160 Threat Detection jobs in South Africa

Head of Vulnerability Management

Gauteng, Gauteng Redherd.io

Posted 16 days ago

Job Viewed

Tap Again To Close

Job Description

workfromhome

Job Title : Head of Vulnerability Management

Location : South Africa (Remote / Hybrid)

Work Type : Full-Time

Role Overview

Our client, a global leader in cybersecurity services, is seeking a hands-on and strategic Head of Vulnerability Management to lead their South Africa-based team. This role is responsible for driving operational excellence, leading a technical team, managing key customer relationships, and contributing to the development of global vulnerability management strategy.

The successful candidate will have strong leadership skills, deep vulnerability management knowledge, and the ability to support high-impact clients across various sectors.

Key Responsibilities

  • Team & People Management
  • Lead a team of analysts performing vulnerability assessments, tool configuration, and threat analysis.
  • Support team development, performance, wellbeing, and retention.
  • Guide recruitment efforts for technical staff.
  • Foster a collaborative and growth-focused team culture.

Customer Engagement & Escalation Handling

  • Act as a key escalation point for customer incidents and requests.
  • Serve as a trusted advisor, working closely with stakeholders to understand and respond to vulnerability-related risks.
  • Present findings and solutions to both technical and non-technical stakeholders.
  • Operational Leadership

  • Guide daily operations and workflow in the Vulnerability Operations team.
  • Participate in service improvement initiatives and develop internal processes.
  • Work hands-on with vulnerability scanning platforms and related technologies.
  • Collaborate with global leadership and contribute to strategy discussions across CERT and VOC functions.
  • Experience & Skills Required

    Essential

  • 5+ years of experience in information security or vulnerability management
  • 2+ years in a leadership or management role
  • Strong understanding of vulnerability scanning tools (e.g. Qualys, Tenable, Rapid7, Nucleus)
  • Ability to manage high-stakes client relationships and communicate technical risks effectively
  • Preferred

  • Experience in vulnerability operations or CERT / SOC environments
  • Knowledge of regulatory frameworks and security standards
  • Familiarity with endpoint detection technologies and false-positive triage
  • What You Bring

  • Leadership qualities rooted in humility, trust, and collaboration
  • Passion for mentoring and helping others grow
  • Strong communication skills and customer empathy
  • Analytical and detail-oriented mindset with a hands-on approach
  • Self-driven, solutions-oriented, and curious
  • #J-18808-Ljbffr
    This advertiser has chosen not to accept applicants from your region.

    Head of vulnerability management

    Gauteng, Gauteng Redherd.io

    Posted today

    Job Viewed

    Tap Again To Close

    Job Description

    permanent
    Job Title : Head of Vulnerability Management Location : South Africa (Remote / Hybrid) Work Type : Full-Time Role Overview Our client, a global leader in cybersecurity services, is seeking a hands-on and strategic Head of Vulnerability Management to lead their South Africa-based team. This role is responsible for driving operational excellence, leading a technical team, managing key customer relationships, and contributing to the development of global vulnerability management strategy. The successful candidate will have strong leadership skills, deep vulnerability management knowledge, and the ability to support high-impact clients across various sectors. Key Responsibilities Team & People Management Lead a team of analysts performing vulnerability assessments, tool configuration, and threat analysis. Support team development, performance, wellbeing, and retention. Guide recruitment efforts for technical staff. Foster a collaborative and growth-focused team culture. Customer Engagement & Escalation Handling Act as a key escalation point for customer incidents and requests. Serve as a trusted advisor, working closely with stakeholders to understand and respond to vulnerability-related risks. Present findings and solutions to both technical and non-technical stakeholders. Operational Leadership Guide daily operations and workflow in the Vulnerability Operations team. Participate in service improvement initiatives and develop internal processes. Work hands-on with vulnerability scanning platforms and related technologies. Collaborate with global leadership and contribute to strategy discussions across CERT and VOC functions. Experience & Skills Required Essential 5+ years of experience in information security or vulnerability management 2+ years in a leadership or management role Strong understanding of vulnerability scanning tools (e.g. Qualys, Tenable, Rapid7, Nucleus) Ability to manage high-stakes client relationships and communicate technical risks effectively Preferred Experience in vulnerability operations or CERT / SOC environments Knowledge of regulatory frameworks and security standards Familiarity with endpoint detection technologies and false-positive triage What You Bring Leadership qualities rooted in humility, trust, and collaboration Passion for mentoring and helping others grow Strong communication skills and customer empathy Analytical and detail-oriented mindset with a hands-on approach Self-driven, solutions-oriented, and curious #J-18808-Ljbffr
    This advertiser has chosen not to accept applicants from your region.

