168 Threat Intelligence jobs in South Africa

Job Overview

Business Segment: Group Functions

Location: ZA, GP, Johannesburg, 30 Baker Street

Job Type: Full-time

Job Ref ID: A-0001

Date Posted: 8/22/2025

Job Description

To provide Cyber-InfoSec expertise, professional knowledge, and technical skills to prevent cyber-attacks, significant reputational, financial, or other losses. To implement SBGs Cyber Resilience Programme to prevent cyber-attacks, protect sensitive data and systems from infiltration or misuse and execute the InfoSec capabilities against policies, standards, and controls across relevant functions

Qualifications

A degree in Information Technology or Computer Science.

IT Risk/Security certification such as CISM, CISSP or CISA is required.

A relevant Azure/AWS Cloud Certification is required

Experience Required:

Proficiency in Python is required. Experience with PowerShell, Bash and Ruby is an added advantage.

Experience in implementing machine learning and AI-powered automation workflows.

Design, develop, and maintain robust and scalable automation scripts and applications using Python and other scripting languages.

Experience with API integrations, database management (SQL/NoSQL), cloud infrastructures and cloud serverless technologies (e.g. AWS Lambda, Azure Functions) for implementing scalable cloud applications.

Experience with defensive technologies such as SIEMs, EDR tools, Threat Intelligence Platforms (TIP), OSINT tools and offensive technologies such as Burp Suite, Cobalt Strike, and Metasploit is an added advantage.

Experience within Financial Service Industry developing threat models, risk profiles, cybersecurity risk and incident management, and insight into crime in the financial sector.

Strong IT understanding, gaining insight into digital and platform operating models and cyber security trends and solutions, building cyber security intelligence.

Additional Information

Key Responsibilities:

Evaluate, develop and implement cyber security processes, tools integration and automation workflows for intelligence observation, enrichment, triage and investigations.

Implement machine learning and AI-powered automation workflows to provide intelligence observability and enrichment, enabling automated threat scoring reporting, and analysis of threat observations.

Debug, troubleshoot and optimize existing automation workflows and applications.

Document and present technical designs, specifications, and user manuals for all developed tools and workflows.

Integrate intelligence data from open-source, commercial, and internal sources to create a unified view for actionable intelligence analysis.

Research and stay current on application security threats, vulnerabilities, and emerging tactics, techniques and procedures (TTPs).

Familiarity with the MITRE ATT&CK framework, Cyber Kill Chain, or other security-related frameworks.

Support purple teaming exercises to build cyber resiliency across security teams.

Behavioural Competencies:

Adopting Practical Approaches

Articulating Information

Developing Strategies

Embracing Change

Exploring Possibilities

Generating Ideas

Interpreting Data

Making Decisions

Meeting Timescales

Producing Output

Providing Insights

Team Working

Technical Competencies:

Data Analysis

Debugging and Fixing Software

Information Security Management

IT Risk Management

Software Development Life Cycle (SDLC) methodologies & Tools

Technical Analysis

Use of Build and Test Automation

Write Code

Please note: All our recruitment processes comply with the applicable local laws and regulations. We will never ask for money or any from of payment as part of our recruitment process. If you experience this, please contact our Fraud line on or

Structural Information
Job number:

Job title:
Specialist: Cyber Incident and Threat Intelligence

Job grade:
S5

Group/ BU:
Corporate

Division:
CIO

Span of control:
0-5

Reports to:
Senior Management

Core Description
Responsible for identifying, analyzing, and responding to cyber threats and incidents targeting the organization. This role combines deep technical expertise with investigative skills to monitor threat landscapes, detect malicious activities, and provide actionable intelligence to improve the organization's cybersecurity posture. Works closely with SOC teams, digital forensics, and other cybersecurity functions to ensure proactive threat detection and effective incident response.

Job Responsibilities

• Oversee the planning, design, implementation, testing, and operation of cyber breach resilience processes and systems on networks and applications.
• Maintain awareness of the latest and common security threats, attack vectors, and Tactics, Techniques, and Procedures (TTPs) and maintain up-to-date threat profiles.
• Act as an escalation point and subject matter expert for cybersecurity incidents and threat mitigation.
• Develop and maintain incident management plans, procedures, controls, playbooks, and incident response strategies.
• Lead cyber incident simulation exercises.
• Designing and implementing a disaster recovery plan, ensuring Telkom can effectively respond to unexpected security incidents.
• Monitor dark web, open-source intelligence (OSINT), and threat feeds to identify emerging threats.
• Ensure that adequate processes are in place to collect, analyze, and disseminate threat intelligence from internal and external sources.
• Lead or support cyber incident investigations, including detection, containment, eradication, and recovery processes.
• Enhance detection rules and use cases in XDR and threat detection platforms.
• Correlate intelligence with real-time security events to identify and prioritize threats.
• Develop dashboards, visualizations, and metrics to report on threat trends and incident statistics.
• Stay up to date with cybersecurity trends, zero-day vulnerabilities, and global threat activity.
• Lead and ensure collaboration with the SOC team during incident handling.
• Create threat intelligence reports, indicators of compromise (IOCs), and threat briefs for stakeholders.

