Security Incident Response and Forensic Manager - Gauteng, Pretoria

Security Incident Response and Forensic Manager - Gauteng, Pretoria

Gijima Staffing Solutions is responding to a tender: We are seeking a Security Incident Response and Forensic Manager is responsible for leading and managing the organization's incident response efforts and digital forensic investigations. This role ensures timely and effective responses to cybersecurity incidents, minimizing the impact on operations while preserving evidence for post-incident analysis. The ideal candidate will have a deep understanding of cybersecurity, incident response frameworks, and forensic investigation techniques.
Key Responsibilities:

- Incident Response Management:Lead and manage the full incident response lifecycle, including detection, analysis, containment, eradication, and recovery.





Coordinate with various teams to ensure quick and efficient response to security breaches.
- Forensic Investigation:Conduct detailed forensic investigations to determine the root cause of security incidents. Collect, analyze, and preserve evidence in accordance with industry best practices and legal requirements.
- Incident Escalation & Coordination:Work closely with internal teams, external partners, and law enforcement agencies to coordinate incident response efforts. Ensure proper escalation of high-severity incidents to leadership and key stakeholders.
- Post-Incident Analysis & Reporting:Perform post-incident reviews to assess the effectiveness of the response and identify areas for improvement. Create detailed incident reports for executive leadership and provide recommendations to prevent recurrence.
- Threat Intelligence & Hunting:Leverage threat intelligence data to proactively identify risks and improve incident detection capabilities.





Conduct threat-hunting activities to discover potential vulnerabilities before they are exploited.
- Security Playbook Development:Develop and maintain incident response playbooks and standard operating procedures (SOPs) to ensure consistent handling of security incidents.
- Team Leadership & Training:Lead and mentor the incident response and forensic teams, providing training on the latest threats, attack vectors, and forensic techniques. Ensure team members are equipped to handle complex incidents.
- Compliance & Legal Considerations:Ensure that all incident response and forensic activities comply with regulatory requirements (e.g., GDPR, POPIA) and legal standards for evidence handling. Collaborate with legal teams during investigations when necessary.

Required Qualifications and Skills:

- Education:






- Bachelor's Degree in Cybersecurity, Information Technology, Digital Forensics, or a related field.
- Certifications such as CISSP, CISM, GIAC Certified Incident Handler (GCIH), GIAC Certified Forensic Analyst (GCFA), or Certified Ethical Hacker (CEH) are preferred.

Experience:

- Minimum of 4 years of experience in incident response, digital forensics, or cybersecurity operations.
- Experience in managing or leading incident response teams.

Technical Skills:

- Proficiency in digital forensics tools such as EnCase, FTK, X-Ways, or Autopsy.
- Expertise in incident response tools (e.g., SIEM platforms like Splunk, IBM QRadar, or ArcSight).
- Knowledge of malware analysis, memory forensics, and network traffic analysis.






- Familiarity with intrusion detection systems (IDS/IPS), endpoint security tools, and threat intelligence platforms.
- Understanding of incident response frameworks such as NIST, SANS, or MITRE ATT&CK.;

Soft Skills:

- Strong analytical and problem-solving skills.
- Excellent communication and leadership abilities.
- Ability to work under pressure and manage multiple incidents simultaneously.

Tools & Technologies:

- Incident Response Tools: Splunk, IBM QRadar, ArcSight, FireEye, Carbon Black
- Forensic Tools: EnCase, FTK, Autopsy, X-Ways, Volatility, Wireshark
- Threat Intelligence: Recorded Future, AlienVault, ThreatConnect
- Endpoint Security: CrowdStrike, McAfee, Symantec

Additional Considerations:







- Experience with managing high-severity incidents in large or complex environments is preferred.
- Experience with cloud incident response and forensics (AWS, Azure) is a plus.
- Knowledge of legal frameworks for digital evidence handling and chain of custody is an advantage.

Desired Skills:

- AWS
- SPlunk
- SIEM

▶️ Security Incident Response and Forensic Manager - Gauteng, Pretoria
🖊️ Gijima Holdings
📍 Pretoria