supports access management activities according to the policy.
• Assists with the implementation of and discusses security service audit schedules, review access authorization and performs the required access controls and testing to identify security weaknesses.
• Interacts with a global team of Cyber Security Analysts and specialists.
• Notifies internal and/or external teams according to agreed alert priority levels, escalation trees, 1st level triaging of security alerts, events, and notifications.
• Communicates status of response, resolution and final root cause analysis to the appropriate stakeholders.
• Ability to follow and update established and/or ad-hoc processes and work instructions and create procedures where deficiencies are identified.
• Logs, manages and coordinates service requests through to resolution including the identification, isolation, resolution and escalation of IT infrastructure faults.

To thrive in this role, you need to have:

• Knowledge of technological advances within the information security arena.
• Understanding of inter-relationships in an overall system or process.
• Knowledge of information security management and policies.
• Maintain an understanding of current and emerging threats, vulnerabilities, and trends.

Academic qualifications and certifications:

• Bachelor's degree or equivalent in Information Technology, Computer Science or related preferred.
• SANS GIAC Security Essentials (GSEC) or equivalent preferred.
• SANS GIAC Certified Intrusion Analyst (GCIA) or equivalent preferred.
• SANS GIAC Certified Incident Handler (GCIH) or equivalent preferred.

Required experience:

• Entry level experience in a Technology Information Security Industry.
• Experience using End Point Protection Software.
• Experience using Enterprise Detection & Response software.
• Experience or knowledge of SIEM and IPS technologies.
• Experience with Wireshark or tcpdump to identify normal and abnormal/malicious traffic patterns and behaviors.

Workplace type:
Hybrid Working

About NTT DATA
NTT DATA is a $30+ billion trusted global innovator of business and technology services. We serve 75% of the Fortune Global 100 and are committed to helping clients innovate, optimize and transform for long-term success. We invest over $3.6 billion each year in R&D to help organizations and society move confidently and sustainably into the digital future. As a Global Top Employer, we have diverse experts in more than 50 countries and a robust partner ecosystem of established and start-up companies. Our services include business and technology consulting, data and artificial intelligence, industry solutions, as well as the development, implementation and management of applications, infrastructure, and connectivity. We are also one of the leading providers of digital and AI infrastructure in the world. NTT DATA is part of NTT Group and headquartered in Tokyo.

Equal Opportunity Employer
NTT DATA is proud to be an Equal Opportunity Employer with a global culture that embraces diversity. We are committed to providing an environment free of unfair discrimination and harassment. We do not discriminate based on age, race, colour, gender, sexual orientation, religion, nationality, disability, pregnancy, marital status, veteran status, or any other protected category. Join our growing global team and accelerate your career with us. Apply today.

Third parties fraudulently posing as NTT DATA recruiters
NTT DATA recruiters will never ask job seekers or candidates for payment or banking information during the recruitment process, for any reason. Please remain vigilant of third parties who may attempt to impersonate NTT DATA recruiters—whether in writing or by phone—in order to deceptively obtain personal data or money from you. All email communications from an NTT DATA recruiter will come from an

email address. If you suspect any fraudulent activity, please
contact us
.

About Us
Integrity360 is the largest independent cyber security provider in Europe, with a growing international presence spanning the UK, Ireland, mainland Europe, Africa and the Caribbean. With over 700 employees, across 12 locations, and six Security Operations Centres (SOCs)—including locations in Dublin, Sofia, Stockholm, Madrid, Naples and Cape Town—we support more than 2,500 clients across a wide range of industries.

Over 80% of our team are technical experts, focused on helping clients proactively identify, protect, detect and respond to threats in an ever-evolving cyber landscape. Our security-first approach positions cyber resilience as a business enabler, empowering organisations to operate with confidence.

At Integrity360, people come first. We invest heavily in learning, development and progression, fostering a dynamic culture where innovation, collaboration and continuous growth are at the heart of what we do. If you're ready to take your cyber security career to the next level, we'd love to hear from you.

