236 Security Specialist jobs in South Africa

Why choose Logicalis?

It's not just IT solutions, It's IT global know-how Logicalis is an international multi-skilled solution provider providing digital enablement services to help customers harness digital technology and innovative services to deliver powerful business outcomes.

Our customers span industries and geographical regions; and our focus is to engage in the dynamics of our customers' vertical markets; including financial services, TMT (telecommunications, media and technology), education, healthcare, retail, government, manufacturing and professional services, and apply the skills of our 4,500 employees in modernising key digital pillars; data centre and cloud services, security and network infrastructure, workspace communications and collaboration, data and information strategies, and IT operation modernisation. We are the advocates for our customers for some of the world's leading technology companies including Cisco, HPE, IBM, CA Technologies, NetApp, Microsoft, Oracle, VMware and ServiceNow

Logicalis employees are innovative, smart, entrepreneurial and customer centric, with a shared ambition of making Logicalis the worlds leading IT Solutions provider

We offer speedy decision-making, opportunities for personal development, and a supportive, inclusive environment that celebrates our diversity.

Join us and become a part of something epic

ROLE PURPOSE
The Security Operations Centre will provide defence against security breaches and actively isolate and mitigate security risks. The Security Specialist forms part of the security operations centre SOC team. The SOC Team will identify, analyse, and react to cyber security threats using a reliable set of processes and security technologies. The SOC Team includes the SOC Manager, SIEM Platform Manager, Case Manager, SOC Tier 1,2 and 3 Analysts and Security Specialists. They work with IT operational teams to address security incidents and events

quickly. The SOC Team will provide a critical layer of analysis needed to seek out any irregular activity that could suggest a security incident.

ROLE AND DELIVERY RESPONSIBILITIES:
The job role includes actively participating in the incident detection process as follows:

• Possesses in-depth knowledge of network, endpoint, threat intelligence, forensics and malware reverse Analysis, as well as the functioning of specific applications or underlying IT infrastructure
• Acts as an incident "hunter," not waiting for escalated incidents
• Closely involved in developing, tuning, and implementing threat detection analytics
• Acts as the escalation for Tier 1 and 2 SOC Analysts
• Responds to and oversees the remediation of a declared security incident
• Completes the Root Cause Analysis Report for P1 to P4
• Provides guidance to Tier 1 and 2 SOC Analysts
• Uses threat intelligence such as updated rules and Indicators of Compromise (IOCs) to pinpoint affected systems and the extent of the attack
• Monitors shift-related metrics ensuring applicable reporting is gathered and disseminated to the SOC Manager
• Make recommendations to the SOC Manager
• Oversees the analysis on running processes and configs on affected systems.
• Undertakes in-depth threat intelligence analysis to find the perpetrator, the type of attack, and the data or systems impacted
• Oversees the containment and recovery
• Oversees the deep-dive incident analysis by correlating data from various sources
• Validates if a critical system or data set has been impacted
• Provides support for analytic methods for detecting threats
• Conducts advanced triage based on defined run books of alerts
• Undertakes threat intelligence research if need be
• Validates false positives, policy violations, intrusion attempts, security threats and potential compromises
• Undertakes security incident triage to provide necessary context prior to escalating to relevant Security Specialists to perform deeper analysis when necessary
• Further analyses alarms by method e.g. credentials compromised and by asset class
• Based on the correlation rules and alarms within the SIEM and run books, further analyses anomaly tactic using the MITRE ATT&CK framework
• Analyses event and process metadata in real-time or retrospectively, and identify suspicious files/scripts seen for the first time
• Closes tickets in the SIEM platform – this would be automatically created into Service Now
• Manages security incidents using the SIEM platform and defined operational procedures
• Performs a further investigation of potential incidents, and escalate or close events as applicable
• Validates investigation results, ensuring relevant details are passed on to Tier 2 SOC Level 2 for further event analysis
• Closes out deeper analysis and review activities
• Assist senior SOC staff with operational responsibilities

PERSON REQUIREMENTS:
EXPERIENCE:

• Strong knowledge and experience working with SIEM Solutions, QRadar, McAfee ESM, Azure Sentinel
• Proven experience with Office 365, Active Directory, Azure and Microsoft Exchange.
• Strong knowledge and experience working with Linux Operating systems
• Good experience working with Nessus or Qualys
• Good understanding of the MITRE ATT&CK framework
• Good understanding of the ITIL Framework.
• Brilliant with a support ticketing system and experience in meeting SLA targets.
• Familiarity with risk management and quality assurance control.
• Excellent interpersonal skills and professional demeanor
• Excellent verbal and written communication skills
• Candidate must be eligible to obtain National Security Clearance

QUALIFICATIONS:

• Grade 12
• SIEM Technology certification.
• AZ500,SC100
• ITIL Foundation qualification
• Degree or Diploma in Computer Technology
• CompTIA A+, N+ S+
• CompTIA CySa, CISSP and CASP+ advantageous

ADDITIONAL SKILLS/ATTRIBUTES:

