Cyberlogic Logo

Principal Cyber Security Specialist - Blue Team

🇿🇦 South Africa🔒 Cybersecurity🟡 Principal

Job Description

JOB TITLE:

Principal Cyber Security Specialist (Blue Team)

LOCATION:

Hybrid / Remote (Johannesburg / Cape Town)

ABOUT CYBERLOGIC:

Cyberlogic is a trusted Managed Solutions Provider with offices in South Africa, Mauritius, and the UK. Serving a diverse range of clients, spanning numerous industries, including the international maritime sector, Cyberlogic specialises in IT leadership, cyber security, cloud solutions, and business intelligence. For almost three decades, Cyberlogic has been committed to enabling digital transformation through delivering unquestionable value.

Our delivery focus has enabled us to build up a national and international footprint of loyal clients that rely on us to provide transparent, open guidance to improve their processes, grow their businesses, and secure their data.

Cyberlogic is part of the Hyperclear Technology group, which boasts a diverse technology offering including robotic process automation (RPA), business process management (BPM) data analytics, and decisioning technology.

Through our non-profit, R4C (Ride for a Child), we partner with Bright Start Education Foundation, an organisation empowering deserving learners from underprivileged communities, providing holistic support and guidance throughout their educational careers.​

OUR VALUES:

  • We challenge ourselves to be more AWESOME
  • We are driven to KEEP learning and EVOLVING
  • We look beyond symptoms to identify and RESOLVE ROOT CAUSES
  • We hold each other accountable through CANDID and constructive FEEDBACK
  • We respect and care for each other and know we will only SUCCEED if we work AS A TEAM
  • We CARE deeply ABOUT the success of CYBERLOGIC
  • We FINISH WHAT WE START
  • We always GIVE OUR BEST even if it means putting in the hard yards
  • We KEEP THINGS SIMPLE

PURPOSE OF POSITION:

As a Principal Cyber Security Specialist, your role will be to provide strategic investigative leadership for the Blue Team. You will be a principal resource in ensuring effective incident response, high-quality threat detection, risk alignment, and thorough forensic investigations. The role drives continuous improvement initiatives, mentors and guides analysts, and delivers clear, actionable insights to leads and business stakeholders.

Additionally, the role is responsible for developing and maintaining in-depth documentation for forensic investigations and incident response procedures, as well as delivering structured training to enhance team capability, consistency, and operational maturity.

KEY RESPONSIBILITIES:

PoC Forensics Tools:

  • Development and management of an in-depth forensic investigation environment (sandbox) and advanced analysis tooling to support secure malware detonation, threat analysis, evidence preservation, and detailed incident investigations.
  • Possesses advanced expertise across multiple forensic disciplines, including digital forensics, computer forensics, network forensics, and memory forensics, enabling comprehensive investigation, evidence analysis, and incident reconstruction across diverse environments.
  • Lead the implementation of policies and frameworks by coordinating with relevant teams and ensuring they are effectively integrated into the organisation’s operations.
  • Leverages proactive security technologies, including threat intelligence feeds and emerging cybersecurity solutions, to continuously improve detection accuracy, accelerate response times, and enhance overall resilience against evolving threats.

Risk Management:

  • Lead the identification, assessment, and prioritisation of cyber security risks, developing clear, actionable risk analysis reports that quantify potential risks, present findings to clients for decision-making, and outline mitigation strategies aligned with the organisation’s security policies and best practices.
  • Oversee the risk management process by ensuring that all risks are recorded and assigned to a risk owner to manage the risk.
  • Conduct complex cyber security risk assessments, identifying strategic and operational risks, and potential vulnerabilities in the organisation.
  • Lead and oversee implementation of risk mitigation strategies.

Technical Security Processes:

  • Regularly evaluate and refine security processes to ensure they remain effective and up to date.
  • Track emerging cyber security trends and assess their potential impact on clients, integrating relevant innovations into existing processes.
  • Engage in continuous research to anticipate changes in the cyber security landscape, allowing for proactive adjustments to technical security processes.

Strategy and Process Improvement

  • Conduct weekly meetings with the Blue team leads to review departmental goals and discussing strategies for business and departmental development.
  • Design and refine security strategies and processes to enhance protection against cyber threats.
  • Identify areas for improvement within Blue Team operations technologies, implement and streamline workflows, and reduce inefficiencies.
  • Standardise technical incident response procedures across the team, ensuring consistency and adherence to best practices.
  • Conduct regular reviews of technical operations processes and investigative tools to ensure they remain relevant and effective in addressing current threats.

Security Tools and Technologies:

  • Collaborate with vendors to stay informed about updates and potential issues.
  • Perform thorough pre- and post-update checks to verify that security tools are functioning correctly after any changes.

Incident Response & Control Evaluation:

  • Oversee the incident response process, ensuring swift and effective handling of security incidents feedback to the SOC leads.
  • Develop and maintain incident response playbooks, ensuring they are up to date and reflect the latest threat landscape.
  • Conduct post-incident analysis to identify lessons learned and implement improvements.
  • Support the incident response team to ensure breaches are handled in line with regulatory requirements and company policies.
  • Support with post-incident reviews, identifying lessons learned and driving process improvements.
  • Assist in maintaining and enhancing breach response plans, ensuring it aligns with evolving threats and regulations.