Job Role

The Senior Cyber Incident Response Analyst will work within established methodologies to perform a variety of Incident Response related activities for new and existing customers, to include responding to cyber incidents, proactively hunting for adversaries in customer networks, conducting detailed Intrusion analysis – host and network, malware reverse engineering, Digital forensics and Cyber Threat Intelligence services.

Proactive client services, such as compromise assessments and evaluating and recommending tools and technology for incident response are also in scope. Demonstration of a strong comprehension of malware, emerging threats and adversary TTPs will be critical to success.

Responsibilities

• Customer focus - have the ability to work directly with customers and demonstrate services delivered to customers in a face-to-face setting when required.
• You will have the capacity to multitask on several technical and operational issues simultaneously.
• Have a very good understanding of customer issues and you are able to empathize with customers as to their current situation.
• Ability to think through difficult issues and provide advice or when necessary.
• A clear understanding of the ITIL processes.
• Ability to work on assignments requiring sound judgement in resolving issues or in making recommendations.
• Initiative to drive all incidents to resolution, ensuring timely participation by all stakeholders.
• Without hesitation when required, escalate issues to upper management, to include C-Level managers, in accordance with prescribed procedures.
• Incident Management and Incident communication experience.
• Experienced in meeting deadlines while following processes and procedures.
• Capable of working with other teams that challenge your processes and procedures.
• Understanding of ITIL, SANS, PCI DSS, ISO 27001 and ISO2000.
• Logical thought mindset and experience developing reusable processes / data architectures.

Requirements

• Host Intrusion Analysis:

• Windows (Endpoint and Server)

• Unix
• Network Intrusion Analysis.
• Familiarity with categories of Malware and Malware Reverse Engineering techniques.
• Experience working with security tools for the purposes of detection, diagnosis, containment and remediation.
• Extensive knowledge of Windows server systems.
• Experienced in creating and maintaining a security incident response plan (IRP).

Certifications/Qualifications

• SANS: Qualifications in Security Essentials (GSEC), Hacker Techniques & Incident Handling (GCIH), Host (GCFE/GCFA) & Network (GNFA) Forensics, Malware Analysis (GREM) and any Digital Forensics specializations.
• EC Council Certifications.
• A strong team player with a flexible approach.
• Can demonstrate consistency in work attitude.

Title:
Senior Cyber Incident Response Analyst

Location:
Cape Town or Johannesburg, South Africa

Salary:
Negotiable / DOE

About Us
Integrity360 is the largest independent cyber security provider in Europe, with a growing international presence spanning the UK, Ireland, mainland Europe, Africa and the Caribbean. With over 700 employees, across 12 locations, and six Security Operations Centres (SOCs)—including locations in Dublin, Sofia, Stockholm, Madrid, Naples and Cape Town—we support more than 2,500 clients across a wide range of industries.

Over 80% of our team are technical experts, focused on helping clients proactively identify, protect, detect and respond to threats in an ever-evolving cyber landscape. Our security-first approach positions cyber resilience as a business enabler, empowering organisations to operate with confidence.

At Integrity360, people come first. We invest heavily in learning, development and progression, fostering a dynamic culture where innovation, collaboration and continuous growth are at the heart of what we do. If you're ready to take your cyber security career to the next level, we'd love to hear from you.

Job Role / Responsibilities

The Senior Cyber Incident Response Analyst will work within established methodologies to perform a variety of Incident Response related activities for new and existing customers, to include responding to cyber incidents, proactively hunting for adversaries in customer networks, conducting detailed Intrusion analysis – host and network, malware reverse engineering, Digital forensics and Cyber Threat Intelligence services.

Proactive client services, such as compromise assessments and evaluating and recommending tools and technology for incident response are also in scope. Demonstration of a strong comprehension of malware, emerging threats and adversary TTPs will be critical to success.

Desired Skills

• Customer focus - have the ability to work directly with customers and demonstrate services delivered to customers in a face to face setting when required.
• You will have the capacity to multitask on several technical and operational issues simultaneously. Have a very good understanding of customer issues and you are able to empathize with customers as to their current situation.
• Ability to think through difficult issues and provide advice or when necessary
• A clear understanding of the ITIL processes
• Ability to work on assignments requiring sound judgement in resolving issues or in making recommendations;
• Initiative to drive all incidents to resolution, ensuring timely participation by all stakeholders;
• Without hesitation when required, escalate issues to upper management, to include C-Level managers, in accordance with prescribed procedures.
• Incident Management and Incident communication experience
• Experienced in meeting deadlines while following processes and procedures
• Capable of working with other teams that challenge your processes and procedures
• Understanding of ITIL, SANS, PCI DSS, ISO 27001 and ISO2000
• Logical thought mindset and experience developing reusable processes / data architectures.

Technical Knowledge Requirements

• Host Intrusion Analysis

• Windows (Endpoint and Server)

• Unix

• Network Intrusion Analysis

• Familiarity with categories of Malware and Malware Reverse Engineering techniques
• Experience working with security tools for the purposes of detection, diagnosis, containment and remediation
• Extensive knowledge of Windows server systems.
• Experienced in creating and maintaining a security incident response plan (IRP).

Certifications/Qualifications

• SANS: Qualifications in Security Essentials (GSEC), Hacker Techniques & Incident Handling (GCIH), Host (GCFE/GCFA) & Network (GNFA) Forensics, Malware Analysis (GREM) and any Digital Forensics specializations.
• CREST certifications: Certified Incident Manager, Certified Host Intrusion Analyst, Certified Network Intrusion Analyst, Certified Malware Reverse Engineer, Practitioner Intrusion Analyst, Registered Intrusion Analyst
• Certified Ethical Hacker
• A strong team player with a flexible approach
• Can demonstrate consistency in work attitude

Purpose of the Job:

The ICT Security Engineer: Analysis and Support, will play a critical role in safeguarding the organisation's information and cyber security posture. This position is primarily responsible for the Security Operations Centre (SOC) and support, cyber threat analysis and investigative activities to manage the security events and incidents. This role will also be responsible for the training programme to encourage a culture of cyber security awareness, compliance to policies, standards procedures and regulatory requirements. The successful candidate will collaborate with cross-functional teams and stakeholders for security project initiatives and to facilitate mitigation plans across the organisation. The person appointed to this role will report to the Departmental Head: ICT Security and Risk.

Key Performance Areas:

• Monitor the cyber security operations center and respond to the security incident response actions.
• Coordinate the cyber security incident response (CSIRT), periodically update the cyber security incident response plan (CSIRP) and Crisis Management Plan (CMP) as required.
• Coordinate the periodic security penetration testing and security vulnerability remediation activities.
• Manage and maintain optimal performance of the Security Operations Center solutions (log collector agents, SIEM, XDR and Vulnerability Management)
• Define and develop the annual cyber security awareness programme, calendar and publish awareness content to the organisation.
• Perform a review of ICT security policies, standards and procedures as required and in line with industry frameworks (NIST CSF, ISO27001, COBIT).
• Coordinate information technology general control (ITGC) requests for governance, assurance, business resilience audit and control assessments.
• Collaborate with cross-functional teams to ensure security-by-design for project initiatives.
• Prepare monthly operational ICT security and cyber threat intelligence reports.

Other Key Competencies:

The candidate must demonstrate the following skills and attributes: Good verbal and written communication skills, interpersonal skills, and must collaborate effectively with other team members. The candidate must be energetic, have the ability to learn new concepts fast, work independently and under pressure when it is required.

FSCA is committed to increasing the representation of marginalized groups in line with its Employment Equity Plan. People with disabilities are encouraged to apply.

Please note that correspondence and communication will only be conducted with shortlisted candidates and that the FSCA reserves the right not to appoint if a suitable candidate is not identified.

