About Purpose of Position: Specialist: Cyber Security Threat Hunter Jobs at Transnet

Position Purpose:
Cyber Security Threat Hunter:
The purpose of this role is to Develop and implement a proactive, ongoing and ever evolving discipline to prevent, detect, monitor and analyse cybersecurity traffic activities across the entire TFR network. The incumbent should be able to employ advanced detection technologies that go beyond the traditional technologies such as security information & event management (SIEM), endpoint detection & response (EDR) and others.
• Investigate possible anomalies to find any yet to be discovered malicious activities that could lead to a full-blown breach.
• Be able to use a combination of advanced analytics, machine learning and rule-based detection to identify suspicious activities throughout the network • Execute on information security activities such as vulnerability management, application development security, business continuity, networking, risk management, etc.
• Research security trends, new methods and techniques used in order to pre-emptively eliminate the possibility of system breaches
• Identify threat actors based on the environment, domain and attack behaviours
• Install software that monitors systems and networks for security breaches and intrusions
• Perform intelligence-driven network defence supporting the monitoring and incident response capabilities.
• Responsible for the detection of the threat actors to zero ransomware infections, brings deep knowledge of the attacker landscape and tradecraft to create the innovations necessary to uncover and prevent even the most well-funded attacker.
• Ensure that proactive measures are put in place to detect any possible cyber threats before they materialise, mitigate
threats before they compromise an organization and has the ability to act swiftly in containing the threats that have materialised to minimise impact operations, while triggering Cyber Security Incident Response Plan actions.
• Collect, process and analyse Cyber threats and warning assessments.
• Employ the best practice hunting frameworks (i.e The targeted hunting integrating threat intelligence framework, The MITRE PRE-ATT&CK and ATT&CK framework)

Transnet Specialist: Cyber Security Threat Hunter Job Requirements

Transnet Specialist: Cyber Security Threat Hunter job requirements are following:-

Qualifications & Experience:
Qualifications, Experience & Inherent Job Requirements
• NDip or Bachelor’s degree in computer Science, Information technology, software, computer engineering, information
systems or Cyber Security or related or equivalent field.
Certifications:
• At least one of the following certifications from a professional body, Certified threat Hunting Professional, OSCP, CEH,
CISSP, GWAPT, GREM, GCFE.
• ISO 27001 is an advantage.
Experience:
• 2 – 3 years of experience in the Information Security field especially in penetration testing execution.
• Established experience with record of identifying threats.
• Experience in Cloud computing Technology and
Mobile platforms and tablet platforms.
• Experience with log analysis and familiarity with various SIEM tools (Splunk, Elastic, ArcSight, QRadar, etc.)
• General Information Technology and Computer Networking knowledge preferred
Standard Job Requirements:
• Requirement of trust and honesty in the handling of finances as per the National Credit Act Amendment 19.
• Must undergo Lifestyle Audit
• Driver’s license
Competencies:
Knowledge:
• Must have knowledge of tools associated with cyber security operations centres e.g. log management, proxy technologies,
correlation solutions, Security Information and Event Management (SIEM), SOAR and common security tools.
• Knowledge in scripting such as PowerShell, Python.
• Extensive knowledge of all domains within Information Security.
• IT governance
Strategy & Sustainability
Strategic Thinking-Formulates strategies and business plans to achieve the overall organisation’s direction
Commercial Awareness-Keeps abreast of internal and external factors that can impact the business
Innovating-Generates new ideas or solutions by thinking “outside of the box”; reviews current processes or systems and
identifies ways to optimise them
Inspiring People-Leads by example. Inspires, motivates and empowers team members to do their best
Inspirational Leadership
Managing Talent-Provides clear direction and sets performance standards/requirements for the team
Leading Change-Leads and directs change initiatives
Embracing Diversity-Leads and promotes equal opportunity and has an appreciation for diversity in the workplace.
Business Performance and Delivery
Lead Business Performance-Leads the business to be more efficient and effective
Strategic Decision Making-Is decisive and takes full accountability for decisions
Business Acumen-Understands and deals with various business situation using obtained knowledge and a broad spectrum
of expertise
Analysing-Thinks in a systemic way but is open to new approaches
Relationship Management
Communicating Effectively-Communicates the business strategy and objectives in a clear and manner
Collaborating and Networking-Build wide and effective relationships with people inside and outside of the organisation to
help achieve the organisations goals and objectives
Service Orientated-Leads by example; strives for a customer centric culture where everyone acts with the customer in mind
Persuading and Influencing-Is able to persuade and influence those around him/her for the benefit of achieving the
organisation/department’s goals and objectives. Identifies and influences key decision makers using strong persuasive
techniques and creates a strong personal impression that leads to buy in from others
Corporate Governance & Compliance
Leading Governance
Always work in the best interest of the organisation and aligns business practices to the ethical obligations and good
corporate governance
Leading Safety Practice-Leads safety practices by communicating, enforcing and supporting all safety standards and
activities
Leading Risk Management-Identifies areas of risks and implements corrective actions to mitigate the impact of risks to
ensure overall sustainability
Personal Mastery
Learning and Applying Expertise-Dedicated to continuous learning and self-improvement.
Resilience-Manages pressure effectively and copes well with criticism and setbacks
Emotional Intelligence-Is aware of own leadership style and is able to adapt style to enhance team and business
performance
Vigour & Personal Drive-Accepts and tackles demanding goals with enthusiasm. Works hard and shows energy and
persistence to achieve high quality results. Is a role model for others who strive for personal excellence
Functional Requirements
• Pattern Recognition/Deductive Reasoning: Can look for patterns that match the tactics, techniques and procedures of
known threat actors, advanced malware and unusual behaviours.
• Data Analytics: Has solid understanding of data analytics and data science approaches, tools and techniques
• Forensics: Ability to investigate the root cause and develop an attack timeline of events through network and endpoint
forensics

