Cyber Security Specialist: End - Point, Threat Detection & Response

Cyber Security Specialist - End-Point, Threat Detection & Response

Recruiter

Gijima Holdings

Job Ref

HR000260/EV

Date posted

Tuesday, June 9, 2026

Location

Midrand, South Africa

SUMMARY

PURPOSE

To proactively identify, assess, detect and respond to endpoint-related risks and threats across the enterprise environment by leveraging advanced Endpoint Detection and Response (EDR) capabilities, threat intelligence and industry best practices. The role interfaces across business, technical and infrastructure domains to monitor security posture, investigate potential vulnerabilities, and implement effective remediation strategies.

The incumbent is responsible for driving continuous improvement of endpoint security controls through the optimisation of detection capabilities, enhancement of response processes, and alignment to established standards, frameworks and regulatory requirements, thereby strengthening the organisation’s overall threat detection and response maturity.

POSITION INFO

FORMAL EDUCATION: Grade 12 Relevant Diploma/Degree TECHNICAL / LEGAL CERTIFICATION: Essential ITIL Foundation certification Relevant endpoint security platform certification(s) (e.g. Microsoft Defender, Symantec, McAfee or equivalent) Recognised cyber security certification (e.g. CompTIA Security+, equivalent) Advantageous / Preferred Advanced cyber security certifications such as: CISSP, CISM, or CISA Security Operations / Threat Detection certifications (e.g. Microsoft SC-200, CompTIA CySA+ or equivalent) Vendor-specific certifications aligned to endpoint and security technologies (e.g. Microsoft Defender, Sophos, Trellix/McAfee, Symantec, Sentinel One, Crowdstrike) Certifications related to incident response, threat hunting or forensic analysis Cloud security certifications (e.g. Microsoft Azure Security, AWS Security) EXPERIENCE: Minimum of 1 years' experience in Information Technology Minimum of 1 years' experience in technical information security roles, with a strong focus on threat investigation related to endpoint security Proven experience in the design, deployment, configuration and optimisation of Endpoint Security and Endpoint Detection & Response (EDR) solutions in enterprise environments Practical experience in threat detection, investigation and incident response, including containment, eradication and recovery activities Experience in proactive threat hunting, detection use case development and continuous improvement of detection capabilities Strong understanding and practical application of security frameworks and best practices, such as ISO 27001, NIST Experience in developing and implementing security policies, standards and procedures, aligned to governance and regulatory requirements Experience in integrating endpoint security solutions within Security Operations Centre (SOC) environments, including interaction with SIEM platforms and incident management processes Exposure to network security principles and technologies, with ability to understand broader security architecture Experience working within standards-based architectures, including implementation, compliance monitoring and control enforcement Experience providing technical leadership, mentoring and guidance within security engineering or operations teams RESPONSIBILITIES: 1 . Endpoint Security Management Administer, optimise and continuously improve Endpoint Security Solutions, including the research, design and implementation of advanced protection technologies Install, configure, manage and support endpoint security platforms including: - Symantec/Crowdstrike/Sentinel One (AV, DLP, DCS, Encryption, ATP, EDR) - McAfee (AV, Encryption, DAM, MVision, EDR) - Microsoft (Defender, Intune, BitLocker, ATP) - Sophos EDR Develop and maintain endpoint security policies, procedures, standards and architecture documentation aligned to industry best practices Provide technical leadership in the delivery of endpoint security solutions, including hands-on implementation, mentorship and capability development of team members Contribute to solution design and provide subject matter expertise for RFPs and client engagements Ensure endpoint security services are delivered in accordance with SLA requirements, governance frameworks and regulatory obligations Drive continuous improvement of endpoint security posture through compliance monitoring, risk assessments, vulnerability management and security awareness initiatives 2. Threat Detection & Response Design, implement and continuously optimise endpoint detection use cases aligned to the MITRE ATT&CK framework and evolving threat landscape Perform advanced detection engineering, including rule creation, tuning, correlation and false positive reduction across EDR platforms Lead and execute endpoint threat investigations and incident response activities, including identification, containment, eradication and recovery Conduct root cause analysis (RCA) and develop actionable recommendations to prevent recurrence and strengthen controls Collaborate with Security Operations Centre (SOC) teams to support alert triage, escalation and coordinated response activities Leverage threat intelligence feeds to proactively identify, analyse and mitigate emerging threats impacting endpoint environments Develop, maintain and optimise incident response playbooks and runbooks for endpoint-related threats Implement and enhance automated response capabilities using EDR and SOAR technologies to improve response efficiency and consistency 3. Threat Hunting & Continuous Improvement Perform proactive threat hunting across endpoint environments using behavioural analytics, anomaly detection and endpoint telemetry Identify and analyse Indicators of Compromise (IOCs) and adversary tactics, techniques and procedures (TTPs) to enhance detection capabilities Continuously refine and improve detection logic, hunting methodologies and response strategies based on emerging threats and intelligence Provide strategic input into the enhancement of enterprise threat detection and response capability maturity Support ongoing innovation in endpoint security through the evaluation and adoption of new tools, techniques and automation approaches JOB REQUIREMENTS: 1. . Endpoint Security & Platform Expertise Advanced experience in endpoint protection platforms (Symantec, McAfee, Microsoft Defender, Sophos) with relevant certifications Strong experience in agent deployment, configuration, troubleshooting and optimisation In-depth knowledge of endpoint protection disciplines, including: Anti-malware Host Intrusion Prevention Systems (HIPS) Disk encryption Host-based firewalls URL filtering Working knowledge of Host Data Loss Prevention (DLP) advantageous Strong understanding of Windows endpoint security; Unix/Linux security knowledge advantageous Working knowledge of SQL for reporting, data analysis and query optimisation 2. Threat Detection, Incident Response & Security Operations Strong experience in endpoint detection and response (EDR) technologies and threat detection methodologies Proven capability in detection engineering, including rule creation, tuning, correlation and false positive reduction Hands-on experience in incident response, including threat identification, containment, eradication and recovery Knowledge of incident response frameworks (e.g. NIST, SANS) and security operational processes Experience working within or supporting a Security Operations Centre (SOC) environment Familiarity with SIEM platforms (e.g. Microsoft Sentinel, Splunk, QRadar) and integration with endpoint solutions 3. Threat Hunting & Malware Analysis Experience in proactive threat hunting using endpoint telemetry, behavioural analytics and anomaly detection techniques Strong understanding of MITRE ATT&CK framework and adversary tactics, techniques and procedures (TTPs) Proven capability in: Malware behaviour analysis Indicator of Compromise (IOC) identification and analysis Memory and endpoint forensic analysis Ability to translate threat intelligence into actionable detection and response improvements 4. Scripting, Automation & Orchestration Proficiency in scripting for automation and security operations, including: PowerShell Python Experience with endpoint security orchestration and automated response mechanisms Knowledge of API integration and development of automation workflows Exposure to Security Orchestration, Automation and Response (SOAR) platforms advantageous