41 Senior Security Analyst jobs in Johannesburg

To analyse information security related tasks within the ambit of existing information security policies, standards and processes, procedures and practices as well as business rules. Working independently to deliver on work tasks. Mentor Administrators and Analyst I. Collaborate with other specialists to execute analysis work tasks, perform operational tasks, question, recommend and update improvements to the existing policies, process and procedures. To ensure stability and up-time for areas the incumbent takes responsibility for, which could require availability on demand to perform job related duties outside of normal working hours.

• We are looking for a suitable resource with general network security or web security experience to alleviate work pressures on our current team members
• Experience with Email and Web Proxies
• DNS Security knowledge
• Experience with Microsoft O365
• Assist with support of current email and web security tasks
• Liaise with other teams to promote good security practices and explain security procedures
• Experience with Security Technologies
• Building relationships with I&O Teams
• Oversee the implementation of the information security changes and check for the short comings and risks.
• Interpret MIS and system logs/ reports with the view to analyse and correct any deviations against standards and best practices.
• Participate in the implementation of new products as provided in the selection criteria.
• Act as the 1st point of problem resolution for non routine incidents and 1st line support for problems.
• Ensure compliance to standards and practises by familiarizing and keeping abreast of information security policies, rules, standards and processes, procedures and practices as well as business rules.
• Document and maintain all relevant processes and procedures mindful of current policies and standards.
• Create and maintain information security standards.
• Oversee and monitor the information security environment according to set standards.
• Review and contribute to project documentation including business requirements, designs and implementation.
• Create design documentation according to relevant standards and practices
• Implement specific Information security technologies.
• Gain further exposure and experience on multiple technologies by job shadowing Information Security analysts III and Technical Specialist.
• Log submit and implement low, medium and high risk changes independently.
• Provide guidance and supervision to Administrators and Analyst I on implementation and changes.
• Oversee and ensure change was successful in certain cases and when required perform unit testing.
• Oversee and ensure back-ups are done, documents are stored and statuses updated.
• Analyse logs and reports independently and provide supervision to Administrators and Analyst I.
• Monitor and action Service Manager low, medium and high impact incidents and e-mails related to Information Security.
• Ensure job related tasks and processes are in place.
• Ensure that the logging and submitting of all relevant incidents have taken place and resolve low, medium and high incidents.
• Conduct risk and root cause analyses around exceptions, queries, incidents as per operational procedures with the relevant internal and external stakeholders and provide feedback, confirm stakeholder satisfaction.
• Keep abreast of legislation and other industry changes that impacts on role by reading the relevant newsletters, websites and attending sessions.
• Improve personal capability and to stay abreast of developments in field of expertise by identify training courses and career progression opportunities for self through input and feedback from managers.
• Ensure information is provided correctly to stakeholders by maintaining knowledge sharing knowledge with team.
• Transfer of knowledge to team members.
• Identify and recommend opportunities to enhance processes, systems and policies and support implementation of new processes, policies and systems.

• Strong knowledge of Information Security Principles
• Ensuring security best practices are implemented , safeguarding network infrastructure against any potential threats
• Knowledge of Email Security
• Experience with Email Security Technologies
• Experience Service Now
• Experience Microsoft O365

• Matric / Grade 12 / National Senior Certificate
• Advanced Diplomas/National 1st Degrees

• CCNA - Security
• Security +
• Network +
• MS Azure Certifications – MS 365

Minimum of 3 years’ experience in an IT operations team dealing with the network Security tasks

• Administrative procedures and systems
• Data analysis
• Governance, Risk and Controls
• Principles of project management
• Relevant regulatory knowledge
• Relevant software and systems knowledge
• Cluster Specific Operational Knowledge
• System Development Life cycle(SDLC)
• TCP/IP
• Information Security terms and definitions
• Information Security policies and procedures
• Communication
• Customer Focus
• Initiating Action
• Managing Work
• Technical/Professional Knowledge and Skills

---

Please contact the Nedbank Recruiting Team at

If you can't find the job you're looking for, activate job alerts to be one of the first to know when new positions open up.

Nedbank Ltd Reg No 1951/ /06.
Authorised financial services and registered credit provider (NCRCP16).

For assistance please contact the Nedbank Recruiting Team at

ENVIRONMENT

A leading cybersecurity company based in Johannesburg is seeking a skilled and detail-oriented Red Team Penetration Tester /Security Analyst to join their dynamic team. The ideal candidate will have 2-5 years of hands-on experience in Penetration Testing, with a strong background in identifying and mitigating security vulnerabilities across various environments. This role involves conducting comprehensive security assessments, including but not limited to network, mobile, web, thick-client, wireless, social engineering, and physical penetration testing. The successful candidate will be responsible for analysing security risks, providing actionable recommendations, and collaborating with clients and internal teams to enhance overall cybersecurity posture. If you are passionate about ethical hacking, threat analysis, and proactive security measures, this is an excellent opportunity to grow your career in a fast-paced and innovative environment.

• Work as part of a vulnerability assessment and /or penetration testing team, taking direction from line managers and executing directives in a thorough and timely fashion
• Conduct vulnerability assessments on a wide variety of technologies and implementations utilising both automated tools and manual techniques
• Conduct network penetration tests
• Conduct application penetration tests (web and thick client)
• Conduct wireless and mobile security assessments
• Conduct social engineering assessments
• Conduct physical security assessments
• Effectively communicate successes and obstacles with fellow team members and line managers
• Interface with client contact(s) and staff in a constructive and professional manner
• Develop subject matter expertise in topics to include network, database, wireless and application security assessments and adversarial network operations
• Utilise common vulnerability assessment and penetration testing tools

• Working as part of a Red Team and assisting with the following duties (but not limited to):
• Initial reconnaissance – open-source intelligence (OSINT) for collecting information on the targets
• Initial compromise – gaining a foothold into the target environment through targeting weaknesses in people, process and / or technology.
• Deploy command-and-control servers (C&C or C2) and custom payloads to establish communication / persistence in the target’s network.
• Develop tools, techniques and procedures to evade detection by blue team (including the development of custom payloads)
• Escalate privileges and maintain persistence
• Exfiltrate and / or complete objectives

• Research new vulnerabilities with a focus on high-profile products
• Understand the terminology and tactics employed by threat actors Research new attack methods

• Minimum 2-5 years of Penetration Testing experience required Including conducting different types of assessments, such as network, mobile, web, thick, wireless, social engineering, physical, etc.
• Previous Red Team experience required

ENVIRONMENT

A leading cybersecurity company based in Johannesburg is seeking a skilled and detail-oriented Red Team Penetration Tester / Security Analyst to join their dynamic team. The ideal candidate will have 2-5 years of hands-on experience in Penetration Testing, with a strong background in identifying and mitigating security vulnerabilities across various environments. This role involves conducting comprehensive security assessments, including but not limited to network, mobile, web, thick-client, wireless, social engineering, and physical penetration testing. The successful candidate will be responsible for analysing security risks, providing actionable recommendations, and collaborating with clients and internal teams to enhance overall cybersecurity posture. If you are passionate about ethical hacking, threat analysis, and proactive security measures, this is an excellent opportunity to grow your career in a fast-paced and innovative environment.

• Work as part of a vulnerability assessment and /or penetration testing team, taking direction from line managers and executing directives in a thorough and timely fashion
• Conduct vulnerability assessments on a wide variety of technologies and implementations utilising both automated tools and manual techniques
• Conduct network penetration tests
• Conduct application penetration tests (web and thick client)
• Conduct wireless and mobile security assessments
• Conduct social engineering assessments
• Conduct physical security assessments
• Effectively communicate successes and obstacles with fellow team members and line managers
• Interface with client contact(s) and staff in a constructive and professional manner
• Develop subject matter expertise in topics to include network, database, wireless and application security assessments and adversarial network operations
• Utilise common vulnerability assessment and penetration testing tools

• Working as part of a Red Team and assisting with the following duties (but not limited to):
• Initial reconnaissance – open-source intelligence (OSINT) for collecting information on the targets
• Initial compromise – gaining a foothold into the target environment through targeting weaknesses in people, process and / or technology.
• Deploy command-and-control servers (C&C or C2) and custom payloads to establish communication / persistence in the target’s network.
• Develop tools, techniques and procedures to evade detection by blue team (including the development of custom payloads)
• Escalate privileges and maintain persistence
• Exfiltrate and / or complete objectives

• Research new vulnerabilities with a focus on high-profile products
• Understand the terminology and tactics employed by threat actors Research new attack methods

• Minimum 2-5 years of Penetration Testing experience required Including conducting different types of assessments, such as network, mobile, web, thick, wireless, social engineering, physical, etc.
• Previous Red Team experience required

Our client is looking for a talented Security Analyst who is ready to take on a variety of security assessments and grow their career in a high-energy, cutting-edge environment.

Responsibilities:

Penetration Testing:

• Collaborate within a team of experts to conduct vulnerability assessments and penetration tests across a wide range of technologies.
• Assess network, application (web and thick client), mobile, wireless, social engineering, and physical security, using both automated and manual techniques.
• Engage with clients professionally to deliver insights and constructive feedback, ensuring their security needs are met.
• Dive deep into security topics like network, database, and application security, developing your expertise along the way.
• Leverage your skills with penetration testing tools to uncover vulnerabilities and improve security measures.

Red Teaming:

• Become part of an elite Red Team, focusing on reconnaissance using open-source intelligence (OSINT) to gather actionable data.
• Take the lead in compromising systems by identifying vulnerabilities in people, processes, and technology.
• Develop and deploy command-and-control servers and custom payloads, establishing persistence within target environments.
• Evolve your craft by creating new tools, techniques, and procedures to avoid detection by defenders.
• Work on escalation, maintaining long-term access to compromised networks, and exfiltrating critical data.

Research and Development:

• Stay ahead of the curve by researching and identifying new vulnerabilities, focusing on high-profile products and systems.
• Understand and analyze the latest tactics used by threat actors to craft innovative security strategies.
• Develop and refine attack methodologies that will be used to strengthen future defensive efforts.

Requirements:

Experience:

• 2-5 years' hands-on Penetration Testing, including a strong background in network, mobile, web, and wireless security assessments.
• Strong understanding of common vulnerability assessment and penetration testing tools.
• Ability to think critically and creatively to solve complex security challenges.
• Strong communication skills for both internal collaboration and client-facing interactions.
• Passion for continuous learning and staying updated on the latest in cybersecurity.

Experian Johannesburg, Gauteng, South Africa

Experian Johannesburg, Gauteng, South Africa

Get AI-powered advice on this job and more exclusive features.

Experian is a global data and technology company, powering opportunities for people and businesses around the world. We help to redefine lending practices, uncover and prevent fraud, simplify healthcare, create marketing solutions, and gain deeper insights into the automotive market, all using our unique combination of data, analytics and software. We also assist millions of people to realize their financial goals and help them save time and money.

We operate across a range of markets, from financial services to healthcare, automotive, agribusiness, insurance, and many more industry segments.

We invest in people and new advanced technologies to unlock the power of data. As a FTSE 100 Index company listed on the London Stock Exchange (EXPN), we have a team of 22,500 people across 32 countries. Our corporate headquarters are in Dublin, Ireland. Learn more at experianplc.com.

Experian is a global data and technology company, powering opportunities for people and businesses around the world. We help to redefine lending practices, uncover and prevent fraud, simplify healthcare, create marketing solutions, and gain deeper insights into the automotive market, all using our unique combination of data, analytics and software. We also assist millions of people to realize their financial goals and help them save time and money.

We operate across a range of markets, from financial services to healthcare, automotive, agribusiness, insurance, and many more industry segments.

We invest in people and new advanced technologies to unlock the power of data. As a FTSE 100 Index company listed on the London Stock Exchange (EXPN), we have a team of 22,500 people across 32 countries. Our corporate headquarters are in Dublin, Ireland. Learn more at experianplc.com.

Principal Responsibilities

• Collaborate with technical and business teams to address security flaws and implement remediation plans.

• Oversee application security tasks, ensuring alignment with audit requirements and internal policies.

• Support change and incident management processes, with a focus on high-priority incidents (P1 & P2).

• Provide guidance to development and support teams on security-related ticket requirements and process expectations, ensuring SLA compliance.

• Act as a liaison with internal stakeholders to ensure clear communication and quality engagements.

• Support governance and administrative functions, including audit preparation and policy development.

• Compile and deliver regular reports, including weekly, monthly, and OSM-specific security metrics.

