Security Incident and Event Management Administrator



Job Title

Security Incident and Event Management Administrator



Organization Name

BSTD – Cyber Security Operations

Department Description

Business Solutions and Technology Department

Brief Description

The main purpose of this position is to administer, maintain and support the Cyber Security Incident and Event Management (SIEM) and Security Orchestration, Automation and Response (SOAR) monitoring, detection, response and automation capabilities of the South African Reserve Bank (SARB) Group.

Detailed Description

The successful candidate will be responsible for the following key performance areas:


·            Define own work plan and deliverables with guidance from the Senior Team Lead: Security Operations Centre (SOC) and prioritise delivery of own outputs against the agreed work plan.

·            Keep abreast of new and changing SIEM/SOAR architectures and technologies.

·            Administer the SIEM/SOAR platform by providing access, and assigning privileges and rule maintenance.

·            Optimise SIEM/SOAR performance through health checks, scheduled maintenance, version updates, patching and recommended configuration.

·            Support incident handlers and operators through advanced searches and configuration change verification.

·            Build and maintain a use case library to track SIEM use cases, rules and alerts.

·            Provide operational, management and audit support through reporting and dashboard creation.

·            Support the Cyber Incident Response and Investigations Section through the provision of information via data extraction.

Job Requirements

To be considered for this position, candidates must be in possession of:


·       a National Diploma (NQF 6) in Information Technology or an equivalent qualification; and

·       three to five years’ job-related experience in SIEM/SOAR platforms.


Additional requirements include:


·       proficiency in English (verbal and written);

·       industry, organisational and business awareness ;

·       quality assurance;

·       continuous improvement;

·       continued learning and/or professional development;

·       information technology (IT) transformation and innovation           ;

·       IT governance, risk and compliance;

·       testing; and

·       capacity and performance management.

How To Apply

All interested parties are invited to apply.


Internal applicant: Please note that internal applicants MUST apply through the ERP system. Apply now.


External applicant: External applicants MUST apply online, via


·            All available vacancies will be visible.

·            Please follow the links: Work@SARB>Current vacancies.

·            Login>

o  Is this your first visit to our Job Site?>Register today (Ensure that you include all your skills and qualifications during the registration process.); OR

o  Already registered on our Job Site?>Already registered?>Login here

·            Date posted>Last 3 weeks (in the dropdown menu)

·            Select the appropriate IRC number to view the full advertisement.


Do not enclose copies of your identity document or qualifications with your application.


Shortlisted applicants will be subjected to a psychometric assessment, an appropriate reference check and a security clearance as part of the selection process.


The closing date for applications is 12 March 2021. Late applications will not be considered.


In line with the SARB’s commitment to diversifying its workforce, preference will be given to suitable candidates from designated groups. People with disabilities are welcome to apply.


The SARB offers remuneration and benefits commensurate with the level of the position and in line with the market. The level at which the successful applicant will be appointed will depend on his/her experience and competence.


Ms Sarah Molomo

Senior Manager: Recruitment and Selection

Human Resources Department