45 Security Operations jobs in South Africa

Canonical Cape Town, Western Cape, South Africa

We have opened several senior/staff Security Operations Engineer (SOC) positions, creating a new team reporting to the CISO. We are looking for a range of experience in these positions - at the high end we are looking for deep experience defending highly contested critical assets and high-value cyber targets against advanced persistent threats and state-level actors. We have more junior roles for exceptional individuals with a proven personal interest an engagement in cyber attack and defence, and outstanding academic and career performance even if experience is limited.

Our goal is to build an entirely new level of assurance and observable rigour into the open source supply chain. We have our own estate to monitor, but more broadly our goal is to raise the robustness of the entire global Ubuntu estate through the work of this team.

The Security Operations (SecOps) team is responsible for design, implementation and evolution of Canonical security practices, techniques, tools, systems and policies. The team is the primary owner of strategy and practices that determine how Canonical secures its data, internal infrastructure and build processes. They are responsible for assuring the security and integrity of our own infrastructure and product deployments. They design and implement technical security controls that ensure security threats are automatically identified, contained and remediated. The team will also contribute ideas and requirements for Canonical product security, improving the resilience and robustness of all Ubuntu customers and users subject to cyber attack.

The SecOps team's mission is not only to secure Canonical, but also to contribute to the security of the wider open source ecosystem. They might share knowledge through public presentations and industry events, and share threat intelligence with the wider community or represent Canonical in sector-specific governance bodies.

What you will do in this role:

• Implement and evolve Canonical's Security Operation Center
• Analyse and improve Canonical's security architecture
• Evaluate, select and implement new security tools and practices
• Identify, contain and guide the remediation of security threats and cyber attacks
• Grow the presence and thought leadership of Canonical SecOps practice
• Contribute to open source threat intelligence initiatives
• Drive threat modelling, table top exercises and other SecOps practices across Engineering, IS and Canonical
• Develop Canonical SecOps learning and development materials
• Publish blog posts, whitepapers and conference presentations
• Identify, implement and track SecOps KPIs
• Plan and deliver SecOps work in the framework of Canonical's agile engineering practice
• Work with Security leadership to present information and influence change
  
  

• An exceptional academic track record
• Undergraduate degree in Computer Science or STEM, or a compelling narrative about your alternative path
• Previous professional experience working or leading a Security Operation Center
• Deep personal motivation to be at the forefront of technology security
• Expertise in threat modelling and risk management frameworks
• Knowledge of security architecture and market-leading security tools
• Experience contributing to, and consuming, threat intelligence feeds
• Experience in security risk management frameworks such as NIST CSF and ISO27001
  
  

• Experience in a security operations team or a security operations centre (SOC)
• Experience in offensive or defensive security teams with hands-on ability
• Experience with state-actor and other advanced persistent threats
  
  

• Distributed work environment with twice-yearly team sprints in person
• Personal learning and development budget of USD 2,000 per year
• Annual compensation review
• Recognition rewards
• Annual holiday leave
• Maternity and paternity leave
• Employee Assistance Programme
• Opportunity to travel to new locations to meet colleagues
• Priority Pass, and travel upgrades for long haul company events
  
  

• Seniority level Mid-Senior level

• Employment type Full-time

• Job function Information Technology
• Industries Software Development

Referrals increase your chances of interviewing at Canonical by 2x

Cape Town, Western Cape, South Africa 1 day ago

Cape Town, Western Cape, South Africa 3 months ago

Cape Town, Western Cape, South Africa 3 weeks ago

We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.

Canonical Cape Town, Western Cape, South Africa

Join to apply for the Head of Security Operations role at Canonical

Canonical Cape Town, Western Cape, South Africa

Join to apply for the Head of Security Operations role at Canonical

This global leadership role in cyber security is to manage the Security Operations (SecOps) team responsible for design, implementation and evolution of Canonical security practices, techniques, tools, systems and policies. The team is the primary owner of strategy and practices that determine how Canonical secures its data, internal infrastructure and build processes. They are responsible for assuring the security and integrity of our own infrastructure and product deployments. They design and implement technical security controls that ensure security threats are automatically identified, contained and remediated. The team will also contribute ideas and requirements for Canonical product security, improving the resilience and robustness of all Ubuntu customers and users subject to cyber attack.

