10 Security Intelligence jobs in South Africa

FusionTek is a Managed Security Service Provider (MSSP) with offices in multiple US locations and team members globally. We’re a tight-knit team of friendly, intelligent people focused on IT infrastructure management for small- to mid-sized businesses since 2007.

We’re also rapidly growing and are looking for top-tier candidates who share our four core values:

• We are team players, collectively working towards a common goal.
• We work each day with a growth mindset focused on the success of our coworkers, clients, and the company.
• We do the right thing with an honest and transparent approach that always puts our clients first.
• We take ownership of our work, always seeing it through to completion.
• We execute quickly and precisely, both internally and externally.

If this opportunity excites you, we invite you to continue reading! Join our team as an Incident Response Technical Lead. We’re seeking a proactive problem-solver with a client-focused attitude who thrives on tackling technical challenges.

As an Incident Response Tech Lead, you will provide excellence in high-touch technical management for incident response projects. This includes frequent technical and non-technical written, verbal, and video call (Zoom / Teams) updates with all stakeholders on a project, both within FusionTek and externally. Throughout the day, you’ll be translating technology to clients who aren’t always technical, so communication skills are paramount in this role. A broad technical foundation is also required, as you will make decisions on the client’s recovery strategy and will serve as an escalation point and subject matter expert to FusionTek team members and the client.

We are currently staffing the following shifts:

8:00 AM – 5:00 PM, Sunday to Thursday or Tuesday to Saturday - South Africa Standard Time (SAST)

2:00 PM – Midnight (Friday to Monday) - South Africa Standard Time (SAST)

Here’s what you’ll be doing:

• You’ll primarily be focused on technical management of incident response recovery efforts from start to finish. This can include initial project mobilization, assignment and management of technical workstreams, and frequent client and vendor communication. There are daily (sometimes more frequently) updated calls and associated reporting.
• Incident response projects can often begin over a weekend or outside of traditional business hours, and weekends are crucial recovery opportunities to lessen the impact the client feels as their businesses are often completely down.
• You’ll work through our ticketing system to document, track, and escalate project tasks and tickets, and you’ll also work on our documentation platform to keep everything up to date along the way.
• You'll serve as an escalation point on technical questions from other engineers and the client.
• You’ll be working with a team of intelligent people to deliver world-class service to our clients

• Excellent comprehension and communication in the English language
• Previous experience leading a technical team
• Knowledge of Office 365 / Azure cloud services
• Knowledge of Active Directory
• Knowledge of complex networking troubleshooting (VLANs/routing/subnetting/packet captures)
• Broad understanding of how operating systems work
• Knowledge of advanced OS troubleshooting (boot issues/corruption of profiles/OS files)
• Comfortable working in different OSs, both in CLI and GUI
• SQL DB knowledge is a plus
• Knowledge of advanced firewall configuration skills (creating and troubleshooting complex firewall policies/routes)
• Experience troubleshooting ingress/egress issues
• Comfortable working in diverse firewall UIs (SonicWall, Meraki, FortiGate, Cisco, WatchGuard, etc.)
• Strong comprehension of system architecture (i.e. - how servers’ function, what their roles are, etc.)
• Understanding of the elements of network and system performance
• Time management skills are crucial to your success in this role
• Superb verbal and written communications skills are a must
• Demonstrated skillset through industry certifications or an agreed upon plan to obtain them
• Previous recovery / remediation experience a plus
• Experience working in a ticketing system is preferred, with Autotask experience a plus

At FusionTek, we truly believe that our people are our most valuable asset, which is why we’re excited to provide:

• Salary range – R800,000 to R950,000
• Quarterly bonus eligibility based on specific KPIs.
• Educational reimbursement for certification tests and company supplied training resources

#J-18808-Ljbffr

FusionTek is a Managed Security Service Provider (MSSP) with offices in multiple US locations and team members globally. We’re a tight-knit team of friendly, intelligent people focused on IT infrastructure management for small- to mid-sized businesses since 2007.

We’re also rapidly growing and are looking for top-tier candidates who share our four core values:

• We are team players, collectively working towards a common goal.
• We work each day with a growth mindset focused on the success of our coworkers, clients, and the company.
• We do the right thing with an honest and transparent approach that always puts our clients first.
• We take ownership of our work, always seeing it through to completion.
• We execute quickly and precisely, both internally and externally.

If this opportunity excites you, we invite you to continue reading! Join our team as an Incident Response Technical Lead. We’re seeking a proactive problem-solver with a client-focused attitude who thrives on tackling technical challenges.

As an Incident Response Tech Lead, you will provide excellence in high-touch technical management for incident response projects. This includes frequent technical and non-technical written, verbal and video call (Zoom / Teams) updates with all stakeholders on a project, both within FusionTek and externally. Throughout the day you’ll be translating technology to clients who aren’t always technical, so communication skills are paramount in this role. A broad technical foundation is also required, as you will make decisions on the client’s recovery strategy and will serve as escalation point and subject matter expert to FusionTek team members and the client.

We are currently staffing the following shifts:

8:00 AM – 5:00 PM, Sunday to Thursday or Tuesday to Saturday - South Africa Standard Time (SAST)

2:00 PM – Midnight (Friday to Monday) - South Africa Standard Time (SAST)

Here’s what you’ll be doing:

• You’ll primarily be focused on technical management of incident response recovery efforts from start to finish. This can include initial project mobilization, assignment and management of technical workstreams, and frequent client and vendor communication. There are daily (sometimes more frequently) updated calls and associated reporting.
• Incident response projects can often begin over a weekend or outside of traditional business hours, and weekends are crucial recovery opportunities to lessen the impact the client feels as their businesses are often completely down.
• You’ll work through our ticketing system to document, track, and escalate project tasks and tickets, and you’ll also work on our documentation platform to keep everything up to date along the way.
• You'll serve as an escalation point on technical questions from other engineers and the client.
• You’ll be working with a team of intelligent people to deliver world-class service to our clients

• Excellent comprehension and communication in the English language
• Previous experience leading a technical team
• Knowledge of Office 365 / Azure cloud services
• Knowledge of Active Directory
• Knowledge of complex networking troubleshooting (VLANs/routing/subnetting/packet captures)
• Broad understanding of how operating systems work
• Knowledge of advanced OS troubleshooting (boot issues/corruption of profiles/OS files)
• Comfortable working in different OSs, both in CLI and GUI
• SQL DB knowledge is a plus
• Knowledge of advanced firewall configuration skills (creating and troubleshooting complex firewall policies/routes)
• Experience troubleshooting ingress/egress issues
• Comfortable working in diverse firewall UIs (SonicWall, Meraki, FortiGate, Cisco, WatchGuard, etc.)
• Strong comprehension of system architecture (i.e. - how servers’ function, what their roles are, etc.)
• Understanding of the elements of network and system performance
• Time management skills are crucial to your success in this role
• Superb verbal and written communications skills are a must
• Demonstrated skillset through industry certifications or an agreed upon plan to obtain them
• Previous recovery / remediation experience a plus
• Experience working in a ticketing system is preferred, with Autotask experience a plus

At FusionTek, we truly believe that our people are our most valuable asset, which is why we’re excited to provide:

• Salary range – R800,000 to R950,000
• Quarterly bonus eligibility based on specific KPIs.
• Educational reimbursement for certification tests and company supplied training resources

#J-18808-Ljbffr

Fusion Tek is a Managed Security Service Provider (MSSP) with offices in multiple US locations and team members globally. We’re a tight-knit team of friendly, intelligent people focused on IT infrastructure management for small- to mid-sized businesses since 2007. We’re also rapidly growing and are looking for top-tier candidates who share our four core values: We are team players, collectively working towards a common goal. We work each day with a growth mindset focused on the success of our coworkers, clients, and the company. We do the right thing with an honest and transparent approach that always puts our clients first. We take ownership of our work, always seeing it through to completion. We execute quickly and precisely, both internally and externally. If this opportunity excites you, we invite you to continue reading! Join our team as an Incident Response Technical Lead. We’re seeking a proactive problem-solver with a client-focused attitude who thrives on tackling technical challenges. As an Incident Response Tech Lead, you will provide excellence in high-touch technical management for incident response projects. This includes frequent technical and non-technical written, verbal, and video call (Zoom / Teams) updates with all stakeholders on a project, both within Fusion Tek and externally. Throughout the day, you’ll be translating technology to clients who aren’t always technical, so communication skills are paramount in this role. A broad technical foundation is also required, as you will make decisions on the client’s recovery strategy and will serve as an escalation point and subject matter expert to Fusion Tek team members and the client. We are currently staffing the following shifts: 8:00 AM – 5:00 PM, Sunday to Thursday or Tuesday to Saturday - South Africa Standard Time (SAST) 2:00 PM – Midnight (Friday to Monday) - South Africa Standard Time (SAST) Here’s what you’ll be doing: You’ll primarily be focused on technical management of incident response recovery efforts from start to finish. This can include initial project mobilization, assignment and management of technical workstreams, and frequent client and vendor communication. There are daily (sometimes more frequently) updated calls and associated reporting. Incident response projects can often begin over a weekend or outside of traditional business hours, and weekends are crucial recovery opportunities to lessen the impact the client feels as their businesses are often completely down. You’ll work through our ticketing system to document, track, and escalate project tasks and tickets, and you’ll also work on our documentation platform to keep everything up to date along the way. You'll serve as an escalation point on technical questions from other engineers and the client. You’ll be working with a team of intelligent people to deliver world-class service to our clients Excellent comprehension and communication in the English language Previous experience leading a technical team Knowledge of Office 365 / Azure cloud services Knowledge of Active Directory Knowledge of complex networking troubleshooting (VLANs/routing/subnetting/packet captures) Broad understanding of how operating systems work Knowledge of advanced OS troubleshooting (boot issues/corruption of profiles/OS files) Comfortable working in different OSs, both in CLI and GUI SQL DB knowledge is a plus Knowledge of advanced firewall configuration skills (creating and troubleshooting complex firewall policies/routes) Experience troubleshooting ingress/egress issues Comfortable working in diverse firewall UIs (Sonic Wall, Meraki, Forti Gate, Cisco, Watch Guard, etc.) Strong comprehension of system architecture (i.e. - how servers’ function, what their roles are, etc.) Understanding of the elements of network and system performance Time management skills are crucial to your success in this role Superb verbal and written communications skills are a must Demonstrated skillset through industry certifications or an agreed upon plan to obtain them Previous recovery / remediation experience a plus Experience working in a ticketing system is preferred, with Autotask experience a plus At Fusion Tek, we truly believe that our people are our most valuable asset, which is why we’re excited to provide: Salary range – R800,000 to R950,000 Quarterly bonus eligibility based on specific KPIs. Educational reimbursement for certification tests and company supplied training resources #J-18808-Ljbffr