Core Competencies
FUNCTIONAL KNOWLEDGE

Deep understanding of threat actor tactics, techniques, and procedures; Proficiency in using threat intelligence frameworks; Ability to contextualize and operationalize indicators of compromise; Experience in evaluating open-source and commercial threat intelligence feeds; Competence in producing and validating threat intelligence reports and advisories

Functional Skills
Analytical & Investigative; Communication & Interpretation; Decision Making; Problem Solving; Project & Task Management; Risk Awareness

ATTITUDES/ LEADERSHIP COMPETENCIES

Integrity; Assertive; Confident; Initiator; Supportive; Persuasive; Team Player; Problem Ownership

Certifications
Education

• NQF 6: 3 year Diploma/ National Diploma in Information Technology

Experience

• 5 Years relevant experience

Additional Information
Certifications:

• Preferred certifications: Must have at least one of the following - CISM, CRISC CISSP, SABSA or ISO27001/2.
• Additional desired certification: CoBIT, TOGAF, ITIL.

Special Requirements

• None

Physical Requirements

• None

Key Stakeholders

• Enterprise and IT Architects
• Internal Business Customers
• External Customers
• Consultants and specialists
• Executive & Governance Forums

Overview

Location: ZA, GP, Johannesburg, Simmonds Street

As a Specialist Incident Response Analyst, you will play a central role in detecting, investigating, and responding to cyber incidents in a non-tiered SOC environment. You will own incidents end-to-end from triage through containment and recovery while applying an adversarial mindset to anticipate attacker behaviour. Alongside technical response, you will contribute to policy improvement, coaching, and industry engagement, ensuring the bank’s response capability matures continuously. This role includes after-hours standby as part of an on-call rotation.

• A degree Information Technology is required.
• IT Risk/security certification such as CISM, CISSP or CISA, GCIA, GCIH, OSCP is required.
• AWS/Azure Cloud Certifications.

Experience Required:

• 5-7 years experience in IT Security, preferably in a Financial Institution, with noted experience in developing threat models, threat analysis, cyber and incident management, offensive security, high level static and dynamic malware analysis.
• 5-7 years experience in strong IT understanding, gaining insight into digital and platform operating models and cyber security trends and solutions.
• Strong experience in incident management, threat modelling, malware analysis, and offensive security techniques.
• Broad IT systems knowledge and awareness of digital platform operating models.

• Detect & Investigate: Analyse alerts from SIEM, EDR, and threat intelligence sources; distinguish true vs false positives.
• Contain & Remediate: Lead active incidents through containment, eradication, and recovery actions.
• Threat Hunting: Proactively search for adversary activity using attacker TTPs and threat intel.
• Malware & Phishing Triage: Perform static/dynamic malware analysis and investigate phishing campaigns.
• Offensive Security Awareness: Apply penetration testing/red team knowledge to strengthen detection and response.
• Forensic Support: Collect and analyse logs, endpoint, and network artifacts for root cause analysis.
• On-Call Duties: Provide after-hours escalation support on a rotational basis.
• Documentation & Reporting: Produce incident reports, lessons learned, and contribute to playbook improvements.

Job Overview

Business Segment: Group Functions

Location: ZA, GP, Johannesburg, Simmonds Street

Job Type: Full-time

Job Ref ID: A-0003

Date Posted: 8/22/2025

Job Description

As a Specialist Incident Response Analyst, you will play a central role in detecting, investigating, and responding to cyber incidents in a non-tiered SOC environment. You will own incidents end-to-end from triage through containment and recovery while applying an adversarial mindset to anticipate attacker behaviour. Alongside technical response, you will contribute to policy improvement, coaching, and industry engagement, ensuring the bank's response capability matures continuously. This role includes after-hours standby as part of an on-call rotation.

Qualifications

A degree Information Technology is required.