As a leader on cyber security in the company, the SecOps team manager will collaborate with our Organisational Learning and Development team to develop playbooks and facilitate SecOps training across Canonical. They will operate in a wider security organisation, run a high performing security team and improve Canonical's security posture. They will lead initiatives to integrate the team's insights into Canonical's broader software development process.

While this is a management position, we expect managers to be expert practitioners, able to lead by example, contribute at the highest level, and assess work based on their own professional experience and skill. Candidates should have deep, hands-on expertise with a range of open source and proprietary security tooling and practices, which they can integrate into a holistic next generation security solution across the breadth of Canonical's interests.

The SecOps team's mission is not only to secure Canonical, but also to contribute to the security of the wider open source ecosystem. They might share knowledge through public presentations and industry events, and share threat intelligence with the wider community or represent Canonical in sector-specific governance bodies.

This role reports to the CISO.

What you will do in this role:

• Hire and mentor a team of outstanding technical security professionals
• Define Canonical's SecOps security standards and playbooks
• Own and drive the architecture and design of the SOC
• Analyse and improve Canonical's security architecture
• Evaluate, select and implement new security tools and practices
• Identify, contain and guide the remediation of security threats and cyber attacks
• Grow the presence and thought leadership of Canonical SecOps practice
• Contribute to open source threat intelligence initiatives
• Drive threat modelling, table top exercises and other SecOps practices across Engineering, IS and Canonical
• Develop Canonical SecOps learning and development materials
• Publish blog posts, whitepapers and conference presentations
• Identify, implement and track SecOps KPIs
• Plan and deliver SecOps work in the framework of Canonical's agile engineering practice
• Work with Security leadership to present information and influence change
  
  

• Proven track record of mitigating with advanced threat actors and nation state threats
• Expert technical understanding of SOCs from the ground up
• In depth knowledge of SOC architecture and design including strategies for logging, firewalls, network segmentation, honeypots etc
• Someone who understands how the SOC works not just how to use it
• Expert in Linux security
• Ability to define, implement, automate and measure effective incident response playbooks
• Knowledge of security architecture and market-leading security tools
• Experience contributing to, and consuming, threat intelligence feeds
• Experience in security risk management frameworks such as NIST CSF
• An exceptional academic track record from both high school and university
• Undergraduate degree in Computer Science or STEM, or a compelling narrative about your alternative path
• Drive and a track record of going above-and-beyond expectations
• Deep personal motivation to be at the forefront of technology security
• Leadership and management ability
• Excellent business English writing and presentation skills
• Confidence to report security performance metrics with accountability for accuracy and completeness
  
  

• Experience in offensive or defensive security teams with hands-on ability
• Experience with open source security tools
• Experience with security standards such as ISO 27001
• Experience with security posture management of corporate endpoitns

• Seniority level Director

• Employment type Full-time

• Job function Other, Information Technology, and Management
• Industries Software Development

Referrals increase your chances of interviewing at Canonical by 2x

We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.

Canonical Cape Town, Western Cape, South Africa

Join to apply for the Threat Intelligence Lead role at Canonical

Continue with Google Continue with Google

Canonical Cape Town, Western Cape, South Africa

Join to apply for the Threat Intelligence Lead role at Canonical

Get AI-powered advice on this job and more exclusive features.

Continue with Google Continue with Google

Continue with Google Continue with Google

Continue with Google Continue with Google

Continue with Google Continue with Google

Continue with Google Continue with Google

Continue with Google Continue with Google

The Threat Intelligence Lead will own Canonical's threat intelligence strategy and execution, including understanding of which cyber threat actors are targeting Canonical, and the use of intelligence on Tactics, Techniques and Procedures (TTP) to better our products and internal cybersecurity controls. You will collaborate with internal stakeholders as well as with the wider cybersecurity community, making sure that Canonical is recognised as a thought leader on open source threat intelligence.

This role will report to the CISO.