Associate (Technical Lead), Incident Response, South Africa

S-RM is seeking an Incident Response Associate (Technical Lead) to join our Cyber Security team in South Africa.

Cybersecurity

Cape Town

Who we are

S-RM is a global intelligence and cyber security consultancy. Since 2005, we’ve helped some of the most demanding clients in the world solve some of their toughest information security challenges.

We’ve been able to do this because of our outstanding people. We’re committed to developing sharp, curious, driven individuals who want to think critically, solve complex problems, and achieve success.

But we also know that work isn’t everything. It’s about the lives and careers it helps us build. We’re immensely proud of this culture and we invest in our people’s wellbeing, learning, and ideas every day.

We’re excited you’re thinking about joining us.

Our Cyber Security division is the fastest-growing part of S-RM. The cyber sector is always evolving, and our Advisory, Ethical Hacking, and Incident Response practices are in more demand than ever.

We’re building a team to meet this challenge. We’re quick to respond, innovate, and improve. We don’t get too hung up on hierarchy or bureaucracy. If your ideas are good enough, we’ll empower you to implement them. If you’re the best person to talk to a customer, you’ll get that opportunity, regardless of the title in your email signature. And when you need a hand, your team will always have your back.

We also don’t believe there’s a typical cyber security professional. We’ve built a team of intelligence analysts, technical specialists, software developers, investigators, risk managers, and more. You’ll always find a range of perspectives and expertise to help you learn and grow.

If that sounds like your kind of team, we’d like to hear from you.

The role

Our Incident Response Associates are a critical part of our Cyber Security division’s success.

As a Response Associate (Technical Lead), you will deploy your incident response expertise in a senior delivery role across our incident response services.

You will work across the full lifecycle of security incidents to help our clients respond and recover, including:

• Leading technical incident response from first contact through to closure: you will be the primary technical resource on response cases, deploying your own expertise and offering guidance to colleagues on your project team.
• Overseeing host- and network-based incident response investigations: including triage, system recovery, technical evidence collection, and forensics, log, malware and root cause analyses.
• Developing and sharing domain expertise: we will support you in growing your cyber expertise, including sharing it with the wider team through internal initiatives and programs.
• Participating in an on-call rotation to provide 24X7X365 client incident coverage.

Other features of the role include:

• Variety of casework: no day will be the same. Our team responds to a huge variety of incidents for both public and corporate clients.
• Range of opportunities: you will have opportunities to broaden your security awareness into testing and advisory projects, in addition to deepening your incident response expertise.
• Flexible working practices: responding to incidents can be intense, high-pressure work. We are mindful of our team’s work/life balance and offer flexible working options to support your wellbeing.

What we're looking for

Candidates with the following qualifications and experience are likely to succeed as Incident Response Associates at S-RM.

That said, if you don’t think you meet all of the criteria below but still are interested in the job, please apply. Nobody checks every box—we’re looking for candidates that are particularly strong in a few areas and have some interest and capabilities in others.

We nurture a culture of equality, diversity and inclusion and we are dedicated to developing a workforce that displays a variety of talents, experiences and perspectives.