Required Key Skills (Functional/Technical)

Application Security & Vulnerability Management

• Familiarity with Common Vulnerability Scoring System (CVSS)

• Experience with tools like OWASP ZAP, Veracode, Rapid7 (on-prem), and Wiz.IO (cloud vulnerability management and CSPM)

• Track and assist in the closure of identified vulnerabilities, working closely with IT and Development teams

• Review and maintain secure configurations for systems, applications, and network devices

Security Fundamentals

• Working knowledge of encryption, authentication, and secure data transmission

• Knowledge of network security principles and firewall configurations

• Familiarity with SSO and MFA using OKTA, and directory services such as MS Active Directory

• Experience with CyberArk PAM for privileged access management

Security Information and Event Management (SIEM)

• Use of Splunk SIEM for real-time threat detection and log analysis

• Review and optimise SIEM use cases to enhance threat detection and response capabilities

Monitoring & Endpoint Security

• Experience with Tanium and MS Defender for server and endpoint security management

• Familiarity with IBM Guardium for database activity monitoring

• Exposure to Cyera for data identification and classification

Cloud & Infrastructure Security

• Experience with Wiz.IO for cloud security posture management (CSPM) and IaC scanning

• Understanding of secrets management using AWS Secrets Manager, Azure Key Vault, or GCP Secrets Manager

• Familiarity with Thales and AWS KMS/HSM for key management

Other Tools & Platforms

• Knowledge of SailPoint for identity governance

• Experience with CyCognito for external attack surface management

• Familiarity with Imperva for WAF, DDoS, and botnet protection

• Exposure to ProofPoint and MS Office365 Message Security for email security

• Use of 1Password for credential management

• Awareness of Netwrix for password policy enforcement

• Degree or equivalent qualifications and experience in Computer Science, Information Technology, Data or a related field Technical & Security Experience
• Experience with automated and manual methods for evaluating security controls in both on-prem and cloud environments
• Experience in monitoring and reporting on security flaws and supporting related remediation activities
• Familiarity with change management processes in technology environments Risk, Controls & Compliance
• Contribute to accurate statistical reporting on the market’s IT security posture
• Ensure first line of defence (1LoD) ownership of non-compliance issues, exception justifications, mitigation controls, and risk documentation
• Ensure accuracy and timely completion of control testing and remediations
• Collaborate with Security Partners, RISOs and other governance functions to drive remediation of identified security deficiencies
• Ability to compile management reports and presentations on technical risks, controls, and deficiencies Communication & Collaboration
• Strong ability to communicate complex information clearly and effectively
• Good collaboration, relationship-building, and interpersonal skills
• Act as primary liaison with internal, local and regional stakeholders, ensuring quality engagements and clear progress updates
  
  

Our uniqueness is that we celebrate yours. Experian's culture and people are important differentiators. We take our people agenda very seriously and focus on what matters; DEI, work/life balance, development, authenticity, collaboration, wellness, reward & recognition, volunteering. the list goes on. Experian's people first approach is award-winning; World's Best Workplaces 2024 (Fortune Top 25), Great Place To Work in 24 countries, and Glassdoor Best Places to Work 2024 to name a few. Check out Experian Life on social or our Careers Site to understand why.

Experian is proud to be an Equal Opportunity and Affirmative Action employer. Innovation is an important part of Experian's DNA and practices, and our diverse workforce drives our success. Everyone can succeed at Experian and bring their whole self to work, irrespective of their gender, ethnicity, religion, colour, sexuality, physical ability or age. If you have a disability or special need that requires accommodation, please let us know at the earliest opportunity.

Experian Careers - Creating a better tomorrow together

Find out what its like to work for Experian by clicking here

• Seniority level Not Applicable

• Employment type Full-time

• Job function Information Technology

Referrals increase your chances of interviewing at Experian by 2x

We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.

Location: South Africa, Johannesburg, Cape Town

Type: Permanent, Full Time

Published: 2 hours ago

We have a current opportunity for a Security Compliance Analyst on a permanent basis. The position will be based in Cape Town. For further information about this position please apply.