    Head of vulnerability management

    Pretoria, Gauteng Redherd.io

    Posted today

    Job Viewed

    Tap Again To Close

    Job Description

    permanent
    Job Title : Head of Vulnerability Management Location : South Africa (Remote / Hybrid) Work Type : Full-Time Role Overview Our client, a global leader in cybersecurity services, is seeking a hands-on and strategic Head of Vulnerability Management to lead their South Africa-based team. This role is responsible for driving operational excellence, leading a technical team, managing key customer relationships, and contributing to the development of global vulnerability management strategy. The successful candidate will have strong leadership skills, deep vulnerability management knowledge, and the ability to support high-impact clients across various sectors. Key Responsibilities Team & People Management Lead a team of analysts performing vulnerability assessments, tool configuration, and threat analysis. Support team development, performance, wellbeing, and retention. Guide recruitment efforts for technical staff. Foster a collaborative and growth-focused team culture. Customer Engagement & Escalation Handling Act as a key escalation point for customer incidents and requests. Serve as a trusted advisor, working closely with stakeholders to understand and respond to vulnerability-related risks. Present findings and solutions to both technical and non-technical stakeholders. Operational Leadership Guide daily operations and workflow in the Vulnerability Operations team. Participate in service improvement initiatives and develop internal processes. Work hands-on with vulnerability scanning platforms and related technologies. Collaborate with global leadership and contribute to strategy discussions across CERT and VOC functions. Experience & Skills Required Essential 5+ years of experience in information security or vulnerability management 2+ years in a leadership or management role Strong understanding of vulnerability scanning tools (e.g. Qualys, Tenable, Rapid7, Nucleus) Ability to manage high-stakes client relationships and communicate technical risks effectively Preferred Experience in vulnerability operations or CERT / SOC environments Knowledge of regulatory frameworks and security standards Familiarity with endpoint detection technologies and false-positive triage What You Bring Leadership qualities rooted in humility, trust, and collaboration Passion for mentoring and helping others grow Strong communication skills and customer empathy Analytical and detail-oriented mindset with a hands-on approach Self-driven, solutions-oriented, and curious #J-18808-Ljbffr
    This advertiser has chosen not to accept applicants from your region.

    Information Security Analyst

    Centurion, Gauteng R900000 - R1200000 Y Group Digital and Technology Office

    Posted today

    Job Viewed

    Tap Again To Close

    Job Description

    Introduction

    Through our client-facing brands Metropolitan and Momentum, with Multiply (wellness and rewards program), and our other specialist brands, including Guardrisk and Eris Property Group, the group enables business and people from all walks of life to achieve their financial goals and life aspirations.We help people grow their savings, protect what matters to them and invest for the future. We help companies and organization's care for and reward their employees and members. Through our own network of advisers or via independent brokers and utilising new platforms Momentum Metropolitan provides practical financial solutions for people, communities, and businesses. Visit us at

    Disclaimer

    As an applicant, please verify the legitimacy of this job advert on our company career page.

    Role Purpose

    This position is responsible for performing various tasks. This role is also required to conduct ongoing research in the IT security arena and regularly assist in the sales process.The ideal candidate will be responsible for conducting comprehensive penetration tests, identifying vulnerabilities, and providing recommendations to improve security posture. The ideal candidate must have experience in all forms of complex technical security assessments of clients' information technology systems (including the Internet, Intranet, applications, hosts, firewalls, mobile applications, etc.) and related policies and procedures. They must be highly motivated and have a good command of industry best practices.

    Requirements

    • 5+ years of experience in penetration testing, vulnerability assessment, or a related field.

    • Deep knowledge of security testing methodologies and frameworks (OWASP, NIST, etc.).

