CYBER SECURITY SPECIALIST: BLUE TEAM

Job category:FMCG, Retail, Wholesale and Supply Chain

Location:Western Cape

Contract:Permanent

Remuneration:Market Related

EE position:No

We are searching for an energetic, output-driven blue teamer to support the execution of the cyber security strategy and roadmap with a primary focus on blue and purple teaming. You’ll be assisting the blue team in their efforts to defend Woolworths against various cyber threats by working closely with the rest of the Cyber team, IT GRC, and partners across the Group to continually improve our security posture, plus supporting and transforming our SOC capabilities by coordinating operational tasks and delivering key programs. This is a technical role requiring experience in building, delivering, improving, and validating defensive processes, solutions, and tooling. The role also requires good people skills to effectively interact and communicate with various stakeholders across Woolworths.

• Incident response – identify and respond to security incidents, including containment and investigation.
• Maintaining and enhancing existing and new toolsets (like XDR) required for mature active defence.
• Investigating new approaches, technology, and automation to challenge traditional thinking and raise the level of security.
• Enabling mature active defence processes through continual validation and verification of infrastructure, platform, applications, and data asset controls.
• Enhancing defence continuously – work with the team to update defence capabilities in line with threats, vulnerabilities and exploits identified during red teaming and threat hunting. Automating trumping manual.
• Managing threat intelligence – contribute towards building and running threat intelligence capabilities.
• Hunting for the needle in the needle stack - proactively search for and identify advanced threats that evade existing security solutions and feed this learning into blue team defence capability.
• Blue team reporting and metrics – assist with building and maturing blue team reporting mechanisms such as dashboards and key cyber metrics.
• Establish relationships with key stakeholders for effective cross-team collaboration and implementation of security operations processes.
• Supporting the broader Cyber Security Team – collaboration to drive and support various operational and strategic initiatives.
• Champion or co-champion internal security solutions and/or processes.
• Help define and set security standards.
• Provide context and guidance to implement security improvements.
• Grade 12 and relevant degree/diploma/certifications.
• Minimum of 3 years hands on practical experience working in cyber security operations with the focus on incident response and blue teaming.
• Experience with security technologies and processes covering identity & access management, data security, vulnerability management and general infrastructure (network, platform, cloud, and endpoint) security.
• Experience in defence tools such as EDR, Microsoft and SIEM.
• May be required to assist outside of working hours / be on standby.

• Relevant blue team and incident response qualifications and certifications such as SANS – Cyber Defence and CREST – Incident Response.
• Practical experience with the MITRE ATT&CK framework is advantageous.
• Ability to script and automate processes.