• HR Services, Recruitment & Selection

Overview

Make an impact with NTT DATA
Join a company that is pushing the boundaries of what is possible. We are renowned for our technical excellence and leading innovations, and for making a difference to our clients and society. Our workplace embraces diversity and inclusion – it’s a place where you can grow, belong and thrive.

Your day at NTT DATA

The Senior Information Security Incident Response Analyst is an advanced subject matter expert, responsible for detecting and monitoring escalated threats and suspicious activity affecting the organization's technology domain (servers, networks, appliances and all infrastructure supporting production applications for the enterprise, as well as development environments).

This role acts as the technical second responder for the team and supports the work of technical staff from various business areas, as well as third-party technical experts.

The Senior Information Security Incident Response uses their technical competencies of systems and automated mechanisms to detect unauthorized activity on company information assets.

• Manages the prevention and resolution of security breaches and ensure incident and problem management processes are initiated.
• Performs access management activities according to the policy.
• Implements and discusses security service audit schedules, review access authorization and perform the required access controls and testing to identify security weaknesses.
• Interacts with a global team of Cyber Security Analysts and specialists.
• Manages 2nd level triaging of security alerts, events, and notifications.
• Manages notifications of internal and/or external teams according to agreed alert priority levels, and escalation trees.
• Communicates status of response, resolution and final root cause analysis to the appropriate stakeholders.
• Follows and updates established and/or ad-hoc processes and work instructions and create procedures where deficiencies are identified.
• Logs, manages and coordinates service requests through to resolution including the identification, isolation, resolution and escalation of IT infrastructure faults.
• Maintains an understanding of current and emerging threats, vulnerabilities, and trends.

• Advanced understanding of End Point Protection Software.
• Advanced understanding of Enterprise Detection and Response software.
• Advanced knowledge of technological advances within the information security arena.
• Advanced understanding of inter-relationships in an overall system or process.
• Advanced knowledge of information security management and policies.
• Advanced understanding risk management principles and frameworks is crucial for prioritizing and addressing security incidents
• Advanced understanding of the organization's business operations, goals, and objectives enables the analyst to align incident response efforts with the broader business strategy.
• Ability to effectively communicate technical information to both technical and non-technical stakeholders, and end-users, as well as working with cross-functional teams during incident response.
• Ability to think critically, analyze information, and solve medium to complex problems.

• Bachelor’s degree or equivalent in Information Technology, Computer Science or related preferred.
• SANS GIAC Security Essentials (GSEC) or equivalent preferred.
• SANS GIAC Certified Intrusion Analyst (GCIA) or equivalent preferred.
• SANS GIAC Certified Incident Handler (GCIH) or equivalent preferred

• Advanced experience in a Technology Information Security Industry.
• Advanced experience or knowledge of SIEM and IPS technologies.
• Advanced experience with Wireshark or tcpdump to identify normal and abnormal/malicious traffic patterns and behaviors.

Workplace type: Hybrid Working

NTT DATA is a $30+ billion trusted global innovator of business and technology services. We serve 75% of the Fortune Global 100 and are committed to helping clients innovate, optimize and transform for long-term success. We invest over $3.6 billion each year in R&D to help organizations and society move confidently and sustainably into the digital future. As a Global Top Employer, we have diverse experts in more than 50 countries and a robust partner ecosystem of established and start-up companies. Our services include business and technology consulting, data and artificial intelligence, industry solutions, as well as the development, implementation and management of applications, infrastructure, and connectivity. We are also one of the leading providers of digital and AI infrastructure in the world. NTT DATA is part of NTT Group and headquartered in Tokyo.

NTT DATA is proud to be an Equal Opportunity Employer with a global culture that embraces diversity. We are committed to providing an environment free of unfair discrimination and harassment. We do not discriminate based on age, race, colour, gender, sexual orientation, religion, nationality, disability, pregnancy, marital status, veteran status, or any other protected category. Join our growing global team and accelerate your career with us. Apply today.

Third parties fraudulently posing as NTT DATA recruiters

NTT DATA recruiters will never ask job seekers or candidates for payment or banking information during the recruitment process, for any reason. Please remain vigilant of third parties who may attempt to impersonate NTT DATA recruiters—whether in writing or by phone—in order to deceptively obtain personal data or money from you. All email communications from an NTT DATA recruiter will come from an @nttdata.com email address. If you suspect any fraudulent activity, please contact us.