Specialist, Threat Intelligence

Job Overview

Business Segment: Group Functions

Location: ZA, undefined, Johannesburg, 30 Baker Street

Job Type: Full-time

Job Ref ID: A-0001

Date Posted: 12/11/2025

Job Description

To provide Cyber-InfoSec expertise, professional knowledge, and technical skills to prevent cyber-attacks, significant reputational, financial, or other losses. To implement SBGs Cyber Resilience Programme to prevent cyber-attacks, protect sensitive data and systems from infiltration or misuse and execute the InfoSec capabilities against policies, standards, and controls across relevant functions

Qualifications

A degree in Information Technology or Computer Science.

IT Risk/Security certification such as CISM, CISSP or CISA is required.

A relevant Azure/AWS Cloud Certification is required

Experience Required:

Proficiency in Python is required. Experience with PowerShell, Bash and Ruby is an added advantage.

Experience in implementing machine learning and AI-powered automation workflows.

Design, develop, and maintain robust and scalable automation scripts and applications using Python and other scripting languages.

Experience with API integrations, database management (SQL/NoSQL), cloud infrastructures and cloud serverless technologies (e.g. AWS Lambda, Azure Functions) for implementing scalable cloud applications.

Experience with defensive technologies such as SIEMs, EDR tools, Threat Intelligence Platforms (TIP), OSINT tools and offensive technologies such as Burp Suite, Cobalt Strike, and Metasploit is an added advantage.

Experience within Financial Service Industry developing threat models, risk profiles, cybersecurity risk and incident management, and insight into crime in the financial sector.

Strong IT understanding, gaining insight into digital and platform operating models and cyber security trends and solutions, building cyber security intelligence.

Additional Information

Key Responsibilities:

Evaluate, develop and implement cyber security processes, tools integration and automation workflows for intelligence observation, enrichment, triage and investigations.

Implement machine learning and AI-powered automation workflows to provide intelligence observability and enrichment, enabling automated threat scoring reporting, and analysis of threat observations.

Debug, troubleshoot and optimize existing automation workflows and applications.

Document and present technical designs, specifications, and user manuals for all developed tools and workflows.

Integrate intelligence data from open-source, commercial, and internal sources to create a unified view for actionable intelligence analysis.

Research and stay current on application security threats, vulnerabilities, and emerging tactics, techniques and procedures (TTPs).

Familiarity with the MITRE ATT&CK framework, Cyber Kill Chain, or other security-related frameworks.

Support purple teaming exercises to build cyber resiliency across security teams.

Behavioural Competencies:

Adopting Practical Approaches

Articulating Information

Developing Strategies

Embracing Change

Exploring Possibilities

Generating Ideas

Interpreting Data

Making Decisions

Meeting Timescales

Producing Output

Providing Insights

Team Working

Technical Competencies:

Data Analysis

Debugging and Fixing Software

Information Security Management

IT Risk Management

Software Development Life Cycle (SDLC) methodologies & Tools

Technical Analysis

Use of Build and Test Automation

Write Code

Please note: All our recruitment processes comply with the applicable local laws and regulations. We will never ask for money or any from of payment as part of our recruitment process. If you experience this, please contact our Fraud line on or