Continuous Learning:

  • Stay up to date with industry trends and best practices to enhance technical expertise.
  • Attend Cyberlearning sessions on a weekly basis.
  • Continuously upskill in the Cyber Security domain.

Coaching & Mentoring:

  • Train and onboard new team members, as well as provide ongoing training and development opportunities for existing team members.
  • Participate and provide input in recruitment of new team members.
  • Foster collaboration by encouraging teamwork, open communication, and a supportive atmosphere within the team.
  • Assist leads with performance stats for review cycles.
  • Participate in weekly / daily team meetings.
  • Assess the skills and knowledge of team members to identify areas where improvement or development is needed and provide feedback to the leads.

Standby:

  • Serve as a third point of contact for client inquiries, including handling escalations.

Reporting and Presenting:

  • Review technical reports compiled by the team, detailing the approach, scope, findings, recommendations and next steps.
  • Present detailed reports to management (clients and internally).

KEY REQUIREMENTS:

Desired:

  • 5+ years
  • National Senior Certificate or equivalent
  • CRISC
  • CISSP
  • Microsoft SC-401
  • Microsoft SC-100
  • Microsoft SC-200
  • Microsoft AZ-500
  • CCSP
  • GCIH
  • CCSP

Beneficial:

  • Bachelor’s Degree: In Computer Science, Information Technology, cyber security, or a related field
  • Darktrace

- Threat Visualizer Part 1 - Familiarization

- Threat Visualizer Part 2 - Investigation

- Cyber Analyst Part 1 & Part 2

- Darktrace/ Email Part 1 - Famailirization

- Darktrace/ Email Part 2 - Customization

  • Qualys

- Vulnerability Management Self-Paced Training

- Patch Management Self-Paced Training

- Web Application Scanning Self-Paced Training

- Cloud Agent Self-Paced Training

- Qualys API Fundamental Self-Paced Training

TECHNICAL COMPETENCIES AND SKILLS:

  • Advanced understanding of Security Operations Center functions.
  • Advanced knowledge of security frameworks and standards.
  • Advanced technical and configuration knowledge across different security technologies.
  • Advanced knowledge of Microsoft Security Tools.
  • Strong knowledge of security technologies, including SIEM, IDS/IPS, endpoint security, and vulnerability management.
  • Advanced knowledge of cloud-based technologies and security policies.
  • Advanced understanding of data loss prevention (DLP), and identity and access management (IAM) techniques.
  • Advanced understanding of data governance, classification and privacy protection practices and techniques.
  • Advanced skill in developing policies, plans, playbooks, and procedures.
  • Critical thinking and Investigate know how
  • Advanced skill in Project management.
  • Advanced skills MS365 environment.

BEHAVIORAL COMPETENCIES:

  • Structured
  • Detail-Focused
  • Rational
  • Listening
  • Collaboration
  • Self-Development
  • Calm
  • Strategic
  • Direct
  • Influential
  • Striving
  • Ethics

Should you work from home, it is your responsibility to ensure that you have uninterrupted internet connectivity and a ‘work-like’ environment at your home location to deliver your best in terms of performance and productivity.

Share this job:
Please let Cyberlogic know you found this job on Remote First Jobs 🙏

4 similar remote jobs

Explore latest remote opportunities and join a team that values work flexibility.

View all jobs
Centorrino Technologies logo

Principal IRAP Assessor/Cyber Security Specialist

Centorrino Technologies

2 Months ago
Version 1 logo

Technology Principal (Security)

Version 1

Month ago
Telefónica Tech logo

Principal Lead Dynamics 365 F&SCM Consultant

Telefónica Tech

Month ago
Capco logo

Senior Sales & Alliances Executive

Capco

$191k-$225k 3 Months ago

Remote companies like Cyberlogic

Find your next opportunity with companies that specialize in Strategic It Services & Support, It Support, Managed It Services, and Network Management. Explore remote-first companies like Cyberlogic that prioritize flexible work and home-office freedom.

All companies
Centre Technologies Logo

Centre Technologies

201-500 centretechnologies.com

Managed, cloud, and cybersecurity services for businesses in Texas and Oklahoma.

View company profile →
CIO Solutions Logo

CIO Solutions

51-200 www.ciosolutions.com

Managed IT services provider supporting small to mid-sized businesses in Central California.

View company profile →
T-Tech Logo

T-Tech

51-200 www.ttech.co.uk

An award-winning IT Managed Service Provider specializing in supporting accountancy firms and professional services across the UK and Europe.

View company profile →
Dataprise Logo

Dataprise

201-500 www.dataprise.com

A managed IT services provider offering strategic IT solutions and support for organizations across the US.

View company profile →
Homefield IT Logo

Homefield IT

51-200 www.homefieldit.com

Technology solutions provider

View company profile →
Burwood Group Logo

Burwood Group

201-500 www.burwood.com

IT consulting and integration firm providing technology solutions and managed services to IT leaders.

View company profile →

Project: Career Search

Rev. 2026.6

[ Remote Jobs ]
Direct Access

We source jobs directly from 21,000+ company career pages. No intermediaries.

Search Jobs Post a Job
01

Discover Hidden Jobs

Unique jobs you won't find on other job boards.

02

Advanced Filters

Filter by category, benefits, seniority, and more.

03

Priority Job Alerts

Get timely alerts for new job openings every day.

04

Manage Your Job Hunt

Save jobs you like and keep a simple list of your applications.

21,000+ SOURCES UPDATED 24/7
Apply