You will lead intelligence gathering and development activities on threat actors targeting software supply chains. You'll study attack trends across the wider open source software landscape, report findings to internal security teams, and advise the wider engineering community on the best course of action to detect and mitigate possible threats.

As the publisher of Ubuntu, Canonical products are directly or indirectly present in almost every organisation and household in the world, making them a prime target for threat actors. This team's mission is to help Canonical, and by extension countless community members and companies around the world, secure their software infrastructure.

What you'll do in this role

• Build and own Canonical's threat intelligence strategy
• Build and maintain OSINT research environments
• Develop OSINT tradecraft, principals, and techniques
• Identify and track targeted intrusion cyber threats, trends, and new developments by cyber threat actors through analysis of proprietary and open source datasets
• Collaborate across teams to inform on activity of interest
• Coordinate adversary/campaign tracking
• Contribute to the wider threat intelligence community, establishing Canonical as a key contributor and thought leader in the space
• Work with product and engineering teams to explain cybersecurity threats and advise on mitigation strategies
• Work with the OPSEC and IS team to help implement/update security controls prioritising cyber defence
• Identify intelligence gaps and propose new tools and research projects to fill them
• Conduct briefings for executives, internal stakeholders and external customers
  
  

• An experienced threat intelligence leader (or similar)
• Knowledgeable about the current open source threat landscape and computer networking/infrastructure concepts
• Highly competent with OSINT tools (e.g., Buscador, Trace Labs OSINT VM, OSINT Framework, Maltego, Shodan, social media scraping tools, etc.)
• Able to identify, organise, catalogue, and track adversary tradecraft trends — often with incomplete data
• Experienced using threat intelligence data to influence enterprise architecture or product development decisions
• An excellent communicator with the ability to clearly articulate and tailor technical content to a variety of audiences
• Able to travel twice a year, for company events up to two weeks long
  
  

• A professional portfolio of OSINT related scripts, tools, or frameworks
• Demonstrated involvement in the larger OSINT community (please share relevant links)
• Degree qualified, with a bachelor's degree in computer science, information security, or a related field
• Certifications in related areas (e.g. GOSI, SANS SEC487 & SEC587, IntelTechniques OSIP, etc)
• Experience in a tech company or government/military signal intelligence departments
  
  

• Distributed work environment with twice-yearly team sprints in person
• Personal learning and development budget of USD 2,000 per year
• Annual compensation review
• Recognition rewards
• Annual holiday leave
• Maternity and paternity leave
• Employee Assistance Programme
• Opportunity to travel to new locations to meet colleagues
• Priority Pass, and travel upgrades for long haul company events
  
  

• Seniority level Mid-Senior level

• Employment type Full-time

• Job function Information Technology
• Industries Software Development

Referrals increase your chances of interviewing at Canonical by 2x

Get notified about new Threat Intelligence Lead jobs in Cape Town, Western Cape, South Africa .

We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.

Join to apply for the L2 Security Operations Centre (SOC) Analyst role at Apex Group Ltd

Join to apply for the L2 Security Operations Centre (SOC) Analyst role at Apex Group Ltd

Get AI-powered advice on this job and more exclusive features.

The Apex Group was established in Bermuda in 2003 and is now one of the world’s largest fund administration and middle office solutions providers.

Our business is unique in its ability to reach globally, service locally and provide cross-jurisdictional services. With our clients at the heart of everything we do, our hard-working team has successfully delivered on an unprecedented growth and transformation journey, and we are now represented by over circa 13,000 employees across 112 offices worldwide.Your career with us should reflect your energy and passion.

That’s why, at Apex Group, we will do more than simply ‘empower’ you. We will work to supercharge your unique skills and experience.

Take the lead and we’ll give you the support you need to be at the top of your game. And we offer you the freedom to be a positive disrupter and turn big ideas into bold, industry-changing realities.

For our business, for clients, and for you

Role Purpose

The L2 SOC Analyst plays a critical role in Apex Group’s global cyber defense capabilities. This role is responsible for monitoring, triaging, and analyzing security alerts, assisting with containment actions, and ensuring credible threats are escalated promptly and accurately. All investigative work must be documented within ServiceNow in alignment with incident handling procedures. The L2 Analyst supports continuous monitoring across Apex’s cloud, endpoint, identity, and network environments using approved enterprise security tools.

