Specialist: Cyber Security

The primary purpose of the position is to maintain the safety of the organization's ICT systems and networks as well as providing cyber‑security architecture to enable the business to achieve its strategic outcomes. The role entails creating, testing, implementing and analysing the effectiveness of various security systems as well as preventing data breaches, monitoring, and reacting to attacks.

• Evaluate the security posture of the organisation’s internal and external networks, applications, mobile device applications and data coding standards.
• Emulate threat actors to penetrate the organisation’s network and complete defined objectives such as obtaining domain admin privileges, accessing sensitive information, or simulating a ransomware attack to strengthen the security posture.
• Contribute to the definition, development, and oversight of the organisation's security management strategy and framework.
• Define, develop, implement and manage standards, policies, procedures, and solutions that mitigate risk and maximise security, availability, efficiency and effectiveness.
• Define, present and promote an information security policy for approval by senior management.
• Apply relevant standards, best practices and legal requirements for information security.
• Monitor, detect, prevent and react to current and emerging technology / security threats against the organisation.
• Research and advocate new technologies, architectures and security products that support the organisation’s security requirements.
• Systematically scan the environment to identify and define vulnerabilities and threats.
• Record and escalated non‑compliance and high-priority incidents.
• Investigate security breaches in accordance with established procedures.
• Assist users in defining their access rights and privileges; resolve security administration issues and routine support requests.
• Review new and updated systems/applications to ensure proper security configuration.
• Work with IT teams to ensure adequate security solutions across all IT systems and platforms, mitigating identified risks and meeting business objectives and regulatory requirements.
• Periodically monitor the SIEM solution to eliminate false positives and provide incident reports.
• Maintain current knowledge of malware attacks and other cyber‑security threats; monitor emerging technologies, industry developments and best practices.
• Create test cases, scripts, and test packs for testing new and existing software or services; interpret, execute and document complex test scripts.
• Ensure offensive security tools and techniques comply with regulation and policy; record and analyse actions and results.
• Provide specialist advice and technical training in vulnerability management and information systems security.
• Lead red‑team exercises, penetration tests, web application and network vulnerability assessments for IT and OT systems.
• Perform security risk, vulnerability assessments and business impact analysis for medium and complex information systems.
• Design, plan and execute threat‑actor simulation scenarios using complex adversarial tactics, techniques and procedures (TTP).
• Investigate suspected attacks and manage security incidents; use forensics when appropriate.
• Communicate information‑security risks and issues to business managers and others; prepare formal assessment reports with recommendations for improvement and planned management actions.
• Maintain high‑performance, scalable backups and restores; document configuration for storage systems and track off‑site storage.
• Resolve incidents relating to end‑user device security; develop reporting dashboards for non‑compliance; ensure OS updates, security patches and proper disposal policies are followed.

• Degree in Information Technology.
• At least 5 years’ IT experience in cyber‑security and architecture at a senior, expert or specialist level.
• Preferred certifications: CISSP, OSCP, CCSP.
• Advantageous: Honours Degree, SAP Security Certification, Microsoft Certified – Azure Security Standard.
• Driver’s licence, code 08. Travel as required and approved.

• Knowledge of adversarial activities, intrusion set TTPs, APT activity and offensive attack mindset.
• Experience with penetration testing and wireless, network and TCP/IP skills; Unix command line, bash scripting and/or Python coding.
• Knowledge of cloud technologies including AWS and Azure; professional experience in both offensive and defensive information‑security disciplines.
• Experience exploiting web apps and web services vulnerabilities (XSS, CSRF, SQL injection, DoS, XML/SOAP, API attacks).
• Business change techniques such as business process re‑engineering.
• In‑depth technical knowledge of software and hardware technologies, operating systems, server applications and tools.
• Network and server security: firewalls, VPN, IDS/IPS, antivirus, patch management, vulnerability management.
• Business applications including SAP; domain structures, user authentication, digital signatures and PKI.
• Intranet, extranet, internet, e‑commerce, EDI links with parties inside and outside the organisation.
• Process‑control/SCADA/PLC environments considered an advantage.
• Common information‑security management frameworks: ISO 17799/27001, ITIL, COBIT.
• Security issues across platforms: Windows Server/desktop, SQL Server, SharePoint, Unix (AIX), Oracle, MaxDB, VPN, remote access, Palo Alto firewalls, data‑leakage prevention, cryptography, BCM/DRP, access control, wireless security, ethical hacking, application security, IT cyber‑security risk assessments.

Preference will be given to suitably qualified applicants who are members of the designated groups in line with the Employment Equity Plan and Targets of the Organisation/Operating Division.