Cyber Security Specialist - End-Point, Threat Detection & Response

FORMAL EDUCATION

• Grade 12
• Relevant Diploma/Degree

• ITIL Foundation certification
• Relevant endpoint security platform certification(s) (e.g. Microsoft Defender, Symantec, McAfee or equivalent)
• Recognised cyber security certification (e.g. CompTIA Security+, equivalent)

• Advanced cyber security certifications such as:
• CISSP, CISM, or CISA
• Security Operations / Threat Detection certifications (e.g. Microsoft SC-200, CompTIA CySA+ or equivalent)
• Vendor-specific certifications aligned to endpoint and security technologies (e.g. Microsoft Defender, Sophos, Trellix/McAfee, Symantec, Sentinel One, Crowdstrike)
• Certifications related to incident response, threat hunting or forensic analysis
• Cloud security certifications (e.g. Microsoft Azure Security, AWS Security)

• Minimum of 1 years’ experience in Information Technology
• Minimum of 1 years’ experience in technical information security roles, with a strong focus on threat investigation related to endpoint security
• Proven experience in the design, deployment, configuration and optimisation of Endpoint Security and Endpoint Detection & Response (EDR) solutions in enterprise environments
• Practical experience in threat detection, investigation and incident response, including containment, eradication and recovery activities
• Experience in proactive threat hunting, detection use case development and continuous improvement of detection capabilities
• Strong understanding and practical application of security frameworks and best practices, such as ISO 27001, NIST
• Experience in developing and implementing security policies, standards and procedures, aligned to governance and regulatory requirements
• Experience in integrating endpoint security solutions within Security Operations Centre (SOC) environments, including interaction with SIEM platforms and incident management processes
• Exposure to network security principles and technologies, with ability to understand broader security architecture
• Experience working within standards-based architectures, including implementation, compliance monitoring and control enforcement
• Experience providing technical leadership, mentoring and guidance within security engineering or operations teams

• Administer, optimise and continuously improve Endpoint Security Solutions, including the research, design and implementation of advanced protection technologies
• Install, configure, manage and support endpoint security platforms including:
• Symantec/Crowdstrike/Sentinel One (AV, DLP, DCS, Encryption, ATP, EDR)
• McAfee (AV, Encryption, DAM, MVision, EDR)
• Microsoft (Defender, Intune, Bit Locker, ATP)
• Sophos EDR
• Develop and maintain endpoint security policies, procedures, standards and architecture documentation aligned to industry best practices
• Provide technical leadership in the delivery of endpoint security solutions, including hands‑on implementation, mentorship and capability development of team members
• Contribute to solution design and provide subject matter expertise for RFPs and client engagements
• Ensure endpoint security services are delivered in accordance with SLA requirements, governance frameworks and regulatory obligations
• Drive continuous improvement of endpoint security posture through compliance monitoring, risk assessments, vulnerability management and security awareness initiatives

• Design, implement and continuously optimise endpoint detection use cases aligned to the MITRE ATT&CK framework and evolving threat landscape
• Perform advanced detection engineering, including rule creation, tuning, correlation and false positive reduction across EDR platforms
• Lead and execute endpoint threat investigations and incident response activities, including identification, containment, eradication and recovery
• Conduct root cause analysis (RCA) and develop actionable recommendations to prevent recurrence and strengthen controls
• Collaborate with Security Operations Centre (SOC) teams to support alert triage, escalation and coordinated response activities
• Leverage threat intelligence feeds to proactively identify, analyse and mitigate emerging threats impacting endpoint environments
• Develop, maintain and optimise incident response playbooks and runbooks for endpoint-related threats
• Implement and enhance automated response capabilities using EDR and SOAR technologies to improve response efficiency and consistency

• Perform proactive threat hunting across endpoint environments using behavioural analytics, anomaly detection and endpoint telemetry
• Identify and analyse Indicators of Compromise (IOCs) and adversary tactics, techniques and procedures (TTPs) to enhance detection capabilities
• Continuously refine and improve detection logic, hunting methodologies and response strategies based on emerging threats and intelligence
• Provide strategic input into the enhancement of enterprise threat detection and response…