    • Proficiency with advanced penetration testing tools such as Metasploit, Burp Suite, Nessus, Nmap, etc.

    • Strong scripting skills (Python, Bash, PowerShell, etc.) for automating security tasks.

    • In-depth understanding of network protocols, operating systems, web technologies, and cloud environments.

    • CISSP and CEH certification preferred.

    • OSCP, OSEP, CCSP, CRTE, CRTP, or CRTO certification or equivalent is an advantage.

    Duties & Responsibilities

    • Lead and conduct comprehensive penetration tests on networks, applications, and systems to identify security weaknesses.

    • Develop and implement advanced security test plans, scenarios, and scripts.

    • Perform in-depth vulnerability assessments and security analysis using both automated tools and manual techniques.

    • Document and report security findings, providing actionable insights to clients and detailed recommendations for remediation.

    • Collaborate with cross-functional teams to prioritize and resolve security vulnerabilities.

    • Research and stay current with emerging security threats, vulnerabilities, and technology trends.

    • Participate in security incident response activities when required.

    • Assist in the development and refinement of security policies, procedures, and standards.

    • Provide training, guidance, and mentorship to junior penetration testers and other security staff.

    • Perform security assessments, including application scans (using tools such as Nessus, Burp Suite) and code reviews, to ensure compliance with Momentum Group's SDLC policies.

    • Participate in a variety of other internal security projects and information security activities as required.

    Competencies

    • Strong knowledge of OWASP Top 10 vulnerabilities and how to exploit/mitigate them.

    • Excellent technical writing skills for creating detailed assessment reports.

    • Self-driven, motivated, independent yet communicative and collaborative.

    • Ability to work unsupervised in a remote capacity and deliver results.

    • Good organizational skills and time management; ability to resolve conflicts, prioritize tasks, and follow quality benchmarks.

    • Strong verbal communication skills for presenting findings to technical and non-technical stakeholders.

    • Demonstrate a strong ability to engage with various stakeholders, have a team-based approach, and work towards shared goals and outcomes.

    • Ability to think outside the box and a passion to improve your skills and drive innovation.

    This advertiser has chosen not to accept applicants from your region.

    Information Security Analyst

    R150000 - R250000 Y INTERCERT INC

    Posted today

    Job Viewed

    Tap Again To Close

    Job Description

    Company Description

    INTERCERT is a multinational company headquartered in Texas, USA, operating in over 28 countries. Founded in 2009, INTERCERT is dedicated to building a secure and sustainable world through customer-centric services. We are accredited by leading organizations, including America's accreditation board under IAF for ISO Certification Services, Cloud Security Alliance for CSA STAR Certification services, AICPA CPA Firm for SOC1 & SOC2 Audit Attestation and CREST accreditation for PEN Testing Services. Our services also encompass CMMC, PCI DSS Certification, and Data Protection compliance for standards such as GDPR, HIPAA, and Cybersecurity frameworks. With a team of over 150 experienced assessors, we deliver global assessment services with a focus on compliance and excellence.

    Role Description

    This is a full-time, on-site role for an Information Security Analyst / Interns at INTERCERT INC., located in South Africa. The Information Security Analyst / Intern will be responsible for day-to-day tasks such as assist with the planning and execution of GRC audits such as ISO 27001, ISO 22301, ISO 27701, SOC2, GDPR etc.

    Qualifications

    Bachelor's Degree or equivalent focused on Information
    Security/Cybersecurity

    Experience Level

    0-6 months

    Roles and Responsibilities

    Assist with the planning and execution of GRC audits such as ISO 27001, ISO 22301, ISO 27701, SOC2, GDPR etc.

    Help assess the design and effectiveness of internal controls, including business and IT controls.

    Prepare reports and documentation for external audits and communicate audit findings and recommendations.

    Stay updated on evolving regulatory changes, industry standards, and best practices related to GRC, risk management, and auditing.

    This advertiser has chosen not to accept applicants from your region.

    Information Security Analyst II

    Johannesburg, Gauteng Nedbank

    Posted 18 days ago

    Job Viewed

    Tap Again To Close

    Job Description

    Overview

    Nedbank, Johannesburg, Gauteng, South Africa

    Position: Information Security Analyst II

    Requisition Details & Talent Acquisition Specialist

    REQ - Thembile Ndlovu

    Closing Date: 03 September 2025

    Available Roles: 2

    Career Stream: IT Risk

    Leadership Pipeline: Manage Self: Technical

    Job Purpose

    To analyse information security related tasks within the ambit of existing information security policies, standards and processes, procedures and practices as well as business rules. Working independently to deliver on work tasks. Mentor Administrators and Analyst I. Collaborate with other specialists to execute analysis work tasks, perform operational tasks, question, recommend and update improvements to the existing policies, process and procedures. To ensure stability and up-time for areas the incumbent takes responsibility for, which could require availability on demand to perform job related duties outside of normal working hours.

    Job Responsibilities
    • Capture timesheets timeously and accurately
    • Capture claims timeously and accurately
    • Propose solutions that must be cost effective whilst meeting information security requirements within budget.
    • Participate in negotiations on fair pricing from vendors for new technologies procured.
    • Manage and/or resolve low, medium and high incidents and engage with Specialists to resolve the high complexity incidents.
    • Build relationships with stakeholders to facilitate the flow of knowledge, input and discussion on new products and solutions as required by stakeholders.
    • Facilitate and manage the incident and problem management process when stakeholder environments are affected.
    • Oversee the implementation of the information security changes and check for the shortcomings and risks.
    • Interpret MIS and system logs/reports with the view to analyse and correct any deviations against standards and best practices.
    • Participate in the implementation of new products as provided in the selection criteria.
    • Act as the 1st point of problem resolution for non-routine incidents and 1st line support for problems.
    • Ensure compliance to standards and practices by familiarizing and keeping abreast of information security policies, rules, standards and processes, procedures and practices as well as business rules.
    • Document and maintain all relevant processes and procedures mindful of current policies and standards.
    • Create and maintain information security standards.
    • Oversee and monitor the information security environment according to set standards.
    • Review and contribute to project documentation including business requirements, designs and implementation.
    • Create design documentation according to relevant standards and practices
    • Implement specific information security technologies.
    • Gain further exposure and experience on multiple technologies by job shadowing Information Security Analysts III and Technical Specialist.
    • Log, submit and implement low, medium and high risk changes independently.
    • Provide guidance and supervision to Administrators and Analyst I on implementation and changes.
    • Oversee and ensure change was successful in certain cases and when required perform unit testing.
    • Oversee and ensure back-ups are done, documents are stored and statuses updated.
    • Analyse logs and reports independently and provide supervision to Administrators and Analyst I.
    • Monitor and action Service Manager low, medium and high impact incidents and emails related to Information Security.
    • Ensure job related tasks and processes are in place.
    • Ensure that the logging and submitting of all relevant incidents have taken place and resolve low, medium and high incidents.
    • Conduct risk and root cause analyses around exceptions, queries, incidents as per operational procedures with the relevant internal and external stakeholders and provide feedback, confirm stakeholder satisfaction.
    • Keep abreast of legislation and other industry changes that impacts on role by reading the relevant newsletters, websites and attending sessions.
    • Improve personal capability and stay abreast of developments in field of expertise by identifying training courses and career progression opportunities for self through input and feedback from managers.
    • Ensure information is provided correctly to stakeholders by maintaining knowledge sharing with team.
    • Transfer of knowledge to team members.
    • Identify and recommend opportunities to enhance processes, systems and policies and support implementation of new processes, policies and systems.
    Job Responsibilities Continue
    • Initial focus will be to implement Identity and Access Management (IAM), encryption, and network security in both Azure and AWS.
    • Support and maintain both Azure and AWS across Infrastructure as Code, containers and applications pipelines.
    • Very strong networking skills.
    • Experience with multiple security technologies.
    • Building relationships with I&O Teams.
    Essential Qualifications - NQF Level
    • Matric / Grade 12 / National Senior Certificate
    • Advanced Diplomas/National 1st Degrees
    Preferred Qualification
    • Degree or certification in computer science or similar field
    • Microsoft and AWS certifications: SC-200, SC-300, SC-400, Azure Security Engineer Associate, Azure Solutions Architect Expert, Cybersecurity Architect, and AWS certifications listed below
    • AWS Certified Solutions Architect – Associate
    • AWS Certified SysOps Administrator – Associate
    • AWS Certified Solutions Architect – Professional
    • AWS Certified DevOps Engineer – Professional
    • Strong knowledge on Linux Operating System
    • Strong knowledge on Linux Networks
    • Strong knowledge in Linux virtualization
    • Knowledge of scripting languages: Python, PowerShell, Bash, JavaScript/TypeScript, Terraform, YAML and JSON
    • SABSA – Sherwood Applied Business Security Architecture would be preferable
    • Good knowledge to ensure compliance with ISO 27001, GDPR, NIST and CSA guidelines
    Minimum Experience Level
    • At least 8 years in an IT environment of which at least 5 years in information security
    • Cloud platform knowledge – AWS and Azure
    • Networking knowledge – WAN, LAN and routing
    • Low-level design documentation skills
    • Knowledge of CSA, NIST and ISO frameworks
    • Experience delivering high-quality design for cloud environments including Kubernetes and cloud PaaS services
    • Experience working with large cross-functional teams
    • Experience working in high pressure demanding environments
    Technical / Professional Knowledge
    • Administrative procedures and systems
    • Data analysis
    • Governance, Risk and Controls
    • Principles of project management
    • Relevant regulatory knowledge
    • Relevant software and systems knowledge
    • Cluster Specific Operational Knowledge
    • System Development Life Cycle (SDLC)
    • TCP/IP
    • Information Security terms and definitions
    • Relevant Operating System
    • Information Security policies and procedures
    • Vendor Management Principles
    Behavioural Competencies
    • Applied Learning
    • Communication
    • Collaborating
    • Customer Focus
    • Initiating Action
    • Managing Work
    • Technical/Professional Knowledge and Skills

    Contact: Nedbank Recruiting Team at

    Seniority level
    • Associate
    Employment type
    • Full-time
    Job function
    • Information Technology

    Referrals increase your chances of interviewing at Nedbank by 2x

    #J-18808-Ljbffr
    This advertiser has chosen not to accept applicants from your region.

    Information Security Analyst MMH250401-13

    Centurion, Gauteng R500000 - R1200000 Y Momentum Group Limited

    Posted today

    Job Viewed

    Tap Again To Close

    Job Description

    Role Purpose

    This position is responsible for performing various tasks. This role is also required to conduct ongoing research in the IT security arena and regularly assist in the sales process.The ideal candidate will be responsible for conducting comprehensive penetration tests, identifying vulnerabilities, and providing recommendations to improve security posture. The ideal candidate must have experience in all forms of complex technical security assessments of clients' information technology systems (including the Internet, Intranet, applications, hosts, firewalls, mobile applications, etc.) and related policies and procedures. They must be highly motivated and have a good command of industry best practices.

    Requirements

    • 5+ years of experience in penetration testing, vulnerability assessment, or a related field.
    • Deep knowledge of security testing methodologies and frameworks (OWASP, NIST, etc.).
    • Proficiency with advanced penetration testing tools such as Metasploit, Burp Suite, Nessus, Nmap, etc.
    • Strong scripting skills (Python, Bash, PowerShell, etc.) for automating security tasks.
    • In-depth understanding of network protocols, operating systems, web technologies, and cloud environments.
    • CISSP and CEH certification preferred.
    • OSCP, OSEP, CCSP, CRTE, CRTP, or CRTO certification or equivalent is an advantage.

    Duties and Responsibilities

    • Lead and conduct comprehensive penetration tests on networks, applications, and systems to identify security weaknesses.
    • Develop and implement advanced security test plans, scenarios, and scripts.
    • Perform in-depth vulnerability assessments and security analysis using both automated tools and manual techniques.
    • Document and report security findings, providing actionable insights to clients and detailed recommendations for remediation.
    • Collaborate with cross-functional teams to prioritize and resolve security vulnerabilities.
    • Research and stay current with emerging security threats, vulnerabilities, and technology trends.
    • Participate in security incident response activities when required.
    • Assist in the development and refinement of security policies, procedures, and standards.
    • Provide training, guidance, and mentorship to junior penetration testers and other security staff.
    • Perform security assessments, including application scans (using tools such as Nessus, Burp Suite) and code reviews, to ensure compliance with Momentum Group's SDLC policies.
    • Participate in a variety of other internal security projects and information security activities as required.