Key Responsibilities

• Monitor and triage alerts from SIEM, EDR, and email/cloud security platforms.
• Investigate security events by correlating telemetry from multiple data sources.
• Escalate validated security incidents with appropriate context and investigative findings.
• Assist in executing containment actions such as account disablement or host isolation as instructed by senior analysts.
• Document all activities, analysis steps, and decisions in ServiceNow with completeness and audit readiness.
• Collaborate with engineering and detection teams to refine detection logic and reduce false positives.
• Contribute to SOC runbooks, standard operating procedures, and daily handover
• documentation.
• Participate in regular shift handovers and cross-regional coordination within the GSOC model.
  
  

• SIEM: Exabeam Advanced Analytics
• Endpoint Detection and Response: Microsoft Defender for Endpoint, Identity, and Email
• Email Security: Mimecast, Tessian
• Threat Intelligence: Microsoft Defender Threat Intelligence (MDTI) and integrated sources
• within Exabeam and Microsoft 365 Security
• Case Management: ServiceNow
• Collaboration and Documentation: Microsoft Teams, Confluence.
  
  

• Minimum 2–3 years of experience in a Security Operations Centre (SOC) or equivalent cyber monitoring role.
• Strong understanding of cybersecurity concepts, attack techniques, and threat frameworks such as MITRE ATT&CK.
• Experience working with SIEM and EDR tools in enterprise environments.
• Familiarity with common log formats (Windows, Linux, cloud services) and basic network
  
  

• Ability to assess the severity and impact of security events and respond appropriately.
• Strong written and verbal communication skills with a focus on clear and structured escalation reporting.
• Willingness to participate in rotational or hybrid shift models based on operational requirements.
  
  

• CompTIA Security+ or CySA+
• Microsoft Certified: Security Operations Analyst Associate (SC-200)
• SANS GIAC certifications such as GCIH or GCIA (preferred but not mandatory
  
  

• Mean Time to Triage (MTTT)
• Escalation accuracy and incident quality.
  
  

• Seniority level Mid-Senior level

• Employment type Full-time

• Job function Information Technology

Referrals increase your chances of interviewing at Apex Group Ltd by 2x

Get notified about new Security Operations Center Analyst jobs in Cape Town, Western Cape, South Africa .

Cape Town, Western Cape, South Africa 2 weeks ago

Cape Town, Western Cape, South Africa 2 weeks ago

Cape Town, Western Cape, South Africa 1 week ago

Cape Town, Western Cape, South Africa 4 months ago

Cape Town, Western Cape, South Africa 1 week ago

City of Cape Town, Western Cape, South Africa 2 weeks ago

Cape Town, Western Cape, South Africa 4 days ago

Cape Town, Western Cape, South Africa 3 months ago

Cape Town, Western Cape, South Africa 3 months ago

City of Cape Town, Western Cape, South Africa 3 days ago

Cape Town, Western Cape, South Africa 3 days ago

Cape Town, Western Cape, South Africa 6 days ago

Cape Town, Western Cape, South Africa 22 hours ago

Cape Town, Western Cape, South Africa 3 months ago

Cape Town, Western Cape, South Africa 5 days ago

Cape Town, Western Cape, South Africa 5 days ago

Cape Town, Western Cape, South Africa 1 month ago

Cape Town, Western Cape, South Africa 2 months ago

City of Cape Town, Western Cape, South Africa 2 weeks ago

Cape Town, Western Cape, South Africa 3 days ago

City of Cape Town, Western Cape, South Africa 3 days ago

Cape Town, Western Cape, South Africa 5 days ago

City of Cape Town, Western Cape, South Africa 2 days ago

Cape Town, Western Cape, South Africa 5 days ago

We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.

My client in the financial industry is looking for a Cyber Security Specialist.

The role of the Cyber Security Consultant: Operations will form part of the team which focuses on Cyber Security Operations services to businesses on the Shared Network. This team is responsible for management of the PKI, Anti-Virus, Vulnerability Management, Security Configuration Management, Firewall compliance, and Web and Email content filtering environments. The team also manages the Data Leakage Prevention, Network Access Management, and Privileged Account Management infrastructure and processes.

