Cyber Security Specialist

Job Description

Hello Future Cyber Security Specialist

Welcome to FNB, the home of the #changeables. We design for the shapeshifters and deliver products and services that make us incredibly proud of people that make it happen.

As part of our talent team, you will be surrounded by unique talents, diverse minds, and an adaptable environment that lives up to the promise of staying curious. Now’s the time to imagine your potential in a team where experts come together and ignite effective change.

Overview of the role and requirements:

• The successful candidates plays a KEY role in the following 3 areas:
  • Defining and delivering the Cyber Detection Strategy (Alerting for the SOC to in order to detect any malicious activity)
  • Performing Pro-Active Threat Hunting to find any malicious activity that may have evaded the security controls deployed in the bank.
• Alternate Cyber Security Incident First Responder Lead for FRG
• Security Consulting where required by FRG Business Units
• Threat Intelligence Analytics and Response
• To provide guidance and support in delivering the Cyber Detection Strategy and performing pro-active threat hunting to detect malicious cyber activity against the bank
• Red Team/Penetration Testing Experience

What you will need:

• 5+ years experience in a similar role
• Bachelor degree in a related field such as information security, management or computer engineering
• CEH (Certified Ethical Hacker) OR CISSP (Certified Information Systems Security Professional)
• Strong command of cyber threat detection, investigation and mitigation
• Knowledge of Incident Response and Investigations
• Working knowledge and experience of core security and infrastructure technologies (e.g. firewall logs, network security tools, malware detonation devices, proxies, IPS/IDS)
• Red Team/Penetration Testing Experience
• This is a hands-on technical role and requires a high level of technical ability and understanding across a variety of security systems, particularly within Microsoft and Cisco.
• Strong awareness of cyber-attack techniques and how protective monitoring systems can be used for detection, mitigation, remediation and protection.
• Experience in working with a SIEM

You will be responsible for:

Cyber Security Detection Framework

• Business Owners of all playbooks (Definition, Coordination and Review)
• Enhance and Automate Security Alerting (Use Cases and Playbooks)
• Understand the Threat Landscape
  • Make use of threat intelligence information together with organizations vulnerabilities to understand potentially new organizational threats or threats that are no longer of concern
  • Identify NEW Threats that require use cases for alerting into the SOC
• Design and Maintain Alerts by translating complex security requirements into technical use case specifications
  • Document Threat Attack Paths through Threat Modelling Techniques (Take lead on the identification of threats and risks)
  • Host use case workshops with application and system owners to identify attack vectors and write monitoring rules to detect attacks in the environment
  • Create correlation rules and/or logic to detect malicious activity
  • Identify what log sources is required to build the Use Case
  • Develop the Use Case - Separate signal from noise, distilling meaningful and actionable alerts from the collection of event information (EFFECTIVENESS)
  • Test and Productionise the Use Case

• Alert Optimisation
  • To reduce false alerts, improve alert quality for effective intervention and reduce alert fatigue
  • Log Analytics – To uncover patterns in user behaviours and identify potential problems pro-activity

Pro-Active Threat Hunting

• To proactively hunt for and investigate security events to identify artefacts of a cyber-attack.
• To proactively and iteratively detect, isolate and neutralize advanced threats that evade automated security solutions.
• To track and neutralize adversaries who could either be an insider (employee) or outsider (organized crime group)
• Search for cyber threats before an attack happens, when threats are identified the hunter needs to gather as much information on the behaviour, goals and methods of adversaries as possible to hand over to the Incident Response team.
• Responsible for reviewing system log events to proactively detect advanced threats that evade traditional security solutions.
• Set up basic hunts for the SOC analysts to run on a regular basis
  • Hunts – Indicators of Compromise (IOC) Investigations. Identification of threats and breaches that may have previously gone unnoticed through other means.  Hunting results can also help drive improvement in monitoring systems. Previous unknown IOC’s and malware may also be identified
• Event Analytics
  • Review Events that transpired and look for common trends to see if there is any further remediation required or
  • Improvements to current security products to detect and block more effectively
• Log Analytics
  • Find suspicious activity,
  • To detect recurring patterns and
  • Pick up insecure protocols being used within the organization

Cyber Security Incident Response Lead (Participate or Lead a CSIRT Incident Response event)

• Providing response and initial management of any incident classified as P1 or P2 security incident
• Lead or Participate in a CSIRT Incident Response event.
  • Co-ordinate the effective handling of the incident
  • Identifying the root cause and recommending actions to be taken to contain and remediate the event
  • Manage or provide in-depth technical investigations
• Security Incident Response Lead (Participate or Lead a CSIRT Incident Response event. (In-Depth technical investigations))
• Responsible for compiling the Incident Report to close out the incident

Threat Intelligence for FRB (Outside In and Inside Out)

• Threat Assessment Monitoring
  • Responsible for threat landscape assessment and monitoring; brand abuse, information leakage, fake apps, phishing sites and other scam detection and take down, as well as general and telecommunications malware analysis and IOC generation.
• Threat Intelligence Feeds - Undertake analysis and monitoring of security feeds and other open source intelligence to research and gather information on vulnerabilities and exploits relevant to the bank.
  • Identify and evaluate new sources of intelligence, and integrate in SIEM to provide single view of potential threats.
• Produce Cyber Threat Intelligence (Reporting) - Cybersecurity and information threat assessment based on published threats and the companies known vulnerabilities. (Outside In Intelligence)
  • Produce actionable intelligence for FRG and the business units (Inside Out Intelligence)
  • Liaise with internal and external technical stakeholders, providing intelligence regarding threat actor techniques, tactics and procedures to ensure correct and timely focused threat detection and mitigation.
  • Produce quality tactical threat intelligence reports (This will result in promoting awareness of emerging cyber threats with recommended responses)

We can be a match if you can:

• Strong personal characteristics, energy, drive, focus, motivation, responsibility
• Self-motivated with ability to work without supervision
• Outcomes Driven (“Can Do” Attitude)
• Time Management
• Ability to perform within a Crisis Situation

You will have access to:

• Opportunities to network and collaborate.
• Challenging Work.
• Opportunities to innovate.

#Post

#FNB

#LI-NN2

Are you interested to take the step? We look forward to engaging with you further. Apply now!

Job Details

Take note that applications will not be accepted on the below date and onwards, kindly submit applications ahead of the closing date indicated below.

12/05/25

All appointments will be made in line with FirstRand Group’s Employment Equity plan. The Bank supports the recruitment and advancement of individuals with disabilities. In order for us to fulfill this purpose, candidates can disclose their disability information on a voluntary basis. The Bank will keep this information confidential unless we are required by law to disclose this information to other parties.