FORMAL EDUCATION:
- Grade 12
- Relevant Diploma/Degree
TECHNICAL / LEGAL CERTIFICATION:Essential- ITIL Foundation certification
- Relevant endpoint security platform certification(s) (e.g. Microsoft Defender, Symantec, McAfee or equivalent)
- Recognised cyber security certification (e.g. CompTIA Security+, equivalent)
Advantageous / Preferred- Advanced cyber security certifications such as:
- CISSP, CISM, or CISA
- Security Operations / Threat Detection certifications (e.g. Microsoft SC-200, CompTIA CySA+ or equivalent)
- Vendor-specific certifications aligned to endpoint and security technologies (e.g. Microsoft Defender, Sophos, Trellix/McAfee, Symantec, Sentinel One, Crowdstrike)
- Certifications related to incident response, threat hunting or forensic analysis
- Cloud security certifications (e.g. Microsoft Azure Security, AWS Security)
EXPERIENCE:- Minimum of 1 years’ experience in Information Technology
- Minimum of 1 years’ experience in technical information security roles, with a strong focus on threat investigation related to endpoint security
- Proven experience in the design, deployment, configuration and optimisation of Endpoint Security and Endpoint Detection & Response (EDR) solutions in enterprise environments
- Practical experience in threat detection, investigation and incident response, including containment, eradication and recovery activities
- Experience in proactive threat hunting, detection use case development and continuous improvement of detection capabilities
- Strong understanding and practical application of security frameworks and best practices, such as ISO 27001, NIST
- Experience in developing and implementing security policies, standards and procedures, aligned to governance and regulatory requirements
- Experience in integrating endpoint security solutions within Security Operations Centre (SOC) environments, including interaction with SIEM platforms and incident management processes
- Exposure to network security principles and technologies, with ability to understand broader security architecture
- Experience working within standards-based architectures, including implementation, compliance monitoring and control enforcement
- Experience providing technical leadership, mentoring and guidance within security engineering or operations teams
RESPONSIBILITIES:1. Endpoint Security Management- Administer, optimise and continuously improve Endpoint Security Solutions, including the research, design and implementation of advanced protection technologies
- Install, configure, manage and support endpoint security platforms including:
- Symantec/Crowdstrike/Sentinel One (AV, DLP, DCS, Encryption, ATP, EDR)
- McAfee (AV, Encryption, DAM, MVision, EDR)
- Microsoft (Defender, Intune, BitLocker, ATP)
- Sophos EDR
- Develop and maintain endpoint security policies, procedures, standards and architecture documentation aligned to industry best practices
- Provide technical leadership in the delivery of endpoint security solutions, including hands-on implementation, mentorship and capability development of team members
- Contribute to solution design and provide subject matter expertise for RFPs and client engagements
- Ensure endpoint security services are delivered in accordance with SLA requirements, governance frameworks and regulatory obligations
- Drive continuous improvement of endpoint security posture through compliance monitoring, risk assessments, vulnerability management and security awareness initiatives
2. Threat Detection & Response- Design, implement and continuously optimise endpoint detection use cases aligned to the MITRE ATT&CK framework and evolving threat landscape
- Perform advanced detection engineering, including rule creation, tuning, correlation and false positive reduction across EDR platforms
- Lead and execute endpoint threat investigations and incident response activities, including identification, containment, eradication and recovery
- Conduct root cause analysis (RCA) and develop actionable recommendations to prevent recurrence and strengthen controls
- Collaborate with Security Operations Centre (SOC) teams to support alert triage, escalation and coordinated response activities
- Leverage threat intelligence feeds to proactively identify, analyse and mitigate emerging threats impacting endpoint environments
- Develop, maintain and optimise incident response playbooks and runbooks for endpoint-related threats
- Implement and enhance automated response capabilities using EDR and SOAR technologies to improve response efficiency and consistency
3. Threat Hunting & Continuous Improvement- Perform proactive threat hunting across endpoint environments using behavioural analytics, anomaly detection and endpoint telemetry
- Identify and analyse Indicators of Compromise (IOCs) and adversary tactics, techniques and procedures (TTPs) to enhance detection capabilities
- Continuously refine and improve detection logic, hunting methodologies and response strategies based on emerging threats and intelligence
- Provide strategic input into the enhancement of enterprise threat detection and response capability maturity
- Support ongoing innovation in endpoint security through the evaluation and adoption of new tools, techniques and automation approaches
JOB REQUIREMENTS:1. . Endpoint Security & Platform Expertise- Advanced experience in endpoint protection platforms (Symantec, McAfee, Microsoft Defender, Sophos) with relevant certifications
- Strong experience in agent deployment, configuration, troubleshooting and optimisation
- In-depth knowledge of endpoint protection disciplines, including:
- Anti-malware
- Host Intrusion Prevention Systems (HIPS)
- Disk encryption
- Host-based firewalls
- URL filtering
- Working knowledge of Host Data Loss Prevention (DLP) advantageous
- Strong understanding of Windows endpoint security; Unix/Linux security knowledge advantageous
- Working knowledge of SQL for reporting, data analysis and query optimisation
2. Threat Detection, Incident Response & Security Operations- Strong experience in endpoint detection and response (EDR) technologies and threat detection methodologies
- Proven capability in detection engineering, including rule creation, tuning, correlation and false positive reduction
- Hands-on experience in incident response, including threat identification, containment, eradication and recovery
- Knowledge of incident response frameworks (e.g. NIST, SANS) and security operational processes
- Experience working within or supporting a Security Operations Centre (SOC) environment
- Familiarity with SIEM platforms (e.g. Microsoft Sentinel, Splunk, QRadar) and integration with endpoint solutions
3. Threat Hunting & Malware Analysis- Experience in proactive threat hunting using endpoint telemetry, behavioural analytics and anomaly detection techniques
- Strong understanding of MITRE ATT&CK framework and adversary tactics, techniques and procedures (TTPs)
- Proven capability in:
- Malware behaviour analysis
- Indicator of Compromise (IOC) identification and analysis
- Memory and endpoint forensic analysis
- Ability to translate threat intelligence into actionable detection and response improvements
4. Scripting, Automation & Orchestration- Proficiency in scripting for automation and security operations, including:
- Experience with endpoint security orchestration and automated response mechanisms
- Knowledge of API integration and development of automation workflows
- Exposure to Security Orchestration, Automation and Response (SOAR) platforms advantageous
