Detailed description

The successful candidate will be responsible for the following key performance areas:

• Contribute to the development of incident response documentation, including terms of reference and operating procedures.
• Define and improve the CSIRT operations and coordinate activities, including communications to external parties in the event of severe incidents.
• Refine and continually improve cybersecurity incident management plans, tools, methods and processes.
• Plan and organise cyber incident simulations and desktop exercises.
• Effectively coordinate the response to security breaches and lead the investigation and containment of the incident by sourcing and interpreting advanced information and executing operational countermeasures, including making technical configuration changes.
• Conduct post-incident root cause analyses and contribute to the improvement of security monitoring, intelligence and forensic teams.
• Work with external cyber liaison functions to ensure CSIRT coordination aligns with the wider sector and national and international cyber resilience coordination.
• Manage coordination between the incident response team and the investigative and support functions to ensure all stakeholder priorities are addressed.
• Manage external forensic and advanced incident response support to ensure the delivery of value and alignment with sectoral processes.
• Stay abreast of industry practices and changes and incorporate them into the various functional areas.
• Compile and provide integrated management information reports to support decision-making.
• Lead and participate in engagements with relevant stakeholders/clients and external parties, including the sectoral, national and international liaison, for the purpose of information-sharing and coordinated technical response.
• Compose clear and concise CSIRT close out reports, detailing causes, investigation outcomes, actions taken, recommendations and lessons learnt.
• Understand the cyber threat landscape and stay abreast of emerging threats and threat actors.

Job requirements

To be considered for this position, candidates must be in possession of:

• a minimum of an Honours degree (NQF 8) in Information Technology or an equivalent qualification;
• valid advanced cybersecurity certifications, such as Certified Information Systems Security Professional or SANS 504™ or equivalent role-focused certifications; and
• at least eight to 10 years in information security, with three to five years’ job-related experience in a core security incident response team role.