Specialist : Cyber Incident And Threat Intelligence

Job Title: Specialist: Cyber Incident and Threat Intelligence

Job Grade: S5

Group/BU: Corporate

Division: CIO

Span of Control: 0-5

Reports to: Senior Management

Responsible for identifying, analyzing, and responding to cyber threats and incidents targeting the organization. This role combines deep technical expertise with investigative skills to monitor threat landscapes, detect malicious activities, and provide actionable intelligence to improve the organization’s cybersecurity posture. Works closely with SOC teams, digital forensics, and other cybersecurity functions to ensure proactive threat detection and effective incident response.

• Oversee the planning, design, implementation, testing, and operation of cyber breach resilience processes and systems on networks and applications.
• Maintain awareness of the latest and common security threats, attack vectors, and Tactics, Techniques and Procedures (TTPs) and maintain up-to-date threat profiles.
• Act as an escalation point and subject matter expert for cybersecurity incidents and threat mitigation.
• Develop and maintain incident management plans, procedures, controls, playbooks, and incident response strategies.
• Lead cyber incident simulation exercises.
• Design and implement a disaster recovery plan, ensuring the organization can effectively respond to unexpected security incidents.
• Monitor dark web, open-source intelligence (OSINT), and threat feeds to identify emerging threats.
• Ensure that adequate processes are in place to collect, analyze, and disseminate threat intelligence from internal and external sources.
• Lead or support cyber incident investigations, including detection, containment, eradication, and recovery processes.
• Enhance detection rules and use cases in XDR and threat detection platforms.
• Correlate intelligence with real-time security events to identify and prioritize threats.
• Develop dashboards, visualizations and metrics to report on threat trends and incident statistics.
• Stay up to date with cybersecurity trends, zero-day vulnerabilities, and global threat activity.
• Lead and ensure collaboration with the SOC team during incident handling.
• Create threat intelligence reports, indicators of compromise (IOCs), and threat briefs for stakeholders.

Functional Knowledge: Deep understanding of threat actor tactics, techniques and procedures; proficiency in using threat intelligence frameworks; ability to contextualize and operationalize indicators of compromise; experience evaluating open-source and commercial threat intelligence feeds; competence in producing and validating threat intelligence reports and advisories.

• Analytical & Investigative
• Communication & Interpretation
• Decision Making
• Problem Solving
• Project & Task Management
• Risk Awareness

• Integrity
• Assertive
• Confident
• Initiator
• Supportive
• Persuasive
• Team Player
• Problem Ownership

Preferred certifications: Must have at least one of the following - CISM, CRISC, CISSP, SABSA or ISO27001/2.

Additional desired certification: COBIT, TOGAF, ITIL.

• NQF 6: 3 year Diploma / National Diploma in Information Technology

• 5 Years relevant experience

None.

None.

None.

• Enterprise and IT Architects
• Internal Business Customers
• External Customers
• Consultants and specialists
• Executive & Governance Forums