A Diploma or Degree in Computer Science, Information Technology, or a related field. Equivalent qualifications will also be considered. Valid Certified Ethical Hacker (CEH), Offensive Security Certified Professional (OSCP) or CompTIA PenTest+ certification is required. Additional certifications such as ISC2 SSCP or other relevant information security credentials are advantageous. Minimum of 3 years' hands-on experience in information and cyber security operations. Proven experience in managing cybersecurity awareness programs, including phishing simulation campaigns. Familiarity with key industry regulations and frameworks, including but not limited to: ISO/IEC27001, NIST CSF, PCI-DSS, MITRE ATT$CK and COBIT. Understanding and development of IT security policies, standards, and procedures is beneficial. Experience with multiple operating systems, including Windows, Red Hat, Debian and other Unix-based platforms is advantageous.

Closing Date: 21 October 2025.

Structural Information
Job number:

Job title:
Specialist: Cyber Incident and Threat Intelligence

Job grade:
S5

Group/ BU:
Corporate

Division:
CIO

Span of control:
0-5

Reports to:
Senior Management

Core Description
Responsible for identifying, analyzing, and responding to cyber threats and incidents targeting the organization. This role combines deep technical expertise with investigative skills to monitor threat landscapes, detect malicious activities, and provide actionable intelligence to improve the organization's cybersecurity posture. Works closely with SOC teams, digital forensics, and other cybersecurity functions to ensure proactive threat detection and effective incident response.

Job Responsibilities

• Oversee the planning, design, implementation, testing, and operation of cyber breach resilience processes and systems on networks and applications.
• Maintain awareness of the latest and common security threats, attack vectors, and Tactics, Techniques, and Procedures (TTPs) and maintain up-to-date threat profiles.
• Act as an escalation point and subject matter expert for cybersecurity incidents and threat mitigation.
• Develop and maintain incident management plans, procedures, controls, playbooks, and incident response strategies.
• Lead cyber incident simulation exercises.
• Designing and implementing a disaster recovery plan, ensuring Telkom can effectively respond to unexpected security incidents.
• Monitor dark web, open-source intelligence (OSINT), and threat feeds to identify emerging threats.
• Ensure that adequate processes are in place to collect, analyze, and disseminate threat intelligence from internal and external sources.
• Lead or support cyber incident investigations, including detection, containment, eradication, and recovery processes.
• Enhance detection rules and use cases in XDR and threat detection platforms.
• Correlate intelligence with real-time security events to identify and prioritize threats.
• Develop dashboards, visualizations, and metrics to report on threat trends and incident statistics.
• Stay up to date with cybersecurity trends, zero-day vulnerabilities, and global threat activity.
• Lead and ensure collaboration with the SOC team during incident handling.
• Create threat intelligence reports, indicators of compromise (IOCs), and threat briefs for stakeholders.

Core Competencies
FUNCTIONAL KNOWLEDGE

Deep understanding of threat actor tactics, techniques, and procedures; Proficiency in using threat intelligence frameworks; Ability to contextualize and operationalize indicators of compromise; Experience in evaluating open-source and commercial threat intelligence feeds; Competence in producing and validating threat intelligence reports and advisories

Functional Skills
Analytical & Investigative; Communication & Interpretation; Decision Making; Problem Solving; Project & Task Management; Risk Awareness

ATTITUDES/ LEADERSHIP COMPETENCIES

Integrity; Assertive; Confident; Initiator; Supportive; Persuasive; Team Player; Problem Ownership

Certifications
Education

• NQF 6: 3 year Diploma/ National Diploma in Information Technology

Experience

• 5 Years relevant experience

Additional Information
Certifications:

• Preferred certifications: Must have at least one of the following - CISM, CRISC CISSP, SABSA or ISO27001/2.
• Additional desired certification: CoBIT, TOGAF, ITIL.

Special Requirements

• None

Physical Requirements

• None

Key Stakeholders

• Enterprise and IT Architects
• Internal Business Customers
• External Customers
• Consultants and specialists
• Executive & Governance Forums