Job Title

Tier 2 Security Analyst

South Africa, Western Cape
Back to jobs
Market Related
Area: South Africa, Western Cape
Sector: Recruitment
Posted: 13 May 2024

Job Details

A company providing secