Security Operations Centre Analyst
Tasks
- Build SOAR playbooks and enrichment pipelines
- Build tune and maintain SIEM detections
- Collaborate with platform engineering and SRE teams on misconfiguration and identity hygiene
- Create and maintain runbooks detection libraries and threat intelligence notes
- Develop and execute threat hunting hypotheses
- Develop log normalization and alert enrichment tooling
- Drive incident response scoping containment eradication recovery and post incident review
- Escalate first line alerts and coordinate with engineering teams
- Map adversary behavior to MITRE ATT&CK
- Monitor IAM network container serverless and data layer security signals
- Monitor and defend Microsoft 365 and Azure workloads
- Monitor triage and investigate security alerts
- Track emerging threats CVEs and threat actor TTPs
- Use AI for triage summarization log analysis and report drafting
- Validate detections with red team purple team exercises
- Write incident reports for technical and executive audiences
Perks/Benefits
- N/A
Skills/Tech-stack
AWS | Active Directory | Application Security | Azure | CI/CD | CSIRT | CTI | Cloud Security | Container Security | Defender XDR | Docker | Endpoint Security | Entra ID | GCP | Go | IAM | IaC | Incident Response | JavaScript | KQL | Kubernetes | LLM security | Log enrichment | MDR | Microsoft 365 | Microsoft Defender | Microsoft Defender XDR | Microsoft Sentinel | Mitre Attack | Network Security | OAuth | OIDC | Powershell | Prompt injection | Purple Teaming | Python | RAG | SIEM | SOAR | SOAR playbooks | Sigma | Terraform | Threat Intelligence | Threat hunting | TypeScript | Vector Stores | XDR | Yara
Education
N/A
Related jobs
-
Archer | Audit Support | Basel III | Dodd-Frank | Enterprise RiskFlexible working hours | Remote workMid-level Full TimeSouth Africa - Remote R1d ago
-
Endpoint protection | Incident Response | Network Monitoring | Penetration Testing | Risk AnalysisRemote workMid-level Full TimeSouth Africa, South Africa R4d ago
-
Compliance | Endpoint protection | Incident Response | Penetration Testing | Risk Analysis100 percent remote work | Remote team collaborationMid-level Full TimeSouth Africa, South Africa R4d ago
-
Security Engineer ZAR 745K-920KAuthentication | Authorization | CI/CD | Cloud Security | Container SecuritySenior-level Full TimeSandton - 1 Discovery Place, GT, …5d ago
-
Cyber Threat | Cyber Threat Intelligence | Digital forensics | Endpoint Forensics | ISO 20000Senior-level Full TimeCape Town, Western Cape, South Africa … R5d ago
-
Access Governance | Access Management | Application Security | EDR | Endpoint SecurityMid-level Full TimeCape Town, South Africa5d ago
-
Test Analyst-012-002 ZAR 480K-580KAPI Integration | API Testing | Application Security | Application Security Testing | Application TestingMid-level Full TimePlattekloof, Western Cape, South Africa6d ago
-
API Security | Access Management | Anonymization | By Design | Cloud SecuritySenior-level Full TimeRoodepoort, Gauteng, South Africa6d ago
-
Endpoint protection | Incident Response | Network Monitoring | Penetration Testing | Risk AnalysisRemote workMid-level Full TimeSouth Africa, South Africa R10d ago
-
AWS | Alerting | Automation | Azure | Cloud SecurityAfter hours incident support | Hybrid work | On-call rotationMid-level Full TimeBryanston, Johannesburg, Gauteng R12d ago
-
AI Assisted Security Tools | AI-assisted Security | Amazon Web Services | Cloud Security | Incident ManagementEntry-level Full TimeJohannesburg, GP, South Africa14d ago
-
Analyst, Cyber Threat Intelligence ZAR 400K-576KBlockchain Analysis | Cyber Threat | Cyber Threat Intelligence | Cybercrime | Dark WebEAP program | Fertility treatment leave | Flexible working hours | Gap cover policy | Headspace accessMid-level Full TimeSouth Africa19d ago
-
Security Operations Analyst ZAR 400K-480KApplication Firewall | Application Security | Bash | Cloud Identity | CrowdStrikeDisability insurance | Employee assistance program | Gap Cover | Gym reimbursement | Life insuranceMid-level Full TimeCape Town22d ago
-
Access Management | Audit trails | COBIT | Data Protection | EDRMid-level Full TimeCape Town, Western Cape, South Africa25d ago
-
SOC Analyst ZAR 360K-480KContent Filtering | Detection and Response | EDR | Endpoint Detection and Response | Endpoint detectionMid-level Full TimeSouth Africa - Remote R28d ago
-
Security Engineer ZAR 900K-1000KAWS | AWS EKS | AWS GuardDuty | AWS Security | AWS Security HubAutonomy and empowerment | Collaborative environment | Encouraging team environment | Flexible work practices | Learning SupportMid-level Full TimeKenya; Portugal; South Africa R29d ago
-
Access Control | Application Firewall | Azure Sentinel | Email Security | Endpoint protectionEligible for National Security ClearanceMid-level Full TimeCape Town, Western Cape, South Africa1mo ago
-
API Security | Access Management | Agile | CIS Benchmarks | Cloud SecuritySenior-level Full TimeJohannesburg, South Africa1mo ago
-
Security Engineer ZAR 480K-600KAV EDR Policy Tuning | AV/EDR | Amazon Web Services | Cloud platform | Correlation rulesCoursera subscription | Flexible PTO | Gym reimbursement | Internet allowance | Parental leaveMid-level Full TimeCape Town1mo ago
-
Associate Security Engineer ZAR 384K-516KAI Security | AI security tools | AWS | EDR | Email SecurityCoursera subscription | Flexible PTO | Gym reimbursement | Internet allowance | Mental health and wellness benefitsMid-level Full TimeCape Town1mo ago
-
AWS CloudWatch | AWS IAM | AWS Lambda | Account takeover | Adversary in the MiddleCareer growth | Collaborative fast paced team | Mentorship | Security conference attendance | Training programsSenior-level Full TimeCape Town, Western Cape, South Africa1mo ago
-
Level 1 Cyber Security Analyst ZAR 400K-450KBash | Cyber Kill Chain | Endpoint Security | Incident Triage | Kill Chain24/7 SOC team | Flexible work schedule | Knowledge transfer | Remote workEntry-level Full TimeJohannesburg, South Africa1mo ago
-
Exception Handling | IntelliJ | Java | Java Memory Management | Memory ManagementSenior-level Full TimeJohannesburg, GP, South Africa1mo ago
-
Access Governance | Application Security | Cloud Security | Ethical Hacking | Information securityMid-level Full TimeCape Town, WC, South Africa1mo ago
-
ARIS | AWS | Architecture Repository | Architecture governance | AuthenticationSenior-level Full TimeCape Town, WC, South Africa1mo ago