    As an applicant, please verify the legitimacy of this job advert on our company career page

    This advertiser has chosen not to accept applicants from your region.
    Be The First To Know

    About the latest Threat detection Jobs in South Africa !

    Information Security Architect

    Johannesburg, Gauteng InfyStrat

    Posted 5 days ago

    Job Viewed

    Tap Again To Close

    Job Description

    Job title: Information Security Architect

    Contract duration: Start with 6 months

    First preference: EEE candidates

    Location: JHB

    The Head of Security Architecture for the organization is responsible for designing, implementing, and maintaining robust security architectures that protect sensitive data in compliance with regulations such as POPIA, GDPR. This role is critical in safeguarding the confidentiality, integrity, and availability of electronic health records (EHR), patient and employee information, medical devices, and cloud-based healthcare services. The role will focus on designing and developing security architecture that aligns business and corporate security strategy. The role will collaboratively direct Security Architects, IT, and Engineers to design and build security controls and solutions compliant with approved enterprise architecture frameworks and standards across business and digital.

    Key Responsibilities:

    • Design and develop complex and comprehensive security architectures for our systems, applications, and infrastructure, considering both current and future needs.
    • Collaborates with stakeholders, including developers, engineers, and project managers, to integrate security requirements into the system design and development lifecycle.
    • Provides guidance and expertise in secure coding practices, network security, identity and access management, data protection, and other security domains.
    • Model threats and risks, designing the controls necessary to mitigate them, on both an organizational and technical level – thinking like an attacker, understanding and anticipating the moves and tactics that a hacker might use to attack systems.
    • Follow the architecture analysis process, which consists of research, validation, and evaluation of all new initiatives, with phase gate reviews presented to all stakeholders during key forums, including current trends such as AI and LLMS.
    • Evaluates and selects security technologies, tools, and frameworks to support the organization’s security.
    • Define portfolio vision and reusable security patterns aligned with the EA strategy.
    • Lead architecture reviews for high-risk projects, driving recommendations to resolution.
    • Advise on security controls for hybrid and cloud platforms, balancing usability, cost, and compliance.
    • Defines and applies security policies, standards, and procedures to ensure compliance with industry regulations and best practices.
    • Leads incident response activities, including identification, containment, eradication, and recovery, in coordination with the incident response team.
    • Experience with Cloud Security platform vendors and technologies such as Azure and AWS.
    • Manage security architects and mentor engineers, developers, and vendors.

    What will you bring?

    • Risk-based decision-making - expert in ISO 27001 / NIST / CIS controls, able to quantify and articulate risk, then select proportionate, cost-effective controls.
    • Pen-testing & threat-modelling - scoping, overseeing, and translating results into enforceable patterns and backlog items.
    • Influential communication - proven ability to engage C-suite and delivery stakeholders alike, adapting style to gain agreement and drive secure-by-design culture.
    • Teamwork and Energy – work across different functional and business teams with effective collaboration.
    • Technical depth - hands-on knowledge of cloud security, IAM, container & API security, network segmentation, encryption, and DevSecOps toolchains; capable of explaining the exploitability of complex vulnerabilities. Zero trust design thinking.
    • Mentoring & governance - experience in line-managing or coaching security architects/engineers and running architecture assurance or design-review boards.
    • Secure-system design leadership - demonstrable track record creating or validating architectures for large-scale, high-risk services using recognised frameworks (SABSA, TOGAF).

