Level 2 Security Operations Center (SOC) Analyst, (Johannesburg, Gauteng) – Permanent
We are seeking a skilled and motivated Level 2 Security Operations Center (SOC) Analyst with a strong focus on Microsoft Sentinel. As a member of our security team, you will be responsible for analysing, investigating, and responding to security incidents and alerts, with a particular emphasis on leveraging Microsoft Sentinel for threat detection and response.
This role requires a deep understanding of cybersecurity principles, incident response methodologies, and experience in working with security information and event management (SIEM) tools, particularly Microsoft Sentinel.
Key Responsibilities:
- Monitor and analyse security events and alerts in Microsoft Sentinel, proactively identifying potential security incidents and threats.
- Investigate and triage security incidents to determine their severity, impact, and root cause.
- Conduct in-depth analysis of security events, logs, and network traffic to identify indicators of compromise (IOCs) and potential threats.
- Develop and maintain standard operating procedures (SOPs) and playbooks for security incident response in collaboration with the SOC team.
- Collaborate with cross-functional teams, including threat intelligence, network security, and incident response, to develop and implement effective security measures and controls.
- Provide timely and accurate reports on security incidents, including the analysis of trends and patterns, to management and relevant stakeholders.
- Participate in the continuous improvement of security monitoring and response processes, suggesting enhancements and implementing best practices.
- Stay updated on the latest cybersecurity threats, vulnerabilities, and industry trends, and apply this knowledge to enhance security monitoring capabilities.
- Assist in the training and mentorship of Level 1 SOC analysts, sharing knowledge and expertise in Microsoft Sentinel and other relevant security technologies.
- Support incident response activities, including containment, eradication, and recovery, as needed.
Essential Competencies:
- Strong experience in security operations and/or incident response
- Solid understanding of cybersecurity principles, attack vectors, and common security threats.
- Proficiency in working with Microsoft Sentinel, including advanced querying, rule creation, and playbook development.
- Familiarity with security information and event management (SIEM) tools and technologies.
- Experience with log analysis, network traffic analysis, and host-based forensics.
- Knowledge of industry frameworks and standards, such as NIST Cybersecurity Framework or MITRE ATT&CK.
- Excellent analytical and problem-solving skills, with the ability to think critically and make decisions under pressure.
- Strong communication and collaboration skills, with the ability to effectively interact with cross-functional teams and stakeholders.
- Relevant certifications, such as CompTIA Security+, Microsoft SC-200, eJPT, PNPT, OSCP, SOC-200, BTLO-1
Location & Type e.g. Remote/ Hybrid:
- Johannesburg, Gauteng (Hybrid)
Minimum Requirements:
- 3+ Years of experience with working in a security role (Microsoft Security experience beneficial)
Do you have what it takes? Contact Kivara Rajgopal on [Email Address Removed] or [Phone Number Removed];
Desired Skills:
- SOC
- Microsoft
- Sentinel
- Cybersecurity
- SIEM
Desired Qualification Level:
- Diploma