Job Description

Closing Date 2025/07/25
Reference Number AEC250710-6
Pillar Head Office
Job Title Security Defense and Operation Lead
Job Type Classification Permanent
Job Grade DU
Number of Positions 1
Location - Town / Site Woodmead
Location - Province Gauteng
Location - Country South Africa

Purpose of the Job

• To lead the operational defense of the AECI's digital infrastructure by coordinating incident response, managing vulnerability remediation, and maintaining critical security controls.
• This role ensures that threats identified by the v Security Operations Center (SOC) are swiftly addressed, security incidents are resolved, and endpoint and network protections are continuously optimized.
• The position plays a key role in safeguarding business continuity, minimizing cyber risk exposure, and supporting compliance with internal and external security standards.

Key Internal Stakeholders

• IT Infrastructure and Operations Teams - for coordinating patching, vulnerability remediation, and endpoint protection.
• Service Desk - for executing incident response actions and escalating security alerts.
• SOC and Vulnerability Management Providers - for threat detection, alert triage, and vulnerability scanning.
• Application Security and DevSecOps Teams - for integrating response playbooks and ensuring secure development practices.
• Risk & Compliance Team - for aligning incident response with audit and compliance requirements.

Key External Stakeholders

• Third-party Security Vendors - including EDR, SOC, and vulnerability scanning service providers.
• Managed Security Service Providers (MSSPs) - where applicable, for outsourced monitoring or incident support.
• Auditors and Regulatory Bodies - during security audits or post-incident reviews

Key Performance Areas Input

• SOC alerts and threat intelligence Lead incident remediation for threats identified by the virtual Security Operations Center (SOC), ensuring timely and effective containment and recovery.

• External vulnerability scans and internal IT coordination Coordinate vulnerability remediation, ensuring vulnerabilities are tracked, prioritized, and resolved in collaboration with IT teams.

• Security incident logs and patch reports Verify resolution of security incidents and validate that patching activities are completed and effective.

• Vulnerability management workflows Optimize alert handoffs and reporting workflows, reducing false positives and improving response efficiency.

• Endpoint Detection & Response (EDR) and network segmentation tools Maintain and monitor critical security controls, ensuring continuous protection and compliance with security baselines.

• Service provider SLAs and performance metrics Monitor third-party performance, ensuring vSOC and vulnerability management providers meet contractual obligations and service levels.

• Threat scenarios and operational procedures Develop and maintain unified response playbooks for technical teams, enabling consistent and rapid response to incidents

Qualifications & Experience

• Bachelor's degree in Information Security, Computer Science, Information Technology, or a related field.
• Industry-recognized cybersecurity certifications such as:
• Certified Information Systems Security Professional (CISSP)
• GIAC Certified Incident Handler (GCIH)
• Certified Ethical Hacker (CEH)
• CompTIA Security+ or CySA+
• Microsoft certifications aligned to security operations and threat response:
• SC-200: Microsoft Security Operations Analyst - focused on threat detection, investigation, and response using Microsoft Defender and Sentinel
• SC-300: Microsoft Identity and Access Administrator - relevant for IAM and access control integration
• SC-900: Microsoft Security, Compliance, and Identity Fundamentals - foundational knowledge of Microsoft security and compliance solutions
• Familiarity with Microsoft Defender for Endpoint, Microsoft Sentinel, and other Microsoft 365 security tools is highly advantageous.
• Additional training in incident response, vulnerability management, and EDR platforms is recommended.

• 6-10 years of progressive experience in cybersecurity operations, including hands-on incident response and threat remediation.
• Proven experience managing or working closely with a virtual Security Operations Center (SOC) and vulnerability management platforms.
• Strong background in coordinating patch management and vulnerability remediation across IT and infrastructure teams.
• Experience maintaining and optimizing endpoint detection and response (EDR) tools and network segmentation controls.
• Demonstrated ability to develop and implement incident response playbooks and operational workflows.
• Familiarity with managing third-party security service providers and evaluating their performance.
• Exposure to enterprise IT environments, preferably with SAP, Active Directory, and hybrid cloud infrastructure.

Personal Attributes

• Incident response coordination and remediation leadership
• Vulnerability management and patch lifecycle coordination
• Security control implementation and optimization (e.g., EDR, network segmentation)
• Workflow design and automation for SOC alert handling and reporting
• Technical writing for playbooks and response procedures
• Familiarity with vulnerability scanning tools and remediation processes
• Knowledge of endpoint protection platforms and network security architecture
• Awareness of cybersecurity frameworks (e.g., NIST, MITRE ATT&CK)
• Understanding of IT infrastructure and service desk integration
• Strong collaboration and communication across technical and non-technical teams
• Analytical mindset with attention to detail in threat analysis and remediation
• Accountability and ownership of operational security outcomes
• Continuous improvement orientation, especially in optimizing workflows and controls