• Advanced Microsoft Excel experience, specifically data interpretation
• Good understanding of IT infrastructure
• A high command of the English language both written and verbal is essential.
• Self-motivated with the ability to work unsupervised.
• Attention to detail
• Punctuality
• Excellent verbal and written communication skills
• Ability to remain flexible and adapt to changing priorities with promptness, efficiency, and ease
• Possess proficient analytical and decision-making skills
• Demonstrated capacity for gathering and scrutinizing data to identify issues, opportunities, and patterns
• Proficient relationship building skills – predict customer behavior and respond accordingly
• A strong service-oriented ('can-do') culture, with a strong focus on the 'internal customer' approach, committed to exceeding customer expectations
• Good communicator with the customer environment
• Dynamic but aware of the views and feelings of others
• Able to operate as a good team player
• Drive and Energy
• Demonstrate clear purpose, enthusiasm, and commitment

Overview

You’ll play a pivotal role in accelerating revenue growth, expanding our unique value proposition into new industries, and helping clients solve complex security challenges. This is more than a security role—it’s a strategic opportunity to co-create value with clients by aligning their needs to integrated solutions.

APPLICATION REQUIREMENTS

South African citizenship.

Valid Matric certificate.

Valid passport – beneficial.

Driver’s license and / or reliable transport (mandatory).

Good standing with professional certification bodies.

SKILLS AND EXPERIENCE DESIRED FOR THE ROLE

3–5 years’ experience in a Security Analyst role.

Must have experience such as Systems Administrator or Network Engineer- highly beneficial.

Must have Consulting Experience.

Must have CSIRT Experience.

Proficiency in network architecture, endpoint protection, cloud environments (Azure or AWS), and system administration (on-premises and cloud).

Hands-on experience with SIEM tools, infrastructure monitoring, and orchestration platforms.

Familiarity with offensive and defensive security practices (SOC operations).

Solid understanding of frameworks such as MITRE ATTCCK, NIST, CIS, ISO 27001.

Strong incident response and threat detection capabilities.

Demonstrated efforts in ongoing cybersecurity development (e.g., HackTheBox, BTLO).

Certifications (one or more beneficial) : Security+, CEH, CISA, CISSP, OSCP, MCSE, CCNA, CASP.

• Multilayer reporting including Executive reporting.Lead the Detection and Validation Layers of a homegrown adaptive cyber defense platform.
• Champion and execute Incident Response operations, including deep technical analysis of complex security events.
• Act as the CSIRT Secretary during high-impact investigations and client-side incidents
• Optimize and maintain Incident Response Plans (IRP) and Service Level Agreements
• (SLA) within the Managed Detection and Response (MDR) function.
• Use advanced techniques and threat intelligence to validate hypotheses and recommend mitigation strategies.
• Provide thought leadership, contribute to organizational cybersecurity projects, and guide innovation across the team.
• Mentor and develop junior team members, sharing knowledge and fostering growth.
• Engage in after-hours support as needed for critical incidents.

Position

Security Incident & Problem Manager (Cyber Security) - Contract (Hybrid)

Location : Johannesburg, South Africa

• End-to-end management of incidents from reporting to resolution.
• Must adhere to internal processes and drive timely creation of RCA reports.
• Core competencies include incident handling, coordination of multiple teams, Root Cause Analysis and post-incident reviews, especially in cyber security.
• Coordinate interactions with multiple teams including third parties to drive incident resolution.
• Experienced in ITIL processes.

• Incident handling and end-to-end incident management.
• Coordination of cross-functional teams and external parties to resolve incidents.
• Root Cause Analysis and post-incident reviews.
• Proficiency with ITIL processes.

Schiffer Felix
Talent Acquisition Executive | UK & Europe

Ampstek Services Limited

Tel -

We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.

Overview

Our client is seeking an experienced Cyber Security Specialist to lead advanced security initiatives across enterprise, fixed, and IP networks. This is a high-impact role, protecting mission-critical systems while shaping the future of cyber security across multiple markets.

This is a 6-month renewable contract role

• Lead the design, development, and implementation of advanced cyber security controls across mobile, fixed, cloud, satellite, and IoT environments.
• Ensure compliance with ISO 27001, NIST, CIS Controls and other security frameworks through robust governance processes.
• Drive network hardening and cyber security controls across Customer Premise Equipment (CPE), PE devices, and core network equipment.
• Oversee SIEM and NetFlow-based monitoring, enhancing real-time attack detection and response.
• Deliver risk assessments, stakeholder engagement, and project delivery in alignment with regulatory requirements.
• Mentor and guide junior engineers, building high-performing technical teams.
• Define and monitor cyber security KRIs and KPIs, ensuring continuous improvement and compliance.
• Strong knowledge of Enterprise & Fixed networks.
• Excellent problem-solving and analytical ability for complex issues.
• Strong communication skills (verbal and written).
• Proven leadership ability to manage and inspire teams.
• Strategic thinker with the ability to drive change.
• Highly organised, with the ability to manage multiple tasks and priorities.
• Ability to collaborate effectively with cross-functional teams and stakeholders.

