Cyber Security Specialist

Get AI-powered advice on this job and more exclusive features. Job Description Hello Future Cyber Security Specialist Welcome to FNB, the home of the #changeables. We design for the shapeshifters and deliver products and services that make us incredibly proud of people that make it happen. As part of our talent team, you will be surrounded by unique talents, diverse minds, and an adaptable environment that lives up to the promise of staying curious. Now’s the time to imagine your potential in a team where experts come together and ignite effective change. Overview Of The Role And Requirements Understand the AI threat landscape and attacks to design and build a monitoring and response framework. Design and execute security frameworks for cloud environments to enhance monitoring and detection capabilities. Provide technical leadership during Cyber Security Incident Response Team (CSIRT) engagements. Plan, design, and facilitate tabletop exercises for internal business units to strengthen incident response readiness. Collaborate with team members to architect and build effective detection mechanisms and cybersecurity frameworks. Conduct proactive threat hunting focused on identifying tactics, techniques, and procedures (TTPs) used by threat actors, particularly within cloud and AI ecosystems. Partner with cross-functional teams to assess and mitigate risks associated with cloud infrastructure and AI systems. What You Will Need 5+ years' experience in a similar role Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, Engineering, or a related discipline. Offensive Security Certified Professional (OSCP) certification is required. Demonstrated experience in cybersecurity, with a strong focus on AI and cloud security. Additional certifications in cloud technologies, artificial intelligence, or machine learning are advantageous. You Will Be Responsible For Cyber Security Detection Framework Business Owners of all playbooks (Definition, Coordination and Review) Enhance and Automate Security Alerting (Use Cases and Playbooks) Understand the Threat Landscape Make use of threat intelligence information together with organizations' vulnerabilities to understand potentially new organizational threats or threats that are no longer of concern. Identify new threats that require use cases for alerting into the SOC. Design and Maintain Alerts by translating complex security requirements into technical use case specifications Document Threat Attack Paths through Threat Modelling Techniques (Take lead on the identification of threats and risks) Host use case workshops with application and system owners to identify attack vectors and write monitoring rules to detect attacks in the environment. Create correlation rules and/or logic to detect malicious activity. Identify what log sources are required to build the Use Case. Develop the Use Case - Separate signal from noise, distilling meaningful and actionable alerts from the collection of event information (effectiveness). Test and productionise the Use Case. Alert Optimisation Reduce false alerts, improve alert quality for effective intervention and reduce alert fatigue. Log Analytics – uncover patterns in user behaviours and identify potential problems pro-activity. \Pro-Active Threat Hunting To proactively hunt for and investigate security events to identify artefacts of a cyber-attack. To proactively and iteratively detect, isolate and neutralize advanced threats that evade automated security solutions. To track and neutralize adversaries who could either be an insider (employee) or outsider (organized crime group). Search for cyber threats before an attack happens, gathering as much information on the behaviour, goals and methods of adversaries to hand over to the Incident Response team. Responsible for reviewing system log events to proactively detect advanced threats that evade traditional security solutions. Set up basic hunts for SOC analysts to run on a regular basis Hunts – Indicators of Compromise (IOC) Investigations. Identification of threats and breaches that may have previously gone unnoticed through other means. Hunting results can also help drive improvement in monitoring systems. Previous unknown IOC’s and malware may also be identified. Event Analytics Review Events that transpired and look for common trends to see if there is any further remediation required or improvements to current security products to detect and block more effectively. Log Analytics Find suspicious activity. Detect recurring patterns and pick up insecure protocols being used within the organization. Cyber Security Incident Response Lead (Participate or Lead a CSIRT Incident Response event) Providing response and initial management of any incident classified as P1 or P2 security incident. Lead or Participate in a CSIRT Incident Response event. Coordinate the effective handling of the incident. Identify the root cause and recommend actions to contain and remediate the event. Manage or provide in-depth technical investigations. Security Incident Response Lead (Participate or Lead a CSIRT Incident Response event) – In-Depth technical investigations. Responsible for compiling the Incident Report to close out the incident. Threat Intelligence for FRB (Outside In and Inside Out) Threat Assessment Monitoring Responsible for threat landscape assessment and monitoring; brand abuse, information leakage, fake apps, phishing sites and other scam detection and takedown, as well as general and telecommunications malware analysis and IOC generation. Threat Intelligence Feeds – Undertake analysis and monitoring of security feeds and other open source intelligence to research and gather information on vulnerabilities and exploits relevant to the bank. Identify and evaluate new sources of intelligence, and integrate into SIEM to provide a single view of potential threats. Produce Cyber Threat Intelligence (Reporting) – Cybersecurity and information threat assessment based on published threats and the company’s known vulnerabilities (Outside In Intelligence). Produce actionable intelligence for FRG and the business units (Inside Out Intelligence). Liaise with internal and external technical stakeholders, providing intelligence regarding threat actor techniques, tactics and procedures to ensure correct and timely focused threat detection and mitigation. Produce quality tactical threat intelligence reports (This will result in promoting awareness of emerging cyber threats with recommended responses). We Can Be a Match If You Can Strong personal characteristics, energy, drive, focus, motivation, responsibility. Self-motivated with ability to work without supervision. Outcomes Driven (“Can Do” Attitude). Time Management. Ability to perform within a Crisis Situation. You Will Have Access To Opportunities to network and collaborate. Challenging Work. Opportunities to innovate. Job Details Seniority level: Mid-Senior level Employment type: Full-time Job function: Engineering and Information Technology Industry: Banking Are you interested to take the step? We look forward to engaging with you further. Apply now Take note that applications will not be accepted on or after 31/10/25; kindly submit applications ahead of the closing date indicated above. All appointments will be made in line with FirstRand Group’s Employment Equity plan. The Bank supports the recruitment and advancement of individuals with disabilities. Candidates can disclose their disability information on a voluntary basis. The Bank will keep this information confidential unless we are required by law to disclose it to other parties. #J-18808-Ljbffr