Specialist: Cyber Incident and Threat Intelligence

Apply now »

Date: 9 Sept 2025

Location: Centurion, Gauteng, ZA

Company: Company

Structural Information

Job number:                     10008704

Job title:                             Specialist: Cyber Incident and Threat Intelligence

Job grade:                          S5

Group/ BU:                       Corporate

Division:                             CIO

Span of control:               0-5

Reports to:                        Senior Management

Core Description

Responsible for identifying, analyzing, and responding to cyber threats and incidents targeting the organization. This role combines deep technical expertise with investigative skills to monitor threat landscapes, detect malicious activities, and provide actionable intelligence to improve the organization’s cybersecurity posture. Works closely with SOC teams, digital forensics, and other cybersecurity functions to ensure proactive threat detection and effective incident response.

Job Responsibilities

  • Oversee the planning, design, implementation, testing, and operation of cyber breach resilience processes and systems on networks and applications.
  • Maintain awareness of the latest and common security threats, attack vectors, and Tactics, Techniques, and Procedures (TTPs) and maintain up-to-date threat profiles.
  • Act as an escalation point and subject matter expert for cybersecurity incidents and threat mitigation.
  • Develop and maintain incident management plans, procedures, controls, playbooks, and incident response strategies.
  • Lead cyber incident simulation exercises.
  • Designing and implementing a disaster recovery plan, ensuring Telkom can effectively respond to unexpected security incidents.
  • Monitor dark web, open-source intelligence (OSINT), and threat feeds to identify emerging threats.
  • Ensure that adequate processes are in place to collect, analyze, and disseminate threat intelligence from internal and external sources.
  • Lead or support cyber incident investigations, including detection, containment, eradication, and recovery processes.
  • Enhance detection rules and use cases in XDR and threat detection platforms.
  • Correlate intelligence with real-time security events to identify and prioritize threats.
  • Develop dashboards, visualizations, and metrics to report on threat trends and incident statistics.
  • Stay up to date with cybersecurity trends, zero-day vulnerabilities, and global threat activity.
  • Lead and ensure collaboration with the SOC team during incident handling.
  • Create threat intelligence reports, indicators of compromise (IOCs), and threat briefs for stakeholders.

Core Competencies

FUNCTIONAL KNOWLEDGE
Deep understanding of threat actor tactics, techniques, and procedures; Proficiency in using threat intelligence frameworks; Ability to contextualize and operationalize indicators of compromise; Experience in evaluating open-source and commercial threat intelligence feeds; Competence in producing and validating threat intelligence reports and advisories

FUNCTIONAL SKILLS
Analytical & Investigative; Communication & Interpretation; Decision Making; Problem Solving; Project & Task Management; Risk Awareness

ATTITUDES/ LEADERSHIP COMPETENCIES
Integrity; Assertive; Confident; Initiator; Supportive; Persuasive; Team Player; Problem Ownership

Certifications

    Education

    • NQF 6: 3 year Diploma/ National Diploma in Information Technology

    Experience

    • 5 Years relevant experience

    Additional Information

    Certifications:

    • Preferred certifications: Must have at least one of the following - CISM, CRISC CISSP, SABSA or ISO27001/2.
    • Additional desired certification: CoBIT, TOGAF, ITIL.

    Special Requirements

    • None

    Physical Requirements

    • None

    Key Stakeholders

    • Enterprise and IT Architects
    • Internal Business Customers
    • External Customers
    • Consultants and specialists
    • Executive & Governance Forums