• Matric / Grade 12 (essential).
• Bachelor’s Degree / relevant tertiary qualification in Information Technology.
• Industry certifications strongly preferred: ISO 27001 Lead Practitioner, CCIE (Security), CCSP, CGEIT, CRISC, CISA, CISM, CISSP/CSSP.
• 95% compliance with Customer Cyber Security Network Control requirements (Hardening & CPE).
• 100% compliance for CPE, PE, and core network equipment patching/hardening, validated via quarterly security audits.
• 90% success rate in real-time attack detection and containment (via SIEM & NetFlow).
• 90% accuracy in first-line security posture measurements and second-line assurance validations (per Hardening KRI reporting).

• Seniority level: Mid-Senior level
• Employment type: Contract
• Job function: Information Technology
• Industries: Telecommunications

Note: This description excludes non-relevant postings and boilerplate content. EEO statements and legally required disclosures remain included as applicable.

The KPMG Africa Information Security Specialist is responsible for ensuring the confidentiality, integrity, and availability of all systems across KPMG Africa offices (South Africa, Botswana, Mauritius, Mozambique, Namibia, Zambia, Zimbabwe, Nigeria, Ghana, Kenya, Uganda, Tanzania, and Rwanda). The role involves actively managing and monitoring information security systems to detect, respond to, and remediate security risks and threats across the infrastructure.

4. Position Specifications

Educational Requirements (minimum necessary to perform the job):

• Professional / Tertiary qualification

Other Requirements:

Experience (minimum necessary):

Desired Qualifications and Experience:

• 3-5 years' experience in Information Technology Support or Information Security, including Microsoft Azure
• Industry-recognized certifications such as A+, N+, Security+, CySA+, and Cloud Security certifications like:

o Microsoft Certified: Security Operations Analyst Associate

o Microsoft Certified: Information Protection and Compliance Administrator Associate

o Microsoft Certified: Security, Compliance, and Identity Fundamentals

o Microsoft Certified: Identity & Access Management

o Microsoft Certified: Azure Security Engineer

• Professional certifications such as CISM, CISSP, ECIH are preferred but not required
• Strong knowledge of information security and cloud security concepts
• Experience in identifying, analyzing, and reporting on security risks and incidents
• Experience with security tools such as Qualys, Microsoft Defender Endpoint, Microsoft Sentinel, etc.
• Ability to evaluate vulnerabilities, develop mitigation strategies, and implement remediation
• Strong knowledge of operating systems, Microsoft Servers, Active Directory, and network protocols and technologies

5. Core Competencies:

• Attention to detail and accurate documentation
• Analytical skills to interpret information
• Ability to work independently and in a team
• Organizational and prioritization skills under pressure

6. Key Responsibilities & KPIs

Main Responsibilities:

• Monitoring incident response channels
• Executing the Information Security Incident Management Process and escalating high-priority issues
• Tracking and escalating open incidents
• Producing weekly and quarterly reports for the CISO on incident status and trends

Security Systems Configuration and Management:

• Daily monitoring of security systems to ensure proper functioning
• Configuration and management of security tools such as vulnerability, privileged access, and log management systems
• Reconciliation of assets to ensure coverage of security systems
• Reporting and issue resolution support for operational teams

Patch Management Monitoring:

• Monitoring patch management performance and identifying risks
• Addressing challenges to compliance

Threat and Event Monitoring:

• Detecting and escalating security threats and events

Vulnerability Management:

• Monitoring vulnerabilities daily
• Monthly asset reconciliation
• Managing vulnerability remediation with owners
• Supporting penetration testing activities

Supporting NITSO projects and other initiatives as required.

Eastern Cape, South Africa | Posted on 15/08/2025

The duties of the Security Specialist include (but are not limited to) the following:

• Assist with the delivery of various solutions to ensure that the Department ICT infrastructure solutions are protected against vulnerabilities. Required to work with the ECDOH ICT team to ensure compliance with best-practice security standards.
  
• Assist the Department with information security governance, incident and risk management and the management of the department systems and antivirus security solutions.
  
• Information security governance.
  
• Information security program development and management.
  
• Information security incident management.
  
• Ensure documentation is kept up to date.
  
• Interact with customers for fault resolution and training on new and modified applications.
  
• Liaise with Business teams, Application Support and IT teams to identify and resolve issues.
  
• Assist with training users.
  
• Plan, organize and control own work effort, including regular progress feedback to own and other relevant areas.
  
• Any other related tasks as required by the line manager.
  

• Degree/National Diploma in Computer Science/Information systems.
  
• Minimum of 6 years of working experience in Information security.
  
• OR a Grade 12 with at least 10 years' experience In Information security.
  
• ISACA CISM certified.
  
• Working experience as an ICT security specialist will be an added advantage.
  
• Be able to learn industry concepts quickly and business processes.
  
• Windows systems update management administration and management (WSUS)
  
• Microsoft Virus and Threat protection management
  
• Windows server security management; Firewall management