IT Risk/security certification such as CISM, CISSP or CISA, GCIA, GCIH, OSCP is required.

AWS/Azure Cloud Certifications.

Experience Required:

5-7 years experience in IT Security, preferably in a Financial Institution, with noted experience in developing threat models, threat analysis, cyber and incident management, offensive security, high level static and dynamic malware analysis.

5-7 years experience in strong IT understanding, gaining insight into digital and platform operating models and cyber security trends and solutions.

Strong experience in incident management, threat modelling, malware analysis, and offensive security techniques.

Broad IT systems knowledge and awareness of digital platform operating

models.

Additional Information

Key Responsibilities:

Detect & Investigate: Analyse alerts from SIEM, EDR, and threat intelligence sources; distinguish true vs false positives.

Contain & Remediate: Lead active incidents through containment, eradication, and recovery actions.

Threat Hunting: Proactively search for adversary activity using attacker TTPs and threat intel.

Malware & Phishing Triage: Perform static/dynamic malware analysis and investigate phishing campaigns.

Offensive Security Awareness: Apply penetration testing/red team knowledge to strengthen detection and response.

Forensic Support: Collect and analyse logs, endpoint, and network artifacts for root cause analysis.

On-Call Duties: Provide after-hours escalation support on a rotational basis.

Documentation & Reporting: Produce incident reports, lessons learned, and contribute to playbook improvements.

Behavioural Competencies:

Articulating Information

Checking Things

Directing People

Documenting Facts

Embracing Change

Examining Information

Interpreting Data

Making Decisions

Producing Output

Providing Insights

Taking Action

Team Working

Technical Competencies:

Data Analysis

Diagramming and Modelling

Documenting

Information Security

IT Knowledge

IT Systems

Research & Information Gathering

Please note: All our recruitment processes comply with the applicable local laws and regulations. We will never ask for money or any from of payment as part of our recruitment process. If you experience this, please contact our Fraud line on or

• We are team players, collectively working towards a common goal
• We work each day with a growth mindset focused on the success of our coworkers, clients, and the company
• We do the right thing with an honest and transparent approach that always puts our clients first
• We take ownership of our work, always seeing it through to completion
• We execute quickly and precisely, both internally and externally
  
  

• You'll primarily be focused on technical management of incident response recovery efforts from start to finish. This can include initial project mobilization, assignment and management of technical workstreams, and frequent client and vendor communication. There are daily (sometimes more frequently) updated calls and associated reporting
• Incident response projects can often begin over a weekend or outside of traditional business hours, and weekends are crucial recovery opportunities to lessen the impact the client feels as their businesses are often completely down
• You'll work through our ticketing system to document, track, and escalate project tasks and tickets, and you'll also work on our documentation platform to keep everything up to date along the way
• You'll serve as an escalation point on technical questions from other engineers and the client
• You'll be working with a team of intelligent people to deliver world-class service to our clients
  
  
  

• Excellent comprehension and communication in the English language
• Previous experience leading a technical team
• Knowledge of Office 365 / Azure cloud services
• Knowledge of Active Directory
• Knowledge of complex networking troubleshooting (VLANs/routing/subnetting/packet captures)
• Broad understanding of how operating systems work
• Knowledge of advanced OS troubleshooting (boot issues/corruption of profiles/OS files)
• Comfortable working in different OSs, both in CLI and GUI
• SQL DB knowledge is a plus
• Knowledge of advanced firewall configuration skills (creating and troubleshooting complex firewall policies/routes)
• Experience troubleshooting ingress/egress issues
• Comfortable working in diverse firewall UIs (SonicWall, Meraki, FortiGate, Cisco, WatchGuard, etc.)
• Strong comprehension of system architecture (i.e. - how servers' function, what their roles are, etc.)
• Understanding of the elements of network and system performance
• Time management skills are crucial to your success in this role
• Superb verbal and written communications skills are a must
• Demonstrated skillset through industry certifications or an agreed upon plan to obtain them
• Previous recovery / remediation experience a plus
• Experience working in a ticketing system is preferred, with Autotask experience a plus
  
  
  

• Salary range - R800,000 to R950,000
• Quarterly bonus eligibility based on specific KPIs
• Educational reimbursement for certification tests and company supplied training resources

• We are team players, collectively working towards a common goal
• We work each day with a growth mindset focused on the success of our coworkers, clients, and the company
• We do the right thing with an honest and transparent approach that always puts our clients first
• We take ownership of our work, always seeing it through to completion
• We execute quickly and precisely, both internally and externally
  