What will you be responsible for?

On a day-to-day basis, the Consultant will be involved with the configuration, monitoring, and management of:

• Anti-Virus Infrastructure
• Data Leakage Prevention system, rules, and reports
• Privileged Account Management process
• Network Access Control - process and exception handling
• Vulnerability Scanning, reporting, proposing remediation actions, and tracking compliance
• Security hardening baseline compliance scanning, reporting, and remediation

On an ad hoc basis, the consultant will support businesses in:

• Issuing, renewing, and revoking PKI digital certificates.
• Assessing internet and email use on request of Forensics or HR departments.
• Performing scheduled tasks like reviewing Firewall rule configuration and reporting.

The consultant will be required to report on the status of the cyber security control environments on a weekly, monthly, and quarterly basis.

The consultant will continuously consider ways to improve the effectiveness and efficiency of monitoring and response controls.

The consultant will contribute to the knowledge and skills of the team by sharing lessons learned and knowledge gained through research, conferences, training courses, or interaction with experts.

Qualifications

• Matric
• Information Technology diploma or degree
• Information Security certification (preferable)

Experience

At least 3 - 5 years in hands-on technical experience which includes:

• Network experience (TCP/IP, Firewalls, IPS, NAC)
• Anti-Virus System management and Configuration
• Data Leakage Prevention tool configuration
• Logical Access Management (AD, PAM)
• Information Security Operations (Security+, CISSP will be beneficial)
• Vulnerability Management (use of well-known vulnerability scanning tools and interpretation of CVSS scores)

Required Skills

• Security Auditing
• Reporting and Administration
• Security tools monitoring

The role of the Cyber Security Consultant: Operations will form part of our client’s team which focuses on Cyber Security Operations services to businesses on our client’s Shared Network. This team is responsible for management of the PKI, Anti-Virus, Vulnerability Management, Security Configuration Management, Firewall compliance, Web, and Email content filtering environments. The team also manages the Data Leakage Prevention, Network Access Management and Privileged Account Management infrastructure and processes.

• On a day-to-day basis the Consultant will be involved with the configuration, monitoring, and management of:
• Anti-Virus Infrastructure
• Data Leakage Prevention system, rules, and reports
• Privileged Account Management process
• Network Access Control process and exception handling.
• Vulnerability Scanning, reporting, proposing remediation actions and tracking compliance.
• Security hardening baseline compliance scanning, reporting and remediation.
• On an ad hoc basis the consultant will support businesses in:
• Issuing, renewing, and revoking PKI digital certificates.
• Assessing internet and email use on request of Forensics or HR departments.
• The consultant will also be performing scheduled tasks like review Firewall rule configuration and report.
• The consultant will be required to report on the status of the cyber security control environments on a weekly, monthly, and quarterly basis.
• The consultant will continuously consider ways to improve the effectiveness and efficiency of monitoring and response controls.
• The consultant will contribute to Knowledge and Skills of the team, by sharing lessons learned and knowledge gained through research, conferences, training courses or through interaction with experts.

• Matric
• Information Technology diploma or degree
• Information Security certification (preferable)

At least 3 – 5 years in hands-on technical experience which includes:

• Network experience (TCP/IP, Firewalls, IPS, NAC)
• Operating System management and Hardening (Windows, Linux, CIS hardening baselines)
• Anti-Virus System management and Configuration
• Data Leakage Prevention tool configuration
• Logical Access Management (AD, PAM)
• Information Security Operations (Security+, CISSP will be beneficial)
• Vulnerability Management (use of well-known vulnerability scanning tools and interpretation of CVSS scores)

• Security Auditing.
• Risk management.
• Incident Investigation.
• Reporting and Administration.
• Security tools monitoring.

• Interpersonal savvy - Contributing independently.
• Decision quality - Contributing independently.
• Plans and aligns - Contributing independently.
• Optimises work processes - Contributing independently.

• Cultivates innovation - Contributing independently.
• Customer focus - Contributing independently.
• Drives results - Contributing independently.
• Collaborates - Contributing independently.
• Being resilient - Contributing independently.

Market related - Monthly

FusionTek is a Managed Security Service Provider (MSSP) with offices in multiple US locations and team members globally. We’re a tight-knit team of friendly, intelligent people focused on IT infrastructure management for small- to mid-sized businesses since 2007.

We’re also rapidly growing and are looking for top-tier candidates who share our four core values:

• We are team players, collectively working towards a common goal.
• We work each day with a growth mindset focused on the success of our coworkers, clients, and the company.
• We do the right thing with an honest and transparent approach that always puts our clients first.
• We take ownership of our work, always seeing it through to completion.
• We execute quickly and precisely, both internally and externally.

If this opportunity excites you, we invite you to continue reading! Join our team as an Incident Response Technical Lead. We’re seeking a proactive problem-solver with a client-focused attitude who thrives on tackling technical challenges.

As an Incident Response Tech Lead, you will provide excellence in high-touch technical management for incident response projects. This includes frequent technical and non-technical written, verbal, and video call (Zoom / Teams) updates with all stakeholders on a project, both within FusionTek and externally. Throughout the day, you’ll be translating technology to clients who aren’t always technical, so communication skills are paramount in this role. A broad technical foundation is also required, as you will make decisions on the client’s recovery strategy and will serve as an escalation point and subject matter expert to FusionTek team members and the client.

We are currently staffing the following shifts:

8:00 AM – 5:00 PM, Sunday to Thursday or Tuesday to Saturday - South Africa Standard Time (SAST)

2:00 PM – Midnight (Friday to Monday) - South Africa Standard Time (SAST)

Here’s what you’ll be doing:

• You’ll primarily be focused on technical management of incident response recovery efforts from start to finish. This can include initial project mobilization, assignment and management of technical workstreams, and frequent client and vendor communication. There are daily (sometimes more frequently) updated calls and associated reporting.
• Incident response projects can often begin over a weekend or outside of traditional business hours, and weekends are crucial recovery opportunities to lessen the impact the client feels as their businesses are often completely down.
• You’ll work through our ticketing system to document, track, and escalate project tasks and tickets, and you’ll also work on our documentation platform to keep everything up to date along the way.
• You'll serve as an escalation point on technical questions from other engineers and the client.
• You’ll be working with a team of intelligent people to deliver world-class service to our clients

• Excellent comprehension and communication in the English language
• Previous experience leading a technical team
• Knowledge of Office 365 / Azure cloud services
• Knowledge of Active Directory
• Knowledge of complex networking troubleshooting (VLANs/routing/subnetting/packet captures)
• Broad understanding of how operating systems work
• Knowledge of advanced OS troubleshooting (boot issues/corruption of profiles/OS files)
• Comfortable working in different OSs, both in CLI and GUI
• SQL DB knowledge is a plus
• Knowledge of advanced firewall configuration skills (creating and troubleshooting complex firewall policies/routes)
• Experience troubleshooting ingress/egress issues
• Comfortable working in diverse firewall UIs (SonicWall, Meraki, FortiGate, Cisco, WatchGuard, etc.)
• Strong comprehension of system architecture (i.e. - how servers’ function, what their roles are, etc.)
• Understanding of the elements of network and system performance
• Time management skills are crucial to your success in this role
• Superb verbal and written communications skills are a must
• Demonstrated skillset through industry certifications or an agreed upon plan to obtain them
• Previous recovery / remediation experience a plus
• Experience working in a ticketing system is preferred, with Autotask experience a plus

At FusionTek, we truly believe that our people are our most valuable asset, which is why we’re excited to provide:

• Salary range – R800,000 to R950,000
• Quarterly bonus eligibility based on specific KPIs.
• Educational reimbursement for certification tests and company supplied training resources

FusionTek is a Managed Security Service Provider (MSSP) with offices in multiple US locations and team members globally. We’re a tight-knit team of friendly, intelligent people focused on IT infrastructure management for small- to mid-sized businesses since 2007.

We’re also rapidly growing and are looking for top-tier candidates who share our four core values:

• We are team players, collectively working towards a common goal.
• We work each day with a growth mindset focused on the success of our coworkers, clients, and the company.
• We do the right thing with an honest and transparent approach that always puts our clients first.
• We take ownership of our work, always seeing it through to completion.
• We execute quickly and precisely, both internally and externally.

If this opportunity excites you, we invite you to continue reading! Join our team as an Incident Response Technical Lead. We’re seeking a proactive problem-solver with a client-focused attitude who thrives on tackling technical challenges.

As an Incident Response Tech Lead, you will provide excellence in high-touch technical management for incident response projects. This includes frequent technical and non-technical written, verbal and video call (Zoom / Teams) updates with all stakeholders on a project, both within FusionTek and externally. Throughout the day you’ll be translating technology to clients who aren’t always technical, so communication skills are paramount in this role. A broad technical foundation is also required, as you will make decisions on the client’s recovery strategy and will serve as escalation point and subject matter expert to FusionTek team members and the client.

We are currently staffing the following shifts:

8:00 AM – 5:00 PM, Sunday to Thursday or Tuesday to Saturday - South Africa Standard Time (SAST)

2:00 PM – Midnight (Friday to Monday) - South Africa Standard Time (SAST)

Here’s what you’ll be doing:

• You’ll primarily be focused on technical management of incident response recovery efforts from start to finish. This can include initial project mobilization, assignment and management of technical workstreams, and frequent client and vendor communication. There are daily (sometimes more frequently) updated calls and associated reporting.
• Incident response projects can often begin over a weekend or outside of traditional business hours, and weekends are crucial recovery opportunities to lessen the impact the client feels as their businesses are often completely down.
• You’ll work through our ticketing system to document, track, and escalate project tasks and tickets, and you’ll also work on our documentation platform to keep everything up to date along the way.
• You'll serve as an escalation point on technical questions from other engineers and the client.
• You’ll be working with a team of intelligent people to deliver world-class service to our clients

• Excellent comprehension and communication in the English language
• Previous experience leading a technical team
• Knowledge of Office 365 / Azure cloud services
• Knowledge of Active Directory
• Knowledge of complex networking troubleshooting (VLANs/routing/subnetting/packet captures)
• Broad understanding of how operating systems work
• Knowledge of advanced OS troubleshooting (boot issues/corruption of profiles/OS files)
• Comfortable working in different OSs, both in CLI and GUI
• SQL DB knowledge is a plus
• Knowledge of advanced firewall configuration skills (creating and troubleshooting complex firewall policies/routes)
• Experience troubleshooting ingress/egress issues
• Comfortable working in diverse firewall UIs (SonicWall, Meraki, FortiGate, Cisco, WatchGuard, etc.)
• Strong comprehension of system architecture (i.e. - how servers’ function, what their roles are, etc.)
• Understanding of the elements of network and system performance
• Time management skills are crucial to your success in this role
• Superb verbal and written communications skills are a must
• Demonstrated skillset through industry certifications or an agreed upon plan to obtain them
• Previous recovery / remediation experience a plus
• Experience working in a ticketing system is preferred, with Autotask experience a plus

At FusionTek, we truly believe that our people are our most valuable asset, which is why we’re excited to provide:

• Salary range – R800,000 to R950,000
• Quarterly bonus eligibility based on specific KPIs.
• Educational reimbursement for certification tests and company supplied training resources

• Conduct incident and investigation post-mortem analysis, and reporting;

• Conduct forensic investigations including physical/logical disk, network packet capture, memory analysis or malware analysis;

• Use EDR/XDR tools to triage and respond to cyber incidents;

• Plan, organise and devise approaches necessary to respond to incidents and obtain useful forensic information from the evidence collected;

• Prioritising and differentiating between potential intrusion activity and false alarms;

• Provide technical guidance to investigations to correctly gather, analyse and present digital evidence to both business and legal audiences;

• Collate conclusions and recommendations and present forensics findings to stakeholders;

• Contribute to the development of internal scripts and tools for incident response; • Correlate threat intelligence with active attacks and vulnerabilities within the enterprise;

• Research and test out new DFIR tooling and techniques;

• Provide incident response support services for client assignments; and

• Assist with crisis management and driving the incident response capabilities to deal with emerging threats.

Skills and Experience

• Experience in forensic capture and investigation tools such as EnCase, X-Ways, SIFT or FResponse;

• Knowledge of Windows system internals and ability to identify common indicators of compromise from dead or live systems and live memory using tools such as the SysInternals suite, RegRipper, Volatility, or Mandiant Redline;

• Experience of gleaning and analysing security information from enterprise network and host based sensors, such as IDS/IPS systems, HIDS, SIEMs, AD controllers and firewalls;

• Expertise analysing raw network traffic captures or deployment and use of network forensics or monitoring devices such as FireEye, Solera, WireShark, SNORT or Netwitness;

• Knowledge of offensive security and ethical hacking techniques, together with Threat Intelligence methodologies.

• Consulting experience deploying and using enterprise EDR or investigative products such as Tanium, Carbon Black, Mandiant MIR, CrowdStrike Falcon or EnCase Cybersecurity (advantageous); and

• Knowledge of scripting languages such as Python, Perl or PowerShell and their use in forensic analysis and live incident response, or experience using other programming languages to develop software for host-centric, network-centric or log-centric security analysis

Qualifications

• B.Tech, BsC Computer Science, Bcom IT or other relevant qualifications.

• Industry recognised certifications

Experience

• Management Experience would be an advantage;

• 2-3 years’ experience in incident response and/or cybersecurity;

• Digital forensics experience would be an advantage; and

• Consulting experience would be advantageous.

• The ability to draw insights from diverse data sets to aid investigations;

• Strong networking and general technical IT understanding;

• Understanding of ISO and NIST standards

• Pro-active and committed to delivery

• Ability to perform under pressure

• Planning and organising ability

• Analytical and solutions driven

• Flexible and adaptable to change

Drivers Licence

Essential (Non-negotiable). Own transport is required.

Overtime

In some instances, overtime will be required to meet project deliverables.

Travel Extensive travel required in the Gauteng region and nationally. Occasional travel internationally. Further, given the nature of the role travel could be at short notice.

Language

The incumbent must be fluent in English. Fluency in any other official language(s) would be advantageous

• Seniority level Mid-Senior level

• Employment type Full-time

• Job function Other
• Industries Business Consulting and Services

Referrals increase your chances of interviewing at PwC South Africa by 2x

Get notified about new Information Technology Associate jobs in Johannesburg Metropolitan Area .

Johannesburg, Gauteng, South Africa 2 hours ago

Johannesburg, Gauteng, South Africa 2 days ago

Johannesburg, Gauteng, South Africa 1 week ago

Johannesburg, Gauteng, South Africa 1 month ago

Johannesburg, Gauteng, South Africa 3 days ago

Woodmead, Gauteng, South Africa 1 week ago

Johannesburg Metropolitan Area 1 week ago

Johannesburg Metropolitan Area 2 days ago

City of Johannesburg, Gauteng, South Africa 2 weeks ago

Johannesburg, Gauteng, South Africa 1 day ago

Johannesburg, Gauteng, South Africa 5 days ago

Sandton, Gauteng, South Africa 2 weeks ago

Johannesburg, Gauteng, South Africa 6 days ago

City of Johannesburg, Gauteng, South Africa 1 day ago

Sandton, Gauteng, South Africa 2 days ago

Johannesburg, Gauteng, South Africa 6 months ago

Johannesburg Metropolitan Area 1 week ago

Johannesburg, Gauteng, South Africa 1 week ago

Johannesburg, Gauteng, South Africa 6 hours ago

Randburg, Gauteng, South Africa 2 days ago

City of Johannesburg, Gauteng, South Africa 4 weeks ago

Johannesburg, Gauteng, South Africa 3 days ago

Johannesburg, Gauteng, South Africa 1 day ago

Midrand, Gauteng, South Africa 3 weeks ago

City of Johannesburg, Gauteng, South Africa 4 weeks ago

Johannesburg, Gauteng, South Africa 6 days ago

City of Johannesburg, Gauteng, South Africa 3 weeks ago

Ivory Park, Gauteng, South Africa 5 hours ago

City of Johannesburg, Gauteng, South Africa 4 weeks ago

We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.