THE OPPORTUNITY THAT AWAITS YOU

• Security alerts, escalations, and investigations across cloud and hybrid client environments
• Custom detections using KQL and Microsoft Sentinel
• Threat hunting projects aligned to MITRE ATT&CK
• SOAR playbooks and automation for faster, smarter response
• Dashboards, reporting, and detection logic tuning
• Engagement with client-side security and ops teams
• Collaborating with peers across UK, RSA, and global regions
•  

• Lead or support real-time incident triage, analysis, and containment
• Investigate advanced threats across multi-tenant or enterprise SOC environments
• Build and improve detection rules, alerts, and dashboards
• Develop and maintain response playbooks, integrating SOAR workflows
• Stay up to date with emerging threats, TTPs, and adversary techniques
• Represent the SOC team in stakeholder meetings and client reviews
• Mentor junior analysts and contribute to ongoing capability uplift

• 3–5+ years in a SOC or incident response function (MSSP experience a plus)
• Proven experience with Microsoft Sentinel, EDR tools, Azure Security, and KQL
• Familiar with SIEMs like Splunk, QRadar, LogRhythm, or Wazuh
• Understanding of cloud platforms like AWS, Azure, or GCP
• Strong grasp of MITRE ATT&CK, Cyber Kill Chain, and malware analysis fundamentals
• Experience automating security workflows using Logic Apps, Power Automate, or similar

• Thrives on complex investigations and “why did this happen?” thinking
• Strong documentation habits and a mindset of continuous improvement
• Ability to work independently while driving collaborative outcomes

• Confident communicator across technical and non-technical stakeholders
• Able to explain risk, impact, and response to senior decision-makers
• Comfortable managing multiple investigations across parallel client environments

Working Model: Remote-first (Cape Town based), aligned to UK business hours (RSA-based team)