Job Description

Key Responsibilities:

Security Monitoring


Continuously monitor: Monitor security alerts and events from various sources, including Microsoft Sentinel, Defender for Endpoint and Defender for Cloud. Perform log management: Perform log ingestion, define use cases, and create alerts for critical assets. Develop Detection Rules: Create, implement, and fine-tune analytical rules, alerts, and queries in Microsoft Sentinel and Defender to detect security incidents and reduce false positives. Behavioural Analytics: Leverage user and entity behaviour analytics (UEBA) to identify abnormal activities and enhance detection capabilities. Customize Playbooks: Develop and customize automation playbooks in Sentinel and defender to streamline incident response processes and improve efficiency. Threat Hunting: Using IOCs and threat intelligence, perform threat hunting across environment. Create and maintain risk profiles for users, systems, and applications. Identify patterns, trends, and anomalies in security events to detect threats.
Incident Response


Analyze and investigate security incidents to identify potential threats. Respond promptly to security incidents, provide initial analysis, conduct business impact assessment, isolate, eradicate and recovery from threats. Document and report incidents, ensuring accurate and comprehensive records. Follow established incident response procedures, playbooks and contribute to their enhancement. Manage a Cybersecurity incident from end-to-end including stakeholder engagements, investigations, continuous feedback and report writing. Automate repetitive incident response tasks to streamline investigations, accelerate containment, and enhance threat intelligence enrichment.
Testing and Validation


Participate in BlueRedPurple team exercises. Participate in Cyber crisis simulations. Participate in Table-top exercises.
Business Context and Risk Management


Understand the Business value chain. Understand key Business processes. Understanding the Business architecture and mapping to crown jewels (critical assets) Risk management with the ability to conduct risk assessments when required.
EndPoint Detection and Response (EDR)


Manage and maintain endpoint security and compliance within agreed thresholds. Perform daily health checks endpoint security and EDR solutions and remediate accordingly. Conduct regular scans and assessments to identify and mitigate potential vulnerabilities. Collaborate with IT teams to ensure endpoint security configurations align with organizational standards. Work with threat intelligence teams to enhance EDR threat-hunting capabilities. Correlate EDR data with SIEM, XDR, and threat intelligence for deeper insights
Technology Leadership


Continuous improvement mindset Platform optimization Understanding of SaaS based budgeting and licensing models. Research and development. Deep technical experience
Communication and Collaboration


Incident reporting writing skills Create relevant dashboards, with the ability to create relevant KPIsKRIs and present to senior leadership. Presentations to senior leadership Engage with people from multi-cultural environments.

Qualifications and Experience:

Must have 4-6 years' experience in a SOC or Cybersecurity related role. Candidates with the following technology experiences will be preferred: Microsoft Defender XDR, EDR, JAMF, Symantec DCS, DNS, network security, Online Brand Protection platforms, Mimecast, Symantec DLP, Next DLP, FortiAnalyzer, Sophos, CrowdStrike and Azure Sentinel. Experience with common information technologies (Windows, VMware, and Cisco as well as some UNIX, Linux). Experience with security tools (WAF, Proxy, DNS, IDS, firewalls, anti-virus, data loss prevention, Azure Entra ID, IAM, PAM, MFA, NAC, DLP). Knowledge of Cloud Security Operations (SaaS, PaaS, IaaS), Mobile Architecture, Network and Application Security and/or Data Protection.

Skills:

Communication: Excellent written and verbal communication skills in English, with the ability to effectively communicate technical information to both technical and non-technical audiences. Collaboration: Willing and able to share knowledge and learn from colleagues Reporting skills: Outstanding written skills for preparing email feedback and incident reports Time Management: Ability to work in independent environments under aggressive timelines and pressure. Ability to manage stress and pressure. Passion for continuous learning and development A "go getter" who is willing to go the extra mile to identify problems and recommend innovative solutions.

Behaviours:

Action Oriented - readily takes on new challenges and opportunities with a sense of urgency and eagerness Communicates Effectively - conveys information and communicates ideas in a clear, concise and impactful manner Courage - confronts and tackles challenging situations with courage Decision Quality - consistently makes timely, well-rounded and informed decisions Ensures Accountability - takes accountability and ensures others are held to account on agreed upon performance targets Manages Complexity - interprets and simplifies complex and contradictory information when resolving organisational problems Plans and Aligns - develops plans and prioritises initiatives that align to the organisational goals and objectives Tech Savvy - leverages new technology to enhance productivity, improve problem solving, and support business growth

Preference will be given, but not limited to candidates from designated groups in terms of the Employment Equity Act.

#LI-YS1