security engineer: analysis and support

Purpose of the Job:

The ICT Security Engineer: Analysis and Support, will play a critical role in safeguarding the organisation's information and cyber security posture. This position is primarily responsible for the Security Operations Centre (SOC) and support, cyber threat analysis and investigative activities to manage the security events and incidents. This role will also be responsible for the training programme to encourage a culture of cyber security awareness, compliance to policies, standards procedures and regulatory requirements. The successful candidate will collaborate with cross-functional teams and stakeholders for security project initiatives and to facilitate mitigation plans across the organisation. The person appointed to this role will report to the Departmental Head: ICT Security and Risk.

Key Performance Areas:

• Monitor the cyber security operations center and respond to the security incident response actions.
• Coordinate the cyber security incident response (CSIRT), periodically update the cyber security incident response plan (CSIRP) and Crisis Management Plan (CMP) as required.
• Coordinate the periodic security penetration testing and security vulnerability remediation activities.
• Manage and maintain optimal performance of the Security Operations Center solutions (log collector agents, SIEM, XDR and Vulnerability Management)
• Define and develop the annual cyber security awareness programme, calendar and publish awareness content to the organisation.
• Perform a review of ICT security policies, standards and procedures as required and in line with industry frameworks (NIST CSF, ISO27001, COBIT).
• Coordinate information technology general control (ITGC) requests for governance, assurance, business resilience audit and control assessments.
• Collaborate with cross-functional teams to ensure security-by-design for project initiatives.
• Prepare monthly operational ICT security and cyber threat intelligence reports.

Other Key Competencies:

The candidate must demonstrate the following skills and attributes: Good verbal and written communication skills, interpersonal skills, and must collaborate effectively with other team members. The candidate must be energetic, have the ability to learn new concepts fast, work independently and under pressure when it is required.

FSCA is committed to increasing the representation of marginalized groups in line with its Employment Equity Plan. People with disabilities are encouraged to apply.

Please note that correspondence and communication will only be conducted with shortlisted candidates and that the FSCA reserves the right not to appoint if a suitable candidate is not identified.

A Diploma or Degree in Computer Science, Information Technology, or a related field. Equivalent qualifications will also be considered. Valid Certified Ethical Hacker (CEH), Offensive Security Certified Professional (OSCP) or CompTIA PenTest+ certification is required. Additional certifications such as ISC2 SSCP or other relevant information security credentials are advantageous. Minimum of 3 years' hands-on experience in information and cyber security operations. Proven experience in managing cybersecurity awareness programs, including phishing simulation campaigns. Familiarity with key industry regulations and frameworks, including but not limited to: ISO/IEC27001, NIST CSF, PCI-DSS, MITRE ATT$CK and COBIT. Understanding and development of IT security policies, standards, and procedures is beneficial. Experience with multiple operating systems, including Windows, Red Hat, Debian and other Unix-based platforms is advantageous.

Closing Date: 21 October 2025.