Security Operations Centre Analyst
Tasks
- Build SOAR playbooks and enrichment pipelines
- Build tune and maintain SIEM detections
- Collaborate with platform engineering and SRE teams on misconfiguration and identity hygiene
- Create and maintain runbooks detection libraries and threat intelligence notes
- Develop and execute threat hunting hypotheses
- Develop log normalization and alert enrichment tooling
- Drive incident response scoping containment eradication recovery and post incident review
- Escalate first line alerts and coordinate with engineering teams
- Map adversary behavior to MITRE ATT&CK
- Monitor IAM network container serverless and data layer security signals
- Monitor and defend Microsoft 365 and Azure workloads
- Monitor triage and investigate security alerts
- Track emerging threats CVEs and threat actor TTPs
- Use AI for triage summarization log analysis and report drafting
- Validate detections with red team purple team exercises
- Write incident reports for technical and executive audiences
Perks/Benefits
- N/A
Skills/Tech-stack
AWS | Active Directory | Application Security | Azure | CI/CD | CSIRT | CTI | Cloud Security | Container Security | Defender XDR | Docker | Endpoint Security | Entra ID | GCP | Go | IAM | IaC | Incident Response | JavaScript | KQL | Kubernetes | LLM security | Log enrichment | MDR | Microsoft 365 | Microsoft Defender | Microsoft Defender XDR | Microsoft Sentinel | Mitre Attack | Network Security | OAuth | OIDC | Powershell | Prompt injection | Purple Teaming | Python | RAG | SIEM | SOAR | SOAR playbooks | Sigma | Terraform | Threat Intelligence | Threat hunting | TypeScript | Vector Stores | XDR | Yara
Education
N/A
Related jobs
-
Security Engineer ZAR 550K-720KArtificial Intelligence | CIS Top 18 | CIS Top? | IAM | ISO 27001Annual leave | Bi annual work retreats | Daily team lunches | Employee assistance program | Equipment providedSenior-level Full TimeSouth Africa1d ago
-
Platform Security Engineer ZAR 880K-1000KAWS | Access Control | Access Management | Audit Logging | Container SecuritySenior-level Full TimeNigeria, Ghana, Kenya, South Africa1d ago
-
Application Security Engineer ZAR 500K-600KAPI Security | AWS | Application Security | Azure | BashMid-level Full TimeNigeria, Kenya, Ghana, South Africa1d ago
-
Bash | Cyber Security | Data Privacy | Digital forensics | FirewallMid-level Full TimeCape Town2d ago
-
Information Security Analyst ZAR 396K-480KAPI Security | AWS Security | Access Management | Awareness Training | Azure SecurityMid-level Full TimeSouth Africa R4d ago
-
API Security | AWS | Application Security | Azure | BashEquity compensation | Full medical coverage | Generous leave | Hybrid working environment | Sabbatical policiesMid-level Full TimeLagos7d ago
-
IT Security Architect ZAR 780K-900KAPI Security | AWS | Access Management | Application Security | Architecture governanceSenior-level Full TimeJohannesburg, South Africa7d ago
-
Archer | Audit Support | Basel III | Cyber Risk | Dodd-FrankFlexible reporting hours | Remote workMid-level Full TimeSouth Africa - Remote R7d ago
-
Active Directory | Agile | Azure Functions | DNS | Entra IDSenior-level ContractPretoria, South Africa8d ago
-
Active Directory | Connectwise | DHCP | DNS | FirewallImmigration sponsorship opportunities | Paid time off | Tenure incentivesMid-level Full TimeCape Town, Western Cape, South Africa9d ago
-
Mid-level Full TimeStellenbosch, ZA14d ago
-
Security Operations Engineer ZAR 480K-540KAzure | EDR | GDPR | ISO 27001 | Incident ResponseEmployee wellness | Hybrid workMid-level ContractCape Town, South Africa15d ago
-
Cyber Security Operations Engineer ZAR 480K-540KAzure | Cloud Security | EDR | GDPR | ISO 27001Career development opportunities | Employee wellness benefits | Hybrid workingMid-level ContractCape Town, South Africa15d ago
-
SOC Intern, Cape Town ZAR 240K-240KEDR | Firewalls | IDS | IPS | Incident ResponseEAP Programme | Flexible working hours | Holiday | Hybrid working | Life insuranceEntry-level InternshipCape Town19d ago
-
Security Engineer - South Africa ZAR 700K-860KAWS | Azure | Bash | Cloud Integration | Data PipelinesCareer progression reviews | Enhanced pension scheme | Hybrid working model | MacBook provided | Personal learning and development budgetSenior-level Full TimeSouth Africa - Remote R21d ago
-
Cyber Threat | Cyber Threat Intelligence | Digital forensics | Endpoint Forensics | ISO 20000Senior-level Full TimeCape Town, Western Cape, South Africa … R25d ago
-
Access Governance | Access Management | Application Security | EDR | Endpoint SecurityMid-level Full TimeCape Town, South Africa26d ago
-
AWS | Alerting | Automation | Azure | Cloud SecurityAfter hours incident support | Hybrid work | On-call rotationMid-level Full TimeBryanston, Johannesburg, Gauteng R1mo ago
-
AI Assisted Security Tools | AI-assisted Security | Amazon Web Services | Cloud Security | Incident ManagementEntry-level Full TimeJohannesburg, GP, South Africa1mo ago
-
Access Management | Audit trails | COBIT | Data Protection | EDRMid-level Full TimeCape Town, Western Cape, South Africa1mo ago
-
SOC Analyst ZAR 360K-480KContent Filtering | Detection and Response | EDR | Endpoint Detection and Response | Endpoint detectionMid-level Full TimeSouth Africa - Remote R1mo ago
-
Security Engineer ZAR 900K-1000KAWS | AWS EKS | AWS GuardDuty | AWS Security | AWS Security HubAutonomy and empowerment | Collaborative environment | Encouraging team environment | Flexible work practices | Learning SupportMid-level Full TimeKenya; Portugal; South Africa R1mo ago
-
Access Control | Application Firewall | Azure Sentinel | Email Security | Endpoint protectionEligible for National Security ClearanceMid-level Full TimeCape Town, Western Cape, South Africa1mo ago