Midrand: Cyber Security Specialist – End-Point, Threat Detection & Response posted by Gijima Holdings: HR

About the Role

Gijima Holdings is seeking a highly skilled Cyber Security Specialist – End-Point, Threat Detection & Response to join our team in Midrand. As a key member of our security operations centre, you will be responsible for designing, implementing and continuously optimising endpoint detection use cases aligned to the MITRE ATT&CK framework and evolving threat landscape. You will also lead and execute endpoint threat investigations and incident response activities, including identification, containment, eradication and recovery.

Key Responsibilities

### 1. Endpoint Security Management

* Administer, optimise and continuously improve Endpoint Security Solutions, including the research, design and implementation of advanced protection technologies

* Install, configure, manage and support endpoint security platforms including:

+ Symantec/Crowdstrike/Sentinel One (AV, DLP, DCS, Encryption, ATP, EDR)

+ McAfee (AV, Encryption, DAM, MVision, EDR)

+ Microsoft (Defender, Intune, BitLocker, ATP)

+ Sophos EDR

* Develop and maintain endpoint security policies, procedures, standards and architecture documentation aligned to industry best practices

* Provide technical leadership in the delivery of endpoint security solutions, including hands-on implementation, mentorship and capability development of team members

* Contribute to solution design and provide subject matter expertise for RFPs and client engagements

* Ensure endpoint security services are delivered in accordance with SLA requirements, governance frameworks and regulatory obligations

* Drive continuous improvement of endpoint security posture through compliance monitoring, risk assessments, vulnerability management and security awareness initiatives

### 2. Threat Detection & Response

* Design, implement and continuously optimise endpoint detection use cases aligned to the MITRE ATT&CK framework and evolving threat landscape

* Perform advanced detection engineering, including rule creation, tuning, correlation and false positive reduction across EDR platforms

* Lead and execute endpoint threat investigations and incident response activities, including identification, containment, eradication and recovery

* Conduct root cause analysis (RCA) and develop actionable recommendations to prevent recurrence and strengthen controls

* Collaborate with Security Operations Centre (SOC) teams to support alert triage, escalation and coordinated response activities

* Leverage threat intelligence feeds to proactively identify, analyse and mitigate emerging threats impacting endpoint environments

* Develop, maintain and optimise incident response playbooks and runbooks for endpoint-related threats

* Implement and enhance automated response capabilities using EDR and SOAR technologies to improve response efficiency and consistency

### 3. Threat Hunting & Continuous Improvement

* Perform proactive threat hunting across endpoint environments using behavioural analytics, anomaly detection and endpoint telemetry

* Identify and analyse Indicators of Compromise (IOCs) and adversary tactics, techniques and procedures (TTPs) to enhance detection capabilities

* Continuously refine and improve detection logic, hunting methodologies and response strategies based on emerging threats and intelligence

* Provide strategic input into the enhancement of enterprise threat detection and response capability maturity

* Support ongoing innovation in endpoint security through the evaluation and adoption of new tools, techniques and automation approaches

Requirements

### 1. Endpoint Security & Platform Expertise

* Advanced experience in endpoint protection platforms (Symantec, McAfee, Microsoft Defender, Sophos) with relevant certifications

* Strong experience in agent deployment, configuration, troubleshooting and optimisation

* In-depth knowledge of endpoint protection disciplines, including:

+ Anti-malware

+ Host Intrusion Prevention Systems (HIPS)

+ Disk encryption

+ Host-based firewalls

+ URL filtering

* Working knowledge of Host Data Loss Prevention (DLP) advantageous

* Strong understanding of Windows endpoint security; Unix/Linux security knowledge advantageous

* Working knowledge of SQL for reporting, data analysis and query optimisation

### 2. Threat Detection, Incident Response & Security Operations

* Strong experience in endpoint detection and response (EDR) technologies and threat detection methodologies

* Proven capability in detection engineering, including rule creation, tuning, correlation and false positive reduction

* Hands-on experience in incident response, including threat identification, containment, eradication and recovery

* Knowledge of incident response frameworks (e.g. NIST, SANS) and security operational processes

* Experience working within or supporting a Security Operations Centre (SOC) environment

* Familiarity with SIEM platforms (e.g. Microsoft Sentinel, Splunk, QRadar) and integration with endpoint solutions

### 3. Threat Hunting & Malware Analysis

* Experience in proactive threat hunting using endpoint telemetry, behavioural analytics and anomaly detection techniques

* Strong understanding of MITRE ATT&CK framework and adversary tactics, techniques and procedures (TTPs)

* Proven capability in:

+ Malware behaviour analysis

+ Indicator of Compromise (IOC) identification and analysis

+ Memory and endpoint forensic analysis

* Ability to translate threat intelligence into actionable detection and response improvements

### 4. Scripting, Automation & Orchestration

* Proficiency in scripting for automation and security operations, including:

+ PowerShell