L2 Security Operations Centre (SOC) Analyst

Cape Town, Apex House, South Africa

Apex Group

We are your single source financial solution provider. Our services include - corporate services, fund services, ESG, digital corporate banking & Man-co service

View all jobs at Apex Group

Apply now Apply later

The Apex Group was established in Bermuda in 2003 and is now one of the world’s largest fund administration and middle office solutions providers.

Our business is unique in its ability to reach globally, service locally and provide cross-jurisdictional services. With our clients at the heart of everything we do, our hard-working team has successfully delivered on an unprecedented growth and transformation journey, and we are now represented by over circa 13,000 employees across 112 offices worldwide.Your career with us should reflect your energy and passion.

That’s why, at Apex Group, we will do more than simply ‘empower’ you. We will work to supercharge your unique skills and experience.

Take the lead and we’ll give you the support you need to be at the top of your game. And we offer you the freedom to be a positive disrupter and turn big ideas into bold, industry-changing realities.

For our business, for clients, and for you

Role Purpose
The L2 SOC Analyst plays a critical role in Apex Group’s global cyber defense capabilities. This role is responsible for monitoring, triaging, and analyzing security alerts, assisting with containment actions, and ensuring credible threats are escalated promptly and accurately. All investigative work must be documented within ServiceNow in alignment with incident handling procedures. The L2 Analyst supports continuous monitoring across Apex’s cloud, endpoint, identity, and network environments using approved enterprise security tools.

Key Responsibilities

  • Monitor and triage alerts from SIEM, EDR, and email/cloud security platforms.
  • Investigate security events by correlating telemetry from multiple data sources.
  • Escalate validated security incidents with appropriate context and investigative findings.
  • Assist in executing containment actions such as account disablement or host isolation as instructed by senior analysts.
  • Document all activities, analysis steps, and decisions in ServiceNow with completeness and audit readiness.
  • Collaborate with engineering and detection teams to refine detection logic and reduce false positives.
  • Contribute to SOC runbooks, standard operating procedures, and daily handover
  • documentation.
  • Participate in regular shift handovers and cross-regional coordination within the GSOC model.

Technology Environment

  • SIEM: Exabeam Advanced Analytics
  • Endpoint Detection and Response: Microsoft Defender for Endpoint, Identity, and Email
  • Email Security: Mimecast, Tessian
  • Threat Intelligence: Microsoft Defender Threat Intelligence (MDTI) and integrated sources
  • within Exabeam and Microsoft 365 Security
  • Case Management: ServiceNow
  • Collaboration and Documentation: Microsoft Teams, Confluence.

Required Skills and Experience

  • Minimum 2–3 years of experience in a Security Operations Centre (SOC) or equivalent cyber monitoring role.
  • Strong understanding of cybersecurity concepts, attack techniques, and threat frameworks such as MITRE ATT&CK.
  • Experience working with SIEM and EDR tools in enterprise environments.
  • Familiarity with common log formats (Windows, Linux, cloud services) and basic network

Security principles.

  • Ability to assess the severity and impact of security events and respond appropriately.
  • Strong written and verbal communication skills with a focus on clear and structured escalation reporting.
  • Willingness to participate in rotational or hybrid shift models based on operational requirements.

Preferred Certifications

  • CompTIA Security+ or CySA+
  • Microsoft Certified: Security Operations Analyst Associate (SC-200)
  • SANS GIAC certifications such as GCIH or GCIA (preferred but not mandatory

Performance Metrics

  • Mean Time to Triage (MTTT)
  • Escalation accuracy and incident quality.

Disclaimer: Unsolicited CVs sent to Apex (Talent Acquisition Team or Hiring Managers) by recruitment agencies will not be accepted for this position. Apex operates a direct sourcing model and where agency assistance is required, the Talent Acquisition team will engage directly with our exclusive recruitment partners.

Apply now Apply later

* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰

Job stats:  2  0  0

Tags: Analytics Cloud CompTIA Confluence Cyber defense EDR Exabeam GCIA GCIH GIAC Linux MITRE ATT&CK Monitoring Network security SANS SIEM SOC Threat intelligence Windows

Perks/benefits: Team events

Region: Africa
Country: South Africa

More jobs like this

Explore more career opportunities

Find even more open roles below ordered by popularity of job title or skills/products/technologies used.