  

• You'll primarily be focused on technical management of incident response recovery efforts from start to finish. This can include initial project mobilization, assignment and management of technical workstreams, and frequent client and vendor communication. There are daily (sometimes more frequently) updated calls and associated reporting
• Incident response projects can often begin over a weekend or outside of traditional business hours, and weekends are crucial recovery opportunities to lessen the impact the client feels as their businesses are often completely down
• You'll work through our ticketing system to document, track, and escalate project tasks and tickets, and you'll also work on our documentation platform to keep everything up to date along the way
• You'll serve as an escalation point on technical questions from other engineers and the client
• You'll be working with a team of intelligent people to deliver world-class service to our clients
  
  
  

• Excellent comprehension and communication in the English language
• Previous experience leading a technical team
• Knowledge of Office 365 / Azure cloud services
• Knowledge of Active Directory
• Knowledge of complex networking troubleshooting (VLANs/routing/subnetting/packet captures)
• Broad understanding of how operating systems work
• Knowledge of advanced OS troubleshooting (boot issues/corruption of profiles/OS files)
• Comfortable working in different OSs, both in CLI and GUI
• SQL DB knowledge is a plus
• Knowledge of advanced firewall configuration skills (creating and troubleshooting complex firewall policies/routes)
• Experience troubleshooting ingress/egress issues
• Comfortable working in diverse firewall UIs (SonicWall, Meraki, FortiGate, Cisco, WatchGuard, etc.)
• Strong comprehension of system architecture (i.e. - how servers' function, what their roles are, etc.)
• Understanding of the elements of network and system performance
• Time management skills are crucial to your success in this role
• Superb verbal and written communications skills are a must
• Demonstrated skillset through industry certifications or an agreed upon plan to obtain them
• Previous recovery / remediation experience a plus
• Experience working in a ticketing system is preferred, with Autotask experience a plus
  
  
  

• Salary range - R800,000 to R950,000
• Quarterly bonus eligibility based on specific KPIs
• Educational reimbursement for certification tests and company supplied training resources

• We are team players, collectively working towards a common goal
• We work each day with a growth mindset focused on the success of our coworkers, clients, and the company
• We do the right thing with an honest and transparent approach that always puts our clients first
• We take ownership of our work, always seeing it through to completion
• We execute quickly and precisely, both internally and externally
  
  

• You'll primarily be focused on technical management of incident response recovery efforts from start to finish. This can include initial project mobilization, assignment and management of technical workstreams, and frequent client and vendor communication. There are daily (sometimes more frequently) updated calls and associated reporting
• Incident response projects can often begin over a weekend or outside of traditional business hours, and weekends are crucial recovery opportunities to lessen the impact the client feels as their businesses are often completely down
• You'll work through our ticketing system to document, track, and escalate project tasks and tickets, and you'll also work on our documentation platform to keep everything up to date along the way
• You'll serve as an escalation point on technical questions from other engineers and the client
• You'll be working with a team of intelligent people to deliver world-class service to our clients
  
  
  

• Excellent comprehension and communication in the English language
• Previous experience leading a technical team
• Knowledge of Office 365 / Azure cloud services
• Knowledge of Active Directory
• Knowledge of complex networking troubleshooting (VLANs/routing/subnetting/packet captures)
• Broad understanding of how operating systems work
• Knowledge of advanced OS troubleshooting (boot issues/corruption of profiles/OS files)
• Comfortable working in different OSs, both in CLI and GUI
• SQL DB knowledge is a plus
• Knowledge of advanced firewall configuration skills (creating and troubleshooting complex firewall policies/routes)
• Experience troubleshooting ingress/egress issues
• Comfortable working in diverse firewall UIs (SonicWall, Meraki, FortiGate, Cisco, WatchGuard, etc.)
• Strong comprehension of system architecture (i.e. - how servers' function, what their roles are, etc.)
• Understanding of the elements of network and system performance
• Time management skills are crucial to your success in this role
• Superb verbal and written communications skills are a must
• Demonstrated skillset through industry certifications or an agreed upon plan to obtain them
• Previous recovery / remediation experience a plus
• Experience working in a ticketing system is preferred, with Autotask experience a plus
  
  
  

• Salary range - R800,000 to R950,000
• Quarterly bonus eligibility based on specific KPIs
• Educational reimbursement for certification tests and company supplied training resources