Specialist: Cyber Security Threat Hunter Job Responsibility for Transnet Job Vacancy

Position outputs:
Strategy:
• Responsible for processes that are designed to enhance the Security Operations and Threat Intelligence workflow by
redesigning process and approach to operationalize the sharing and utilization of actionable intelligence and indicators.
• Benchmarking of leading and industry best practise and technology trends to ensure that threat detection, response and
remediation tools implemented are effective and enhance resilience to cyber threats in the ever-changing cyber threat
landscape.
• Provide Trend analysis of Malicious Operations with mitigations to be included in the overall Risk assessment for the
organisation.
• Provide subject matter expertise to the development of Cyber Operations specific indicators (Org KPIs).
• Development and delivery of high-quality threat briefings, reporting and presentations by providing actionable intelligence to
the Cyber Security Incident Response Team in line with the approved PPSG’s.
Information and Cyber Security Incidents and Events Management (SIEM)
• Responsible for the Security Incidents and Events Management processes intended to neutralize advanced threats that
might invade the security operations centre (SOC) resulting in the denial of service, disrupting business operations.
• Provide input towards Intelligence production, reporting, collection and operations which will support information
assessments for the purpose of informing leadership which will aid operational planning and execution.
• Monitor and report changes in threat dispositions, activities and tactics which relate to designated Cyber Operations
warning problem sets.
• Monitor open-source websites for hostile content directed towards TFR.
• Active monitoring of operational environment which fulfils leaderships priority on information requirements.
• Produce all cyber operations intelligence, indications and warnings in line with threat assessments.
• Conduct ethnical hostile intentional activity which could possibility impacts TFR’s operations and information integrity.
• Develop Human Computer interaction principles
• Be involved with ICTM Architecture on Network Structure and communication protocols to ensure threat detection.
AI Driven Intelligence Threat Operations and Hunting
• Responsible for the functions of threat operations and hunting and serve as the liaison for Threat Intelligence in the Security
Operations Center.
• Responsible for the analysis of large amounts of data from vendors and internal sources, including various sources such as
Technologies, Systems, indicator feeds, IIoT, logs, dumps, network packets employing several threat hunting tools.
• Responsible for the monitoring of the incident handling, incident response, and forensics processes and outcomes to
ensure implementation of recommendations designed to improve the security posture and resilience of the digital-eco-system
and landscape.
• Assist in identifying (hunting) and profiling threat actors and hackers.
Response Management
• Report into SOC with Malicious Operations (Mal Ops) validated threat activity and changes to threat dispositions in relation
cyber operations warnings.
• Report intelligence on significant network events and intrusions.
• Continual consultation on response management internally and externally where required to do so.
• Collaborate with various teams in Fraud on cases, providing technical investigative capabilities that will assist in responding
vulnerabilities and curbing cyber threats.
• In the event of a breach occuring, responsible to minimize damage, recover compromised data and preserve evidence for
forensic and legal action.
Information and Cyber Security Programme Management
• Ensures implementation of integration/orchestration of security infrastructure, standards, control measures and indicators
with TFR Digital eco-system and existing landscape.
• Ensure collaboration with all ICTM programmes within TFR with the intent to detect and protect.
• Support Cyber Operations actively and Response Management.
• Implement Cyber Threat Automation within TFR.
Policies and Procedure:
• Implement regulation and legislative requirements in line with to South African and International frameworks adopted for
Cyber Security and Privacy such as NIST and ISO270001.
• Ensure compliance and adherence to all internal policies and procedures.
• Keep abreast of cyber operation policies in line with environment preparation for defence and attack.
• Provides input into the drafting of Security policies, processes, standards and procedures.
Reporting
• Provide management reports on current intelligence support.
• Provide Malicious Operations (Mal Ops) reports
• Play a collaborative role within reporting structures where applicable.
• Report into SOC with Mal Ops
Shareholder Management
• Collaborate with inter-departmental teams to help detect new, interesting or unique threats and mitigations based on
hunting observations
• Active involvement of communicating high Cyber Resilience within TFR.
• Communicate Human Computer interaction principles
• Communicate with service provider as required.
Governance/Compliance/Risk
• Apply Cyber Ethnical principles in all related activities.
• Ensure compliance to TFR’s policies and procedures.
• Conduct Risk assessments in terms of Cyber-attack stages and apply defence methodologies.
• Ensure and comply with reporting requirements both internally and externally.
• Resolution of Audit findings timeously.
Financial Management
• Manage budget accordingly and report deviations.
• Provide input for budget requirements to support Cyber Resilience.