Cyber Security Specialist

Hello Future Cyber Security Specialist Welcome to FNB, the home of the #changeables.

We design for the shapeshifters and deliver products and services that make us incredibly proud of people that make it happen.

As part of our talent team, you will be surrounded by unique talents, diverse minds, and an adaptable environment that lives up to the promise of staying curious.

Now's the time to imagine your potential in a team where experts come together and ignite effective change.

• Understand the AI threat landscape and attacks to design and build a monitoring and response framework.
• Design and execute security frameworks for cloud environments to enhance monitoring and detection capabilities.
• Provide technical leadership during Cyber Security Incident Response Team (CSIRT) engagements.
• Plan, design, and facilitate tabletop exercises for internal business units to strengthen incident response readiness.
• Collaborate with team members to architect and build effective detection mechanisms and cybersecurity frameworks.
• Conduct proactive threat hunting focused on identifying tactics, techniques, and procedures (TTPs) used by threat actors, particularly within cloud and AI ecosystems.
• Partner with cross‑functional teams to assess and mitigate risks associated with cloud infrastructure and AI systems.

• 5+ years’ experience in a similar role
• Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, Engineering, or a related discipline.
• Offensive Security Certified Professional (OSCP) certification is required.
• Demonstrated experience in cybersecurity, with a strong focus on AI and cloud security.
• Additional certifications in cloud technologies, artificial intelligence, or machine learning are advantageous.

• Cyber Security Detection Framework
• Business Owners of all playbooks (Definition, Coordination and Review)
• Enhance and Automate Security Alerting (Use Cases and Playbooks)
• Understand the Threat Landscape
• Make use of threat intelligence information together with organization’s vulnerabilities to understand potentially new organizational threats or threats that are no longer of concern + Identify new threats that require use cases for alerting into the SOC
• Design and Maintain Alerts by translating complex security requirements into technical use case specifications
• Document Threat Attack Paths through Threat Modelling Techniques (Take lead on the identification of threats and risks) + Host use case workshops with application and system owners to identify attack vectors and write monitoring rules to detect attacks in the environment + Create correlation rules and / or logic to detect malicious activity + Identify what log sources is required to build the Use Case + Develop the Use Case – separate signal from noise, distilling meaningful and actionable alerts from the collection of event information (EFFECTIVENESS) + Test and Productionise the Use Case
• Alert Optimisation: To reduce false alerts, improve alert quality for effective intervention and reduce alert fatigue + Log Analytics – to uncover patterns in user behaviours and identify potential problems pro‑activity
• Pro‑Active Threat Hunting: To proactively hunt for and investigate security events to identify artefacts of a cyber‑attack.
• To proactively and iteratively detect, isolate and neutralise advanced threats that evade automated security solutions.
• To track and neutralise adversaries who could either be an insider (employee) or outsider (organised crime group)
• Search for cyber threats before an attack happens; when threats are identified the hunter needs to gather as much information on the behaviour, goals and methods of adversaries as possible to hand over to the Incident Response team.
• Responsible for reviewing system log events to proactively detect advanced threats that evade traditional security solutions.
• Set up basic hunts for the SOC analysts to run on a regular basis + Hunts – Indicators of Compromise (IOC) Investigations.
• Identification of threats and breaches that may have previously gone unnoticed through other means.
• Hunting results can also help drive improvement in monitoring systems.
• Previous unknown IOC's and malware may also be identified
• Event Analytics + Review events that transpired and look for common trends to see if there is any further remediation required or + improvements to current security products to detect and block more effectively
• Log Analytics + Find suspicious activity, + To detect recurring patterns and + Pick up insecure protocols being used within the organisation.
• Cyber Security Incident Response Lead (Participate or Lead a CSIRT Incident Response event)
• Providing response and initial management of any incident classified as P1 or P2 security incident.
• Lead or Participate in a CSIRT Incident Response event.
• Co‑ordinate the effective handling of the incident + Identify the root cause and recommending actions to be taken to contain and remediate the event + Manage or provide in‑depth technical investigations.
• Security Incident Response Lead (Participate or Lead a CSIRT Incident Response event. (In‑Depth technical investigations)).
• Responsible for compiling the Incident Report to close out the incident.
• Threat Intelligence for FRB (Outside In and Inside Out).
• Threat Assessment Monitoring + Responsible for threat landscape assessment and monitoring; brand abuse, information leakage, fake apps, phishing sites and other scam detection and takedown, as well as general and telecommunications malware analysis and IOC generation.
• Threat Intelligence Feeds.
• Undertake analysis and monitoring of security feeds and other open source intelligence to research and gather information on vulnerabilities and exploits relevant to the bank.
• Identify and evaluate new sources of intelligence, and integrate in SIEM to provide a single view of potential threats.
• Produce Cyber Threat Intelligence (Reporting) – cybersecurity and information threat assessment based on published threats and the company’s known vulnerabilities.
• (Outside In Intelligence) + Produce actionable intelligence for FRG and the business units (Inside Out Intelligence) + Liaise with internal and external technical stakeholders, providing intelligence regarding threat actor techniques, tactics and procedures to ensure correct and timely focused threat detection and mitigation.
• Produce quality tactical threat intelligence reports (This will result in promoting awareness of emerging cyber threats with recommended responses).

• Strong personal characteristics, energy, drive, focus, motivation, responsibility.
• Self‑motivated with ability to work without supervision.
• Outcomes Driven ("Can Do" Attitude).
• Time Management.
• Ability to perform within a crisis situation.

• Opportunities to network and collaborate.
• Challenging work.
• Opportunities to innovate.

All appointments will be made in line with FirstRand Group's Employment Equity plan.

The Bank supports the recruitment and advancement of individuals with disabilities.

In order for us to fulfil this purpose, candidates can disclose their disability information on a voluntary basis.

The Bank will keep this information confidential unless we are required by law to disclose this information to other parties.

If you have any queries, please log it.

Applications will not be accepted after 31 October 2025.