Cyber Security Specialist
Description:
Hello Future Cyber Security Specialist
Welcome to FNB, the home of the #changeables. We design for the shapeshifters and deliver products and services that make us incredibly proud of people that make it happen.
As part of our talent team, you will be surrounded by unique talents, diverse minds, and an adaptable environment that lives up to the promise of staying curious. Now’s the time to imagine your potential in a team where experts come together and ignite effective change.
Overview of the role and requirements:
Understand the AI threat landscape and attacks to design and build a monitoring and response framework.
Design and execute security frameworks for cloud environments to enhance monitoring and detection capabilities.
Provide technical leadership during Cyber Security Incident Response Team (CSIRT) engagements.
Plan, design, and facilitate tabletop exercises for internal business units to strengthen incident response readiness.
Collaborate with team members to architect and build effective detection mechanisms and cybersecurity frameworks.
Conduct proactive threat hunting focused on identifying tactics, techniques, and procedures (TTPs) used by threat actors, particularly within cloud and AI ecosystems.
Partner with cross-functional teams to assess and mitigate risks associated with cloud infrastructure and AI systems.
What you will need:
5+ years' experience in a similar role
Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, Engineering, or a related discipline.
Offensive Security Certified Professional (OSCP) certification is required.
Demonstrated experience in cybersecurity, with a strong focus on AI and cloud security.
Additional certifications in cloud technologies, artificial intelligence, or machine learning are advantageous
You will be responsible for:
Cyber Security Detection Framework
Business Owners of all playbooks (Definition, Coordination and Review)
Enhance and Automate Security Alerting (Use Cases and Playbooks)
Understand the Threat Landscape
Make use of threat intelligence information together with organizations vulnerabilities to understand potentially new organizational threats or threats that are no longer of concern
Identify NEW Threats that require use cases for alerting into the SOC
Design and Maintain Alerts by translating complex security requirements into technical use case specifications
Document Threat Attack Paths through Threat Modelling Techniques (Take lead on the identification of threats and risks)
Host use case workshops with application and system owners to identify attack vectors and write monitoring rules to detect attacks in the environment
Create correlation rules and/or logic to detect malicious activity
Identify what log sources is required to build the Use Case
Develop the Use Case - Separate signal from noise, distilling meaningful and actionable alerts from the collection of event information (EFFECTIVENESS)
Test and Productionise the Use Case
Alert Optimisation
To reduce false alerts, improve alert quality for effective intervention and reduce alert fatigue
Log Analytics – To uncover patterns in user behaviours and identify potential problems pro-activity
Pro-Active Threat Hunting
To proactively hunt for and investigate security events to identify artefacts of a cyber-attack.
To proactively and iteratively detect, isolate and neutralize advanced threats that evade automated security solutions.
To track and neutralize adversaries who could either be an insider (employee) or outsider (organized crime group)
Search for cyber threats before an attack happens, when threats are identified the hunter needs to gather as much information on the behaviour, goals and methods of adversaries as possible to hand over to the Incident Response team.
Responsible for reviewing system log events to proactively detect advanced threats that evade traditional security solutions.
Set up basic hunts for the SOC analysts to run on a regular basis
Hunts – Indicators of Compromise (IOC) Investigations. Identification of threats and breaches that may have previously gone unnoticed through other means. Hunting results can also help drive improvement in monitoring systems. Previous unknown IOC’s and malware may also be identified
Event Analytics
Review Events that transpired and look for common trends to see if there is any further remediation required or
Improvements to current security products to detect and block more effectively
Log Analytics
Find suspicious activity,
To detect recurring patterns and
Pick up insecure protocols being used within the organization
Cyber Security Incident Response Lead (Participate or Lead a CSIRT Incident Response event)
Providing response and initial management of any incident classified as P1 or P2 security incident
Lead or Participate in a CSIRT Incident Response event.
Co-ordinate the effective handling of the incident
Identifying the root cause and recommending actions to be taken to contain and remediate the event
Manage or provide in-depth technical investigations
Security Incident Response Lead (Participate or Lead a CSIRT Incident Response event. (In-Depth technical investigations))
Responsible for compiling the Incident Report to close out the incident
Threat Intelligence for FRB (Outside In and Inside Out)
Threat Assessment Monitoring
Responsible for threat landscape assessment and monitoring; brand abuse, information leakage, fake apps, phishing sites and other scam detection and take down, as well as general and telecommunications malware analysis and IOC generation.
Threat Intelligence Feeds - Undertake analysis and monitoring of security feeds and other open source intelligence to research and gather information on vulnerabilities and exploits relevant to the bank.
Identify and evaluate new sources of intelligence, and integrate in SIEM to provide single view of potential threats.
Produce Cyber Threat Intelligence (Reporting) - Cybersecurity and information threat assessment based on published threats and the companies known vulnerabilities. (Outside In Intelligence)
Produce actionable intelligence for FRG and the business units (Inside Out Intelligence)
Liaise with internal and external technical stakeholders, providing intelligence regarding threat actor techniques, tactics and procedures to ensure correct and timely focused threat detection and mitigation.
Produce quality tactical threat intelligence reports (This will result in promoting awareness of emerging cyber threats with recommended responses)
We can be a match if you can:
Strong personal characteristics, energy, drive, focus, motivation, responsibility
Self-motivated with ability to work without supervision
Outcomes Driven (“Can Do” Attitude)
Time Management
Ability to perform within a Crisis Situation
You will have access to:
Opportunities to network and collaborate.
Challenging Work.
Opportunities to innovate.
#Post
#FNB
#LI-NN2
Are you interested to take the step? We look forward to engaging with you further. Apply now!
Job Details
Take note that applications will not be accepted on the below date and onwards, kindly submit applications ahead of the closing date indicated below.
31/10/25
All appointments will be made in line with FirstRand Group’s Employment Equity plan. The Bank supports the recruitment and advancement of individuals with disabilities. In order for us to fulfill this purpose, candidates can disclose their disability information on a voluntary basis. The Bank will keep this information confidential unless we are required by law to disclose this information to other parties.
R33379