(1089) Senior Cyber Security Incident Responder - BSTD

Job title : (1089) Senior Cyber Security Incident Responder - BSTD

Job Location : Gauteng, Pretoria Deadline : September 25, 2025

Detailed description

The successful candidate will be responsible for the following key performance areas :

1. Contribute to the development of incident response documentation, including terms of reference and operating procedures.
2. Define and improve the CSIRT operations and coordinate activities, including communications to external parties in the event of severe incidents.
3. Refine and continually improve cybersecurity incident management plans, tools, methods, and processes.
4. Plan and organise cyber incident simulations and desktop exercises.
5. Effectively coordinate the response to security breaches and lead the investigation and containment of the incident by sourcing and interpreting advanced information and executing operational countermeasures, including making technical configuration changes.
6. Conduct post-incident root cause analyses and contribute to the improvement of security monitoring, intelligence, and forensic teams.
7. Work with external cyber liaison functions to ensure CSIRT coordination aligns with the wider sector and national and international cyber resilience coordination.
8. Manage coordination between the incident response team and the investigative and support functions to ensure all stakeholder priorities are addressed.
9. Manage external forensic and advanced incident response support to ensure the delivery of value and alignment with sectoral processes.
10. Stay abreast of industry practices and changes and incorporate them into the various functional areas.
11. Compile and provide integrated management information reports to support decision-making.
12. Lead and participate in engagements with relevant stakeholders / clients and external parties, including sectoral, national, and international liaison, for information sharing and coordinated technical response.
13. Compose clear and concise CSIRT close-out reports, detailing causes, investigation outcomes, actions taken, recommendations, and lessons learned.
14. Understand the cyber threat landscape and stay abreast of emerging threats and threat actors.

Job requirements

To be considered for this position, candidates must possess :

1. An Honours degree (NQF 8) in Information Technology or an equivalent qualification.
2. Valid advanced cybersecurity certifications, such as Certified Information Systems Security Professional or SANS 504, or equivalent role-focused certifications.
3. At least eight to ten years in information security, with three to five years’ job-related experience in a core security incident response team role.

This job posting is still active.