    Requirements / Skills and Competence

    • Tertiary qualification in Computer Science, Engineering, or related field (preferred)
    • Minimum of 5-10 years of experience in Security Architecture.
    • CISSP, CISA, CISM, or other relevant security-related designation(s) preferred.
    • Certifications in CISSP-ISSAP, TOGAF, or SABSA, cloud architecture (Microsoft, AWS, GCP)
    • Experience in identifying gaps in existing architectures.
    • Understanding of security infrastructure in Public and Private Cloud, e.g., virtual network infrastructure, hybrid IaaS/PaaS/SaaS solutions.
    • Experience in designing security architectures to mitigate threats and sound knowledge of security strategies and technologies.
    • Direct the Project and Security teams with the guidance to build policies, standards, risks, and controls frameworks supporting operational requirements for the business.
    • Good experience in security architecture design in Cloud and on-prem.
    • Design and implementation of IOT, endpoint protection, and secure IAM.
    • Understanding of authentication and authorisation technologies (SAML, LDAP, PKI, etc.) and other IAM technologies
    • Understanding of the implementation, operation, and maintenance of SIEM, boundary protection technologies (firewalls, mail gateways), Antivirus, and AD security products
    • Knowledge of web application architectures and threat modelling.
    #J-18808-Ljbffr
    This advertiser has chosen not to accept applicants from your region.

    Information Security Specialist

    Johannesburg, Gauteng Kpmg-Southafrica

    Posted 11 days ago

    Job Viewed

    Tap Again To Close

    Job Description

    The KPMG Africa Information Security Specialist is responsible for ensuring the confidentiality, integrity, and availability of all systems across KPMG Africa offices (South Africa, Botswana, Mauritius, Mozambique, Namibia, Zambia, Zimbabwe, Nigeria, Ghana, Kenya, Uganda, Tanzania, and Rwanda). The role involves actively managing and monitoring information security systems to detect, respond to, and remediate security risks and threats across the infrastructure.

    4. Position Specifications

    Educational Requirements (minimum necessary to perform the job):

    • Professional / Tertiary qualification

    Other Requirements:

    Experience (minimum necessary):

    Desired Qualifications and Experience:

    • 3-5 years' experience in Information Technology Support or Information Security, including Microsoft Azure
    • Industry-recognized certifications such as A+, N+, Security+, CySA+, and Cloud Security certifications like:

    o Microsoft Certified: Security Operations Analyst Associate

    o Microsoft Certified: Information Protection and Compliance Administrator Associate

    o Microsoft Certified: Security, Compliance, and Identity Fundamentals

    o Microsoft Certified: Identity & Access Management

    o Microsoft Certified: Azure Security Engineer

    • Professional certifications such as CISM, CISSP, ECIH are preferred but not required
    • Strong knowledge of information security and cloud security concepts
    • Experience in identifying, analyzing, and reporting on security risks and incidents
    • Experience with security tools such as Qualys, Microsoft Defender Endpoint, Microsoft Sentinel, etc.
    • Ability to evaluate vulnerabilities, develop mitigation strategies, and implement remediation
    • Strong knowledge of operating systems, Microsoft Servers, Active Directory, and network protocols and technologies

    5. Core Competencies:

    • Attention to detail and accurate documentation
    • Analytical skills to interpret information
    • Ability to work independently and in a team
    • Organizational and prioritization skills under pressure

    6. Key Responsibilities & KPIs

    Main Responsibilities:

    • Monitoring incident response channels
    • Executing the Information Security Incident Management Process and escalating high-priority issues
    • Tracking and escalating open incidents
    • Producing weekly and quarterly reports for the CISO on incident status and trends

    Security Systems Configuration and Management:

    • Daily monitoring of security systems to ensure proper functioning
    • Configuration and management of security tools such as vulnerability, privileged access, and log management systems
    • Reconciliation of assets to ensure coverage of security systems
    • Reporting and issue resolution support for operational teams

    Patch Management Monitoring:

    • Monitoring patch management performance and identifying risks
    • Addressing challenges to compliance

    Threat and Event Monitoring:

    • Detecting and escalating security threats and events

    Vulnerability Management:

    • Monitoring vulnerabilities daily
    • Monthly asset reconciliation
    • Managing vulnerability remediation with owners
    • Supporting penetration testing activities

    Supporting NITSO projects and other initiatives as required.

    #J-18808-Ljbffr
    This advertiser has chosen not to accept applicants from your region.

    Information Security Specialist

    Johannesburg, Gauteng Kalagadi

    Posted 16 days ago

    Job Viewed

    Tap Again To Close

    Job Description

    ROLE DESCRIPTION: Information security specialists focus on keeping an organisation’s data and IT infrastructure secure, which requires a diverse set of skills and responsibilities.

