Specialist: Cyber Defense

Role purpose:
To support the Technology Security in managing and maintaining security tools and compliance levels across the environment.

Key accountabilities and decision ownership:

• Management of Security Tools: Oversee the deployment, configuration, and management of security tools and technologies.
• Continuous Monitoring: Conduct proactive monitoring, analysing, and respond to security events and incidents using SIEM and other security monitoring tools.
• Threat Intelligence: Manage and analyse threat intelligence to anticipate and mitigate potential cyber threats.
• Incident Response: Work on incident response, including investigation, forensic analysis, and recovery. Maintain and improve incident response procedures, including playbooks.
• Vulnerability Management: Oversee vulnerability management programs, including patch management, collaborate with IT and network teams to remediate vulnerabilities and implement appropriate defenses.
• Privileged Access Management (PAM): Implement and manage PAM solutions to ensure secure access to the systems.
• Endpoint Detection and Response (EDR): Deploy and manage EDR solutions to detect, investigate and respond to endpoint threats. Ensure robust endpoint visibility and protection
• System Hardening: Implement security best practices to harden all infrastructure systems, following company and industry security standards.
• Collaborate with cross-functional teams, including developers, database administrators, and system admins.

Core competencies, knowledge and experience:

• Experience with network and security technologies.
• Experience with Systems: Windows and Linux.
• 3–5 years of experience in cybersecurity
• Hands-on experience managing and responding to alerts from EDR platforms.
• Proficiency with PAM tools
• Strong understanding of system hardening standards (e.g., CIS Benchmarks, STIG).
• Experience with SIEM tools and log correlation techniques.
• Familiarity with MITRE ATT&CK, NIST CSF, and other cybersecurity frameworks.
• Strong problem-solving skills and attention to detail.
• Written and verbal communication, including technical writing skills, across various levels.

Must have technical / professional qualifications:

• Relevant diploma or degree in Information Systems Technology.

• Formal security-related training or professional development courses are also valued.
• Industry-recognized certifications are recommended, such as:

1. CompTIA Security+, Cisco CCNA Security, CompTIA CySA+ or equivalent.
2. Cybersecurity certifications are advantageous
3. Vendor-specific certifications in EDR or PAM are a plus.

Key performance indicators:

• Vodacom Compliance level regular Reporting;
• Incident Response Time: Measure the Average Time to Detect (MTTD) and Respond (MTTR) to security incidents.
• Vulnerability Remediation Time: Monitor the time taken to identify and remediate vulnerabilities.
• System Uptime: Ensure high availability, uptime and health status of security tools
• EDR Effectiveness: Endpoint coverage (% of devices with active EDR agents)
• Privileged Access Management (PAM): % of privileged accounts managed through PAM solutions
• System Hardening: % of critical systems compliant with hardening baselines.