JOB TITLE Principal Cyber Security Specialist (Blue Team) LOCATION Hybrid / Remote (Johannesburg / Cape Town) ABOUT CYBERLOGIC Cyberlogic is a trusted Managed Solutions Provider with offices in South Africa, Mauritius, and the UK. Serving a diverse range of clients, spanning numerous industries, including the international maritime sector, Cyberlogic specialises in IT leadership, cyber security, cloud solutions, and business intelligence. For almost three decades, Cyberlogic has been committed to enabling digital transformation through delivering unquestionable value. Our delivery focus has enabled us to build up a national and international footprint of loyal clients that rely on us to provide transparent, open guidance to improve their processes, grow their businesses, and secure their data. Cyberlogic is part of the Hyperclear Technology group, which boasts a diverse technology offering including robotic process automation (RPA), business process management (BPM) data analytics, and decisioning technology. Through our non-profit, R4C (Ride for a Child), we partner with Bright Start Education Foundation, an organisation empowering deserving learners from underprivileged communities, providing holistic support and guidance throughout their educational careers. OUR VALUES We challenge ourselves to be more AWESOME We are driven to KEEP learning and EVOLVING We look beyond symptoms to identify and RESOLVE ROOT CAUSES We hold each other accountable through CANDID and constructive FEEDBACK We respect and care for each other and know we will only SUCCEED if we work AS A TEAM We CARE deeply ABOUT the success of CYBERLOGIC We FINISH WHAT WE START We always GIVE OUR BEST even if it means putting in the hard yards We KEEP THINGS SIMPLE PURPOSE OF POSITION As a Principal Cyber Security Specialist, your role will be to provide strategic investigative leadership for the Blue Team. You will be a principal resource in ensuring effective incident response, high-quality threat detection, risk alignment, and thorough forensic investigations. The role drives continuous improvement initiatives, mentors and guides analysts, and delivers clear, actionable insights to leads and business stakeholders. Additionally, the role is responsible for developing and maintaining in-depth documentation for forensic investigations and incident response procedures, as well as delivering structured training to enhance team capability, consistency, and operational maturity. KEY RESPONSIBILITIES PoC Forensics Tools Development and management of an in-depth forensic investigation environment (sandbox) and advanced analysis tooling to support secure malware detonation, threat analysis, evidence preservation, and detailed incident investigations. Possesses advanced expertise across multiple forensic disciplines, including digital forensics, computer forensics, network forensics, and memory forensics, enabling comprehensive investigation, evidence analysis, and incident reconstruction across diverse environments. Lead the implementation of policies and frameworks by coordinating with relevant teams and ensuring they are effectively integrated into the organisation's operations. Leverages proactive security technologies, including threat intelligence feeds and emerging cybersecurity solutions, to continuously improve detection accuracy, accelerate response times, and enhance overall resilience against evolving threats. Risk Management Lead the identification, assessment, and prioritisation of cyber security risks, developing clear, actionable risk analysis reports that quantify potential risks, present findings to clients for decision-making, and outline mitigation strategies aligned with the organisation’s security policies and best practices. Oversee the risk management process by ensuring that all risks are recorded and assigned to a risk owner to manage the risk. Conduct complex cyber security risk assessments, identifying strategic and operational risks, and potential vulnerabilities in the organisation. Lead and oversee implementation of risk mitigation strategies. Technical Security Processes Regularly evaluate and refine security processes to ensure they remain effective and up to date. Track emerging cyber security trends and assess their potential impact on clients, integrating relevant innovations into existing processes. Engage in continuous research to anticipate changes in the cyber security landscape, allowing for proactive adjustments to technical security processes. Strategy and Process Improvement Conduct weekly meetings with the Blue team leads to review departmental goals and discussing strategies for business and departmental development. Design and refine security strategies and processes to enhance protection against cyber threats. Identify areas for improvement within Blue Team operations technologies, implement and streamline workflows, and reduce inefficiencies. Standardise technical incident response procedures across the team, ensuring consistency and adherence to best practices. Conduct regular reviews of technical operations processes and investigative tools to ensure they remain relevant and effective in addressing current threats. Security Tools and Technologies Collaborate with vendors to stay informed about updates and potential issues. Perform thorough pre- and post-update checks to verify that security tools are functioning correctly after any changes. Incident Response & Control Evaluation Oversee the incident response process, ensuring swift and effective handling of security incidents feedback to the SOC leads. Develop and maintain incident response playbooks, ensuring they are up to date and reflect the latest threat landscape. Conduct post-incident analysis to identify lessons learned and implement improvements. Support the incident response team to ensure breaches are handled in line with regulatory requirements and company policies. Support with post-incident reviews, identifying lessons learned and driving process improvements. Assist in maintaining and enhancing breach response plans, ensuring it aligns with evolving threats and regulations. Continuous Learning Stay up to date with industry trends and best practices to enhance technical expertise. Attend Cyberlearning sessions on a weekly basis. Continuously upskill in the Cyber Security domain. Coaching & Mentoring Train and onboard new team members, as well as provide ongoing training and development opportunities for existing team members. Participate and provide input in recruitment of new team members. Foster collaboration by encouraging teamwork, open communication, and a supportive atmosphere within the team. Assist leads with performance stats for review cycles. Participate in weekly / daily team meetings. Assess the skills and knowledge of team members to identify areas where improvement or development is needed and provide feedback to the leads. Standby Serve as a third point of contact for client inquiries, including handling escalations. Reporting and Presenting Review technical reports compiled by the team, detailing the approach, scope, findings, recommendations and next steps. Present detailed reports to management (clients and internally). KEY REQUIREMENTS Desired 5+ years National Senior Certificate or equivalent CRISC CISSP Microsoft SC-401 Microsoft SC-100 Microsoft SC-200 Microsoft AZ-500 CCSP GCIH Beneficial Bachelor’s Degree: In Computer Science, Information Technology, cyber security, or a related field Darktrace Threat Visualizer Part 1 - Famailirization Threat Visualizer Part 2 - Investigation Cyber Analyst Part 1 & Part 2 Darktrace/ Email Part 1 - Famailirization Darktrace/ Email Part 2 - Customization Qualys Vulnerability Management Self-Paced Training Patch Management Self-Paced Training Web Application Scanning Self-Paced Training Cloud Agent Self-Paced Training Qualys API Fundamental Self-Paced Training TECHNICAL COMPETENCIES AND SKILLS Advanced understanding of Security Operations Center functions. Advanced knowledge of security frameworks and standards. Advanced technical and configuration knowledge across different security technologies. Advanced knowledge of Microsoft Security Tools. Strong knowledge of security technologies, including SIEM, IDS/IPS, endpoint security, and vulnerability management. Advanced knowledge of cloud-based technologies and security policies. Advanced understanding of data loss prevention (DLP), and identity and access management (IAM) techniques. Advanced understanding of data governance, classification and privacy protection practices and techniques. Advanced skill in developing policies, plans, playbooks, and procedures. Critical thinking and Investigate know how Advanced skill in Project management. Advanced skills MS365 environment. BEHAVIORAL COMPETENCIES Structured Detail-Focused Rational Listening Collaboration Self-Development Calm Strategic Direct Influential Striving Ethics Should you work from home, it is your responsibility to ensure that you have uninterrupted internet connectivity and a ‘work-like’ environment at your home location to deliver your best in terms of performance and productivity. #J-18808-Ljbffr