• Experience: 5+ years’ experience in a technical cyber security role. Direct experience working in an incident response team is beneficial but not essential.
• Approach: an investigative mindset. You should be comfortable solving problems with limited information and guidance.
• Threat intelligence: some demonstrable knowledge of cyber threat actors, and their tactics, techniques, and procedures.
• Skillset: you should be comfortable using scripting to solve cyber security problems and ideally be able to demonstrate an interest in doing so, e.g. through your own research projects or prior experience.
• Communication: you should be able to communicate your technical findings for a non-technical audience in a professional setting.
• Qualifications: relevant industry certifications are not required for this role. However, holding any of the following is beneficial: GCFE, GCFA, EnCE, CFSR, CISSP, GREM, CCNA, MCFE, OSCP, Network+ and Security+

The successful candidate must have permission to work in South Africa by the start of their employment.

We offer thoughtful, balanced rewards and support to help our people do their best work and live their lives outside it, this includes but is not exhaustive of:

• 23 days holiday per year in addition to public holidays (+1 day for every year of service up to a maximum of 30 days in total);
• Hybrid working and flexible working hours;
• Matching pension contribution up to 7% (up to a maximum of 14% combined), and financial education;
• Life Insurance 4X annual salary.

Parental Support:

• Fertility treatment leave – 5 days of leave per cycle of treatment per year;
• Maternity leave – 26 weeks of full pay followed by 13 weeks of half pay;
• Paternity leave – 6 weeks of full pay.

Various Health and Medical Benefits including:

• Medical Aid (taxable benefit) for you and your immediate family;
• EAP program for you and your immediate family;
• Free access to the world-famous mindfulness app.

#J-18808-Ljbffr

Associate (Technical Lead), Incident Response, South Africa S-RM is seeking an Incident Response Associate (Technical Lead) to join our Cyber Security team in South Africa. Cybersecurity Cape Town Who we are S-RM is a global intelligence and cyber security consultancy. Since 2005, we’ve helped some of the most demanding clients in the world solve some of their toughest information security challenges. We’ve been able to do this because of our outstanding people. We’re committed to developing sharp, curious, driven individuals who want to think critically, solve complex problems, and achieve success. But we also know that work isn’t everything. It’s about the lives and careers it helps us build. We’re immensely proud of this culture and we invest in our people’s wellbeing, learning, and ideas every day. We’re excited you’re thinking about joining us. Our Cyber Security division is the fastest-growing part of S-RM. The cyber sector is always evolving, and our Advisory, Ethical Hacking, and Incident Response practices are in more demand than ever. We’re building a team to meet this challenge. We’re quick to respond, innovate, and improve. We don’t get too hung up on hierarchy or bureaucracy. If your ideas are good enough, we’ll empower you to implement them. If you’re the best person to talk to a customer, you’ll get that opportunity, regardless of the title in your email signature. And when you need a hand, your team will always have your back. We also don’t believe there’s a typical cyber security professional. We’ve built a team of intelligence analysts, technical specialists, software developers, investigators, risk managers, and more. You’ll always find a range of perspectives and expertise to help you learn and grow. If that sounds like your kind of team, we’d like to hear from you. The role Our Incident Response Associates are a critical part of our Cyber Security division’s success. As a Response Associate (Technical Lead), you will deploy your incident response expertise in a senior delivery role across our incident response services. You will work across the full lifecycle of security incidents to help our clients respond and recover, including: Leading technical incident response from first contact through to closure: you will be the primary technical resource on response cases, deploying your own expertise and offering guidance to colleagues on your project team. Overseeing host- and network-based incident response investigations: including triage, system recovery, technical evidence collection, and forensics, log, malware and root cause analyses. Developing and sharing domain expertise: we will support you in growing your cyber expertise, including sharing it with the wider team through internal initiatives and programs. Participating in an on-call rotation to provide 24 X7 X365 client incident coverage. Other features of the role include: Variety of casework: no day will be the same. Our team responds to a huge variety of incidents for both public and corporate clients. Range of opportunities: you will have opportunities to broaden your security awareness into testing and advisory projects, in addition to deepening your incident response expertise. Flexible working practices: responding to incidents can be intense, high-pressure work. We are mindful of our team’s work/life balance and offer flexible working options to support your wellbeing. What we're looking for Candidates with the following qualifications and experience are likely to succeed as Incident Response Associates at S-RM. That said, if you don’t think you meet all of the criteria below but still are interested in the job, please apply. Nobody checks every box—we’re looking for candidates that are particularly strong in a few areas and have some interest and capabilities in others. We nurture a culture of equality, diversity and inclusion and we are dedicated to developing a workforce that displays a variety of talents, experiences and perspectives. Experience: 5+ years’ experience in a technical cyber security role. Direct experience working in an incident response team is beneficial but not essential. Approach: an investigative mindset. You should be comfortable solving problems with limited information and guidance. Threat intelligence: some demonstrable knowledge of cyber threat actors, and their tactics, techniques, and procedures. Skillset: you should be comfortable using scripting to solve cyber security problems and ideally be able to demonstrate an interest in doing so, e.g. through your own research projects or prior experience. Communication: you should be able to communicate your technical findings for a non-technical audience in a professional setting. Qualifications: relevant industry certifications are not required for this role. However, holding any of the following is beneficial: GCFE, GCFA, En CE, CFSR, CISSP, GREM, CCNA, MCFE, OSCP, Network+ and Security+ The successful candidate must have permission to work in South Africa by the start of their employment. We offer thoughtful, balanced rewards and support to help our people do their best work and live their lives outside it, this includes but is not exhaustive of: 23 days holiday per year in addition to public holidays (+1 day for every year of service up to a maximum of 30 days in total); Hybrid working and flexible working hours; Matching pension contribution up to 7% (up to a maximum of 14% combined), and financial education; Life Insurance 4 X annual salary. Parental Support: Fertility treatment leave – 5 days of leave per cycle of treatment per year; Maternity leave – 26 weeks of full pay followed by 13 weeks of half pay; Paternity leave – 6 weeks of full pay. Various Health and Medical Benefits including: Medical Aid (taxable benefit) for you and your immediate family; EAP program for you and your immediate family; Free access to the world-famous mindfulness app. #J-18808-Ljbffr

Canonical Cape Town, Western Cape, South Africa

Join or sign in to find your next job

Join to apply for the Threat Intelligence Lead role at Canonical

Continue with Google Continue with Google

Canonical Cape Town, Western Cape, South Africa

Join to apply for the Threat Intelligence Lead role at Canonical

Get AI-powered advice on this job and more exclusive features.

Sign in to access AI-powered advices

Continue with Google Continue with Google

Continue with Google Continue with Google

Continue with Google Continue with Google

Continue with Google Continue with Google

Continue with Google Continue with Google

Continue with Google Continue with Google

The Threat Intelligence Lead will own Canonical's threat intelligence strategy and execution, including understanding of which cyber threat actors are targeting Canonical, and the use of intelligence on Tactics, Techniques and Procedures (TTP) to better our products and internal cybersecurity controls. You will collaborate with internal stakeholders as well as with the wider cybersecurity community, making sure that Canonical is recognised as a thought leader on open source threat intelligence.

This role will report to the CISO.

You will lead intelligence gathering and development activities on threat actors targeting software supply chains. You'll study attack trends across the wider open source software landscape, report findings to internal security teams, and advise the wider engineering community on the best course of action to detect and mitigate possible threats.

As the publisher of Ubuntu, Canonical products are directly or indirectly present in almost every organisation and household in the world, making them a prime target for threat actors. This team's mission is to help Canonical, and by extension countless community members and companies around the world, secure their software infrastructure.

What you'll do in this role

• Build and own Canonical's threat intelligence strategy
• Build and maintain OSINT research environments
• Develop OSINT tradecraft, principals, and techniques
• Identify and track targeted intrusion cyber threats, trends, and new developments by cyber threat actors through analysis of proprietary and open source datasets
• Collaborate across teams to inform on activity of interest
• Coordinate adversary/campaign tracking
• Contribute to the wider threat intelligence community, establishing Canonical as a key contributor and thought leader in the space
• Work with product and engineering teams to explain cybersecurity threats and advise on mitigation strategies
• Work with the OPSEC and IS team to help implement/update security controls prioritising cyber defence
• Identify intelligence gaps and propose new tools and research projects to fill them
• Conduct briefings for executives, internal stakeholders and external customers
  
  

The successful Threat Intelligence Lead will be

• An experienced threat intelligence leader (or similar)
• Knowledgeable about the current open source threat landscape and computer networking/infrastructure concepts
• Highly competent with OSINT tools (e.g., Buscador, Trace Labs OSINT VM, OSINT Framework, Maltego, Shodan, social media scraping tools, etc.)
• Able to identify, organise, catalogue, and track adversary tradecraft trends — often with incomplete data
• Experienced using threat intelligence data to influence enterprise architecture or product development decisions
• An excellent communicator with the ability to clearly articulate and tailor technical content to a variety of audiences
• Able to travel twice a year, for company events up to two weeks long
  
  

Desired Characteristics

• A professional portfolio of OSINT related scripts, tools, or frameworks
• Demonstrated involvement in the larger OSINT community (please share relevant links)
• Degree qualified, with a bachelor's degree in computer science, information security, or a related field
• Certifications in related areas (e.g. GOSI, SANS SEC487 & SEC587, IntelTechniques OSIP, etc)
• Experience in a tech company or government/military signal intelligence departments
  
  

What we offer you

We consider geographical location, experience, and performance in shaping compensation worldwide. We revisit compensation annually (and more often for graduates and associates) to ensure we recognise outstanding performance. In addition to base pay, we offer a performance-driven annual bonus. We provide all team members with additional benefits, which reflect our values and ideals. We balance our programs to meet local needs and ensure fairness globally.

• Distributed work environment with twice-yearly team sprints in person
• Personal learning and development budget of USD 2,000 per year
• Annual compensation review
• Recognition rewards
• Annual holiday leave
• Maternity and paternity leave
• Employee Assistance Programme
• Opportunity to travel to new locations to meet colleagues
• Priority Pass, and travel upgrades for long haul company events
  
  

About Canonical

Canonical is a pioneering tech firm at the forefront of the global move to open source. As the company that publishes Ubuntu, one of the most important open source projects and the platform for AI, IoT and the cloud, we are changing the world on a daily basis. We recruit on a global basis and set a very high standard for people joining the company. We expect excellence - in order to succeed, we need to be the best at what we do. Canonical has been a remote-first company since its inception in 2004. Working here is a step into the future, and will challenge you to think differently, work smarter, learn new skills, and raise your game.

Canonical is an equal opportunity employer

We are proud to foster a workplace free from discrimination. Diversity of experience, perspectives, and background create a better work environment and better products. Whatever your identity, we will give your application fair consideration.

Seniority level

• Seniority level Mid-Senior level

Employment type

• Employment type Full-time

Job function

• Job function Information Technology
• Industries Software Development

Referrals increase your chances of interviewing at Canonical by 2x

Get notified about new Threat Intelligence Lead jobs in Cape Town, Western Cape, South Africa .

We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.

#J-18808-Ljbffr

Canonical Cape Town, Western Cape, South Africa Join or sign in to find your next job Join to apply for the Threat Intelligence Lead role at Canonical Continue with Google Continue with Google Canonical Cape Town, Western Cape, South Africa Join to apply for the Threat Intelligence Lead role at Canonical Get AI-powered advice on this job and more exclusive features. Sign in to access AI-powered advices Continue with Google Continue with Google Continue with Google Continue with Google Continue with Google Continue with Google Continue with Google Continue with Google Continue with Google Continue with Google Continue with Google Continue with Google The Threat Intelligence Lead will own Canonical's threat intelligence strategy and execution, including understanding of which cyber threat actors are targeting Canonical, and the use of intelligence on Tactics, Techniques and Procedures (TTP) to better our products and internal cybersecurity controls. You will collaborate with internal stakeholders as well as with the wider cybersecurity community, making sure that Canonical is recognised as a thought leader on open source threat intelligence.This role will report to the CISO.You will lead intelligence gathering and development activities on threat actors targeting software supply chains. You'll study attack trends across the wider open source software landscape, report findings to internal security teams, and advise the wider engineering community on the best course of action to detect and mitigate possible threats.As the publisher of Ubuntu, Canonical products are directly or indirectly present in almost every organisation and household in the world, making them a prime target for threat actors. This team's mission is to help Canonical, and by extension countless community members and companies around the world, secure their software infrastructure.What you'll do in this roleBuild and own Canonical's threat intelligence strategy Build and maintain OSINT research environments Develop OSINT tradecraft, principals, and techniques Identify and track targeted intrusion cyber threats, trends, and new developments by cyber threat actors through analysis of proprietary and open source datasets Collaborate across teams to inform on activity of interest Coordinate adversary/campaign tracking Contribute to the wider threat intelligence community, establishing Canonical as a key contributor and thought leader in the space Work with product and engineering teams to explain cybersecurity threats and advise on mitigation strategies Work with the OPSEC and IS team to help implement/update security controls prioritising cyber defence Identify intelligence gaps and propose new tools and research projects to fill them Conduct briefings for executives, internal stakeholders and external customers The successful Threat Intelligence Lead will beAn experienced threat intelligence leader (or similar) Knowledgeable about the current open source threat landscape and computer networking/infrastructure concepts Highly competent with OSINT tools (e.g., Buscador, Trace Labs OSINT VM, OSINT Framework, Maltego, Shodan, social media scraping tools, etc.) Able to identify, organise, catalogue, and track adversary tradecraft trends — often with incomplete data Experienced using threat intelligence data to influence enterprise architecture or product development decisions An excellent communicator with the ability to clearly articulate and tailor technical content to a variety of audiences Able to travel twice a year, for company events up to two weeks long Desired CharacteristicsA professional portfolio of OSINT related scripts, tools, or frameworks Demonstrated involvement in the larger OSINT community (please share relevant links) Degree qualified, with a bachelor's degree in computer science, information security, or a related field Certifications in related areas (e.g. GOSI, SANS SEC487 & SEC587, Intel Techniques OSIP, etc) Experience in a tech company or government/military signal intelligence departments What we offer youWe consider geographical location, experience, and performance in shaping compensation worldwide. We revisit compensation annually (and more often for graduates and associates) to ensure we recognise outstanding performance. In addition to base pay, we offer a performance-driven annual bonus. We provide all team members with additional benefits, which reflect our values and ideals. We balance our programs to meet local needs and ensure fairness globally.Distributed work environment with twice-yearly team sprints in person Personal learning and development budget of USD 2,000 per year Annual compensation review Recognition rewards Annual holiday leave Maternity and paternity leave Employee Assistance Programme Opportunity to travel to new locations to meet colleagues Priority Pass, and travel upgrades for long haul company events About CanonicalCanonical is a pioneering tech firm at the forefront of the global move to open source. As the company that publishes Ubuntu, one of the most important open source projects and the platform for AI, Io T and the cloud, we are changing the world on a daily basis. We recruit on a global basis and set a very high standard for people joining the company. We expect excellence - in order to succeed, we need to be the best at what we do. Canonical has been a remote-first company since its inception in 2004. Working here is a step into the future, and will challenge you to think differently, work smarter, learn new skills, and raise your game.Canonical is an equal opportunity employerWe are proud to foster a workplace free from discrimination. Diversity of experience, perspectives, and background create a better work environment and better products. Whatever your identity, we will give your application fair consideration.Seniority level Seniority level Mid-Senior level Employment type Employment type Full-time Job function Job function Information Technology Industries Software Development Referrals increase your chances of interviewing at Canonical by 2x Get notified about new Threat Intelligence Lead jobs in Cape Town, Western Cape, South Africa . We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI. #J-18808-Ljbffr