• We are team players, collectively working towards a common goal
• We work each day with a growth mindset focused on the success of our coworkers, clients, and the company
• We do the right thing with an honest and transparent approach that always puts our clients first
• We take ownership of our work, always seeing it through to completion
• We execute quickly and precisely, both internally and externally
  
  

• You'll primarily be focused on technical management of incident response recovery efforts from start to finish. This can include initial project mobilization, assignment and management of technical workstreams, and frequent client and vendor communication. There are daily (sometimes more frequently) updated calls and associated reporting
• Incident response projects can often begin over a weekend or outside of traditional business hours, and weekends are crucial recovery opportunities to lessen the impact the client feels as their businesses are often completely down
• You'll work through our ticketing system to document, track, and escalate project tasks and tickets, and you'll also work on our documentation platform to keep everything up to date along the way
• You'll serve as an escalation point on technical questions from other engineers and the client
• You'll be working with a team of intelligent people to deliver world-class service to our clients
  
  
  

• Excellent comprehension and communication in the English language
• Previous experience leading a technical team
• Knowledge of Office 365 / Azure cloud services
• Knowledge of Active Directory
• Knowledge of complex networking troubleshooting (VLANs/routing/subnetting/packet captures)
• Broad understanding of how operating systems work
• Knowledge of advanced OS troubleshooting (boot issues/corruption of profiles/OS files)
• Comfortable working in different OSs, both in CLI and GUI
• SQL DB knowledge is a plus
• Knowledge of advanced firewall configuration skills (creating and troubleshooting complex firewall policies/routes)
• Experience troubleshooting ingress/egress issues
• Comfortable working in diverse firewall UIs (SonicWall, Meraki, FortiGate, Cisco, WatchGuard, etc.)
• Strong comprehension of system architecture (i.e. - how servers' function, what their roles are, etc.)
• Understanding of the elements of network and system performance
• Time management skills are crucial to your success in this role
• Superb verbal and written communications skills are a must
• Demonstrated skillset through industry certifications or an agreed upon plan to obtain them
• Previous recovery / remediation experience a plus
• Experience working in a ticketing system is preferred, with Autotask experience a plus
  
  
  

• Salary range - R800,000 to R950,000
• Quarterly bonus eligibility based on specific KPIs
• Educational reimbursement for certification tests and company supplied training resources

• We are team players, collectively working towards a common goal
• We work each day with a growth mindset focused on the success of our coworkers, clients, and the company
• We do the right thing with an honest and transparent approach that always puts our clients first
• We take ownership of our work, always seeing it through to completion
• We execute quickly and precisely, both internally and externally
  
  

• You'll primarily be focused on technical management of incident response recovery efforts from start to finish. This can include initial project mobilization, assignment and management of technical workstreams, and frequent client and vendor communication. There are daily (sometimes more frequently) updated calls and associated reporting
• Incident response projects can often begin over a weekend or outside of traditional business hours, and weekends are crucial recovery opportunities to lessen the impact the client feels as their businesses are often completely down
• You'll work through our ticketing system to document, track, and escalate project tasks and tickets, and you'll also work on our documentation platform to keep everything up to date along the way
• You'll serve as an escalation point on technical questions from other engineers and the client
• You'll be working with a team of intelligent people to deliver world-class service to our clients
  
  
  

• Excellent comprehension and communication in the English language
• Previous experience leading a technical team
• Knowledge of Office 365 / Azure cloud services
• Knowledge of Active Directory
• Knowledge of complex networking troubleshooting (VLANs/routing/subnetting/packet captures)
• Broad understanding of how operating systems work
• Knowledge of advanced OS troubleshooting (boot issues/corruption of profiles/OS files)
• Comfortable working in different OSs, both in CLI and GUI
• SQL DB knowledge is a plus
• Knowledge of advanced firewall configuration skills (creating and troubleshooting complex firewall policies/routes)
• Experience troubleshooting ingress/egress issues
• Comfortable working in diverse firewall UIs (SonicWall, Meraki, FortiGate, Cisco, WatchGuard, etc.)
• Strong comprehension of system architecture (i.e. - how servers' function, what their roles are, etc.)
• Understanding of the elements of network and system performance
• Time management skills are crucial to your success in this role
• Superb verbal and written communications skills are a must
• Demonstrated skillset through industry certifications or an agreed upon plan to obtain them
• Previous recovery / remediation experience a plus
• Experience working in a ticketing system is preferred, with Autotask experience a plus
  
  
  

• Salary range - R800,000 to R950,000
• Quarterly bonus eligibility based on specific KPIs
• Educational reimbursement for certification tests and company supplied training resources