Posted: 9 June 2026
Job Details
Purpose of the Role
This role leads advanced cyber defense initiatives for our Cape Town clients, focusing on Microsoft Defender and Sentinel deployments, incident response leadership, and complex threat management. Responsible for mentoring staff and continuously improving detection and response capabilities.
Experience and Skills Required
- Microsoft Certifications mandatory SC200 SC100 MS500 AZ500
- 5+ years in cyber security operations, incident management, and SIEM engineering
- Deep expertise with Microsoft Defender (all modules), Sentinel SIEM, and cloud security automation
- Proven experience designing, tuning, and integrating advanced detection and response workflows
Technical Skills
- Mastery of Sentinel SIEM and Defender engineering (integration, automation, threat intelligence)
- Expert scripting (KQL, PowerShell), playbook development, and automation
- Experience in complex incident management, digital forensics, and malware reverse engineering
- Strong knowledge of cloud, endpoint, and identity security solutions
Certifications (Mandatory)
- SC-200, SC-100, MS 500, AZ500
- CISSP, CISM, or equivalent (advantageous)
Required Skills & Competencies
- Advanced analytical and technical problem-solving
- Mentorship and leadership ability
- Strong presentation and executive reporting skills
- Familiarity with global compliance (NIST, SOC2, ISO27001)
Communication & Collaboration
- Ability to communicate advanced security topics to technical and non-technical stakeholders
- Collaborative, proactive approach to team leadership and project management
Personal Attributes
- Strategic thinking, continuous improvement mindset
- Resilience and adaptability under pressure
Reporting Structure
- Reports to Head of Security / CISO
- Leads engineers and SOC analysts
Key Responsibilities
- Cyber Defense Leadership
- Architect and optimize Microsoft Defender/Sentinel deployments
- Lead major incident investigations and threat remediation
Threat Intelligence & Detection Design
- Design advanced rules/playbooks
- Integrate external threat intelligence and hunting methodologies
Team Mentorship & Technical Enablement
- Coach junior engineers and analysts
- Lead technical improvement projects
Note Technically you need to know:
Endpoint Security & Management
- Ensure endpoint coverage and compliance
- Configuration management
- Attack Surface Reduction (ASR) management
- Endpoint firewall and network protection
- Vulnerability and baseline management
- Threat detection, alert handling, and incident response
- Update management, patching, and health monitoring
- Exclusion management
- Policy and compliance management
- EDR integration and ecosystem management
- Lifecycle management
- Reporting
Identity & Access Security
- Ensure sensor coverage and compliance
- Monitor high-value identity activity
- Manage and maintain identity protection policies and governance
- Threat intelligence and alert management
- Exposure management
- Integration and logging
- Configuration management and performance monitoring
- Identity governance
- Compliance reporting
- Domain authentication control management
Email & Collaboration Security
- Anti-spoofing policies
- Malware protection
- Phishing protection
- Mailbox intelligence
- Safe Attachments and Safe Links
- Anti-spam and threat detection
- Investigations and incident response
- Collaboration application protection
- Configuration management and hardening
- Ongoing operations and maintenance
Data & Platform Security
- Data protection and storage security
- Platform security and configuration management
- Threat detection, monitoring, and logging
- Identity and access logging (auditability)
- Governance, compliance, and risk management