Canonical Cape Town, Western Cape, South Africa Join or sign in to find your next job Join to apply for the Threat Intelligence Lead role at Canonical Continue with Google Continue with Google Canonical Cape Town, Western Cape, South Africa Join to apply for the Threat Intelligence Lead role at Canonical Get AI-powered advice on this job and more exclusive features. Sign in to access AI-powered advices Continue with Google Continue with Google Continue with Google Continue with Google Continue with Google Continue with Google Continue with Google Continue with Google Continue with Google Continue with Google Continue with Google Continue with Google The Threat Intelligence Lead will own Canonical's threat intelligence strategy and execution, including understanding of which cyber threat actors are targeting Canonical, and the use of intelligence on Tactics, Techniques and Procedures (TTP) to better our products and internal cybersecurity controls. You will collaborate with internal stakeholders as well as with the wider cybersecurity community, making sure that Canonical is recognised as a thought leader on open source threat intelligence.This role will report to the CISO.You will lead intelligence gathering and development activities on threat actors targeting software supply chains. You'll study attack trends across the wider open source software landscape, report findings to internal security teams, and advise the wider engineering community on the best course of action to detect and mitigate possible threats.As the publisher of Ubuntu, Canonical products are directly or indirectly present in almost every organisation and household in the world, making them a prime target for threat actors. This team's mission is to help Canonical, and by extension countless community members and companies around the world, secure their software infrastructure.What you'll do in this roleBuild and own Canonical's threat intelligence strategy Build and maintain OSINT research environments Develop OSINT tradecraft, principals, and techniques Identify and track targeted intrusion cyber threats, trends, and new developments by cyber threat actors through analysis of proprietary and open source datasets Collaborate across teams to inform on activity of interest Coordinate adversary/campaign tracking Contribute to the wider threat intelligence community, establishing Canonical as a key contributor and thought leader in the space Work with product and engineering teams to explain cybersecurity threats and advise on mitigation strategies Work with the OPSEC and IS team to help implement/update security controls prioritising cyber defence Identify intelligence gaps and propose new tools and research projects to fill them Conduct briefings for executives, internal stakeholders and external customers The successful Threat Intelligence Lead will beAn experienced threat intelligence leader (or similar) Knowledgeable about the current open source threat landscape and computer networking/infrastructure concepts Highly competent with OSINT tools (e.g., Buscador, Trace Labs OSINT VM, OSINT Framework, Maltego, Shodan, social media scraping tools, etc.) Able to identify, organise, catalogue, and track adversary tradecraft trends — often with incomplete data Experienced using threat intelligence data to influence enterprise architecture or product development decisions An excellent communicator with the ability to clearly articulate and tailor technical content to a variety of audiences Able to travel twice a year, for company events up to two weeks long Desired CharacteristicsA professional portfolio of OSINT related scripts, tools, or frameworks Demonstrated involvement in the larger OSINT community (please share relevant links) Degree qualified, with a bachelor's degree in computer science, information security, or a related field Certifications in related areas (e.g. GOSI, SANS SEC487 & SEC587, Intel Techniques OSIP, etc) Experience in a tech company or government/military signal intelligence departments What we offer youWe consider geographical location, experience, and performance in shaping compensation worldwide. We revisit compensation annually (and more often for graduates and associates) to ensure we recognise outstanding performance. In addition to base pay, we offer a performance-driven annual bonus. We provide all team members with additional benefits, which reflect our values and ideals. We balance our programs to meet local needs and ensure fairness globally.Distributed work environment with twice-yearly team sprints in person Personal learning and development budget of USD 2,000 per year Annual compensation review Recognition rewards Annual holiday leave Maternity and paternity leave Employee Assistance Programme Opportunity to travel to new locations to meet colleagues Priority Pass, and travel upgrades for long haul company events About CanonicalCanonical is a pioneering tech firm at the forefront of the global move to open source. As the company that publishes Ubuntu, one of the most important open source projects and the platform for AI, Io T and the cloud, we are changing the world on a daily basis. We recruit on a global basis and set a very high standard for people joining the company. We expect excellence - in order to succeed, we need to be the best at what we do. Canonical has been a remote-first company since its inception in 2004. Working here is a step into the future, and will challenge you to think differently, work smarter, learn new skills, and raise your game.Canonical is an equal opportunity employerWe are proud to foster a workplace free from discrimination. Diversity of experience, perspectives, and background create a better work environment and better products. Whatever your identity, we will give your application fair consideration.Seniority level Seniority level Mid-Senior level Employment type Employment type Full-time Job function Job function Information Technology Industries Software Development Referrals increase your chances of interviewing at Canonical by 2x Get notified about new Threat Intelligence Lead jobs in Cape Town, Western Cape, South Africa . We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI. #J-18808-Ljbffr

M-KOPA's Threat Intelligence team sits within the Security department and identifies and assesses threats against our products, business and personnel. The team has taken a unique approach to Threat Intelligence by developing a custom analysis platform instead of depending on standard tools — Recorded Futures. By consuming several intelligence sources, we aim to provide minute-by-minute information to our Fraud, Application Security and Managerial teams using Azure Microservices. Your role is acting as a developer, primarily Python, for the Threat Intelligence team with elements of Threat Hunting in the mix. It's not only about building automated tools to scour the Internet but also about identifying new threats to monitor. It is a fully Remote role within the following time zone (UTC -1 / UTC+3), and you will report to the Senior Threat Intelligence Researcher. Additionally, you will work closely with the Application Security and Global Fraud teams to develop intelligence-gathering systems to distribute significant findings appropriately.

You're excited about this opportunity because;

• You will create, build and enhance a bespoke Threat Intelligence platform, exceeding the capabilities of 99% of Threat Intelligence teams.
• You will identify new threats against M-KOPA, our products and our employees.
• You will get to learn about development best practices, Continuous Integration and Continuous Development processes.
• You will become familiar with the latest hardware hacking, web applications hacking and malware attacks.
• You will receive and analyze cyber threat alerts from various sources and communicate them to the appropriate team members.
• You will perform cyber defense trend analysis, assist team members with determining their cybersecurity requirements, and establish reporting mechanisms.
• You will develop and deliver written and oral mobile threat alerts, scheduled internal notifications, case studies, and after-action reports to several stakeholders.
• You will coordinate and communicate across multiple stakeholder groups.
• You will monitor external data sources to maintain an up-to-date understanding of cyber actors and threats and provide recommendations on prioritizing cyber threats and prevention / mitigation measures.
• You will review and evaluate incoming intelligence reports, information, collection plans, and programs.

We're excited about you because you have experience with;

• Moderate experience writing Python programs or knowledge of Python development.
• Any experience with Microsoft Azure or cloud microservice architectures.
• Some familiarity with modern development practices, Continuous Integration and Continuous Development.
• Ability to read Zulu to a proficient level.
• Any knowledge of Threat Intelligence principles.
• Windows and Linux command line knowledge.

Benefits - What's in it for you!

• You will be involved, and participate in, our Application and Information Security Red Teaming operations.
• Have the opportunity to travel internationally to attend conferences and training courses.
• Annual Learning and Development Fund - You have an annual $1,200 allowance to spend on learning and development (that is, between 1 January and 31 December). For your first year at M-KOPA, this allowance is pro-rated depending on the month that you start.
• Home Office Set Up - Having the best IT equipment tools in the world doesn't make sense if you do not have a proper setup to work with. For this reason, M-KOPA will pre-approve the following items for a total budget of $1,000 that you can use at any time after signing the offer letter with M-KOPA.
• On site retreats with wider tech team, plus trips to operational markets.

M-KOPA is an equal opportunity and affirmative action employer committed to assembling a diverse, broadly trained staff. Women, minorities, and people with disabilities are strongly encouraged to apply. M-KOPA explicitly prohibits the use of Forced or Child Labour and respects the rights of its employees to agree to terms and conditions of employment voluntarily, without coercion, and freely terminate their employment on appropriate notice. M-KOPA shall ensure that its Employees are of legal working age and shall comply with local laws for youth employment or student work, such as internships or apprenticeships. M-KOPA does not collect / charge any money as a pre-employment or post-employment requirement. This means that we never ask for ‘recruitment fees’, ‘processing fees’, ‘interview fees’, or any other kind of money in exchange for offer letters or interviews at any time during the hiring process.

#J-18808-Ljbffr