Job Details
- Expires 9 November 0 days left to apply
- Reference number: Unit 3 – E22951
- Province: Western Cape
- Type of engagement: Permanent appointment
- Posted: November 1st
- Remuneration package: The annual remuneration package, including benefits, is negotiable between R1,137 499 and R1,338 233 depending on experience and qualifications.
Background to Position
The Information Security team is responsible for protecting the confidentiality, availability and integrity of the University of Cape Town’s information and information systems. We are looking to recruit a self-motivated, proactive Senior manager who will lead the development of existing, and the implementation of new processes and procedures. Although a senior level management role, the role retains responsibility for the practical application of cyber operations. It would suit an individual who has demonstrated experience of stakeholder management and can lead a team of security analysts through the effective identification, response, and recovery process for cyber incidents, even when working under pressure.
Job Description
Skills and experience:
- Do you have demonstrated experience working in Cyber Security Operations?
- Can you effectively manage security incidents, ensuring the appropriate process is followed from start to finish?
- Are you skilled in Cyber Security incident analysis?
- Are you looking to take your cyber skillset to the next level, leading and developing others?
- Do you possess excellent interpersonal skills, with the ability to communicate with staff at all levels?
- Are you able to build effective working relationships with internal and external stakeholders?
If the answer to these questions is yes – we want to hear from you!
The full summary of duties and skills required for the role can be found in the Job Description
Non-technical Skills:
- Communication skills (Verbal and written)
- Strong analytical skills (analyze security requirements and relate them to appropriate security controls)
- Problem solving
- Decision making
- Prioritization and Time management
- Financial Management and budgeting
- Strategy development and planning
- Team building and HR Management
- Emotional Intelligence
- Coaching and Mentoring
Technical skills:
- Advanced proficiency in security architecture and network security
- Advanced understanding of network security including TCP/IP, common networking ports and protocols, traffic flow, system administration, OSI model, defense-in-depth, and common network security elements.
- Hands-on experience analyzing high volumes of logs, network data (e.g., NetFlow, FPC), and other attack artifacts in support of incident investigations
- Proficiency in information security incident handling
- Proficiency with some of the following: Anti-Virus, HIPS, ID/PS, Full Packet Capture, Host Based Forensics, Network Forensics, and RSA Security
- In-depth knowledge of architecture, engineering, and operations of at least one enterprise SIEM platform (e.g., Nitro/McAfee Enterprise Security Manager, ArcSight, QRadar, Log Logic, Splunk)
- Demonstrable understanding of mobile technology and operating systems (i.e., Android, iOS, Windows),
- Computer security (Windows, Mac, and Linux)
- Demonstrable understanding of virtualization and containerization technologies e.g., VMware technology, Kubernetes
Knowledge requirements:
- Performing risk, business impact, control, and vulnerability assessments, and in defining treatment strategies.
- Fundamentals of threat modelling.
- Fundamentals of attack frameworks such as Mitre, Lock Head kill-chain.
- Fundamentals of pen-testing methodologies such as OSSTM, ISSAF, NIST SP800-115 or PTES
- Developing and documenting security architecture and plans, including strategic, tactical and project plans.
- Common information security management frameworks, such as International Standards Organization (ISO) 2700x, the IT Infrastructure Library (ITIL) and Control Objectives for Information and Related Technology (COBIT) frameworks
- An understanding of operating system internals and network protocols.
- Familiarity with the principles of cryptography and cryptanalysis.
- Fundamentals of digital forensics (investigation oversight, host-based forensics, network forensics and forensic counter measures)
- Fundamentals of system technology security testing (vulnerability scanning and penetration testing).
- Familiarity in application technology security testing (white box, black box, and code review).
Professional registration or license requirements:
- SANS GIAC/GCIA/GCIH, CISSP or CASP, CBCP, MCBI and/or SIEM-specific training and certification.
Flexible Work conditions are available
Inherent Criteria
Requirements:
- Relevant qualification at NQF level 7 (Computer Science, Information Systems or similar)
- Advanced certifications such as SANS GIAC/GCIA/GCIH, CISSP or CASP and/or SIEM-specific training and certification
- 10 years’ experience in Information technology (Enterprise infrastructure) with a minimum of 5 years in an information and cyber security role. 3 years must be experience in a senior management role at team level or higher, with demonstrated experience and understanding of project and program management
Application Requirement
To apply, please e-mail the documents below:
- Applicants must complete hr201 form
- Personal statement, up to 1,000 words, you should set out in your statement why you are interested in this role and provide examples of where your skills and experience meet the requirements for this role as detailed in the advert and job description
- Curriculum Vitae (CV).
The document should be named according to the following guidelines:
Reference Number, Senior Manager Core Infrastructure Services, Surname, First Initial.
An application which does not comply with the above requirements will be regarded as incomplete and will not be considered. Only short-listed candidates will be contacted and may be required to undergo competency
“UCT is a designated employer and is committed to the pursuit of excellence, diversity, and redress in achieving its equity targets in accordance with the Employment Equity Plan of the University and its Employment Equity goals and targets. Preference will be given to candidates from the under-represented designated groups. Our Employment Equity Policy is available at www.uct.ac.za/downloads/uct.ac.za/about/policies/eepolicy.pdf. “
UCT reserves the right not to appoint