    TASK AND RESPONSIBILITIES:

    1. Conduct threat and risk analysis and analyse the business impact of new and existing systems and technologies to eliminate risk, performance, and capacity issues. Implement vulnerability assessments and configure audits of operating systems, web servers, databases, and detect patterns, insecure features, and malicious activities in the infrastructure.
    2. Perform research, testing, evaluating, and deployment of security technology and procedures.
    3. Run diagnostics on any changes to data to verify any undetected breaches.
    4. Develop custom systems for specialized security features and procedures for software systems, networks, data centres, and hardware.
    5. Develop and implement information security standards, guidelines, and procedures.
    6. Keep current with new intrusion methods and develop protection plans. Have an in-depth understanding of vulnerabilities, management systems, and common security applications.
    7. Conduct counteractive protocols and report incidents. Offer customized risk ratings for vulnerabilities based on company policies and maintain IT security controls documentation.
    8. Provide customized security assessments, implement security policies, design security training materials, organize training sessions, provide technical support, and communicate security policies and procedures.

    FUNCTIONAL KNOWLEDGE:

    Contribute to strategy formulation & execution; business requirement analysis; Incident Management and Response; Business Threat Identification and Communication; Information Risk Assessment and Management; Regulatory and Legal Frameworks; Change Management and Change Risk; GRC and Security Standards, Policies and Practices; Information Risks within Systems and IT Architecture; Information Risks within people and processes; Infrastructure Risks to business delivery; Enterprise and Security Architecture; Operational Security Practices and Management; Information Security Awareness.

    MINIMUM REQUIREMENTS

    • NQF 7 Bachelor's degree in Cybersecurity or a related area, such as computer science or related fields.

    EXPERIENCE

    • 5 - 6 years or more practical experience in IT and Information Security Governance, of which must include at least 3 years in an active Information Risk management role.

    #J-18808-Ljbffr
    This advertiser has chosen not to accept applicants from your region.
     

    Nearby Locations

    Other Jobs Near Me

    Industry

    1. request_quote Accounting
    2. work Administrative
    3. eco Agriculture Forestry
    4. smart_toy AI & Emerging Technologies
    5. school Apprenticeships & Trainee
    6. apartment Architecture
    7. palette Arts & Entertainment
    8. directions_car Automotive
    9. flight_takeoff Aviation
    10. account_balance Banking & Finance
    11. local_florist Beauty & Wellness
    12. restaurant Catering
    13. volunteer_activism Charity & Voluntary
    14. science Chemical Engineering
    15. child_friendly Childcare
    16. foundation Civil Engineering
    17. clean_hands Cleaning & Sanitation
    18. diversity_3 Community & Social Care
    19. construction Construction
    20. brush Creative & Digital
    21. currency_bitcoin Crypto & Blockchain
    22. support_agent Customer Service & Helpdesk
    23. medical_services Dental
    24. medical_services Driving & Transport
    25. medical_services E Commerce & Social Media
    26. school Education & Teaching
    27. electrical_services Electrical Engineering
    28. bolt Energy
    29. local_mall Fmcg
    30. gavel Government & Non Profit
    31. emoji_events Graduate
    32. health_and_safety Healthcare
    33. beach_access Hospitality & Tourism
    34. groups Human Resources
    35. precision_manufacturing Industrial Engineering
    36. security Information Security
    37. handyman Installation & Maintenance
    38. policy Insurance
    39. code IT & Software
    40. gavel Legal
    41. sports_soccer Leisure & Sports
    42. inventory_2 Logistics & Warehousing
    43. supervisor_account Management
    44. supervisor_account Management Consultancy
    45. supervisor_account Manufacturing & Production
    46. campaign Marketing
    47. build Mechanical Engineering
    48. perm_media Media & PR
    49. local_hospital Medical
    50. local_hospital Military & Public Safety
    51. local_hospital Mining
    52. medical_services Nursing
    53. local_gas_station Oil & Gas
    54. biotech Pharmaceutical
    55. checklist_rtl Project Management
    56. shopping_bag Purchasing
    57. home_work Real Estate
    58. person_search Recruitment Consultancy
    59. store Retail
    60. point_of_sale Sales
    61. science Scientific Research & Development
    62. wifi Telecoms
    63. psychology Therapy
    64. pets Veterinary
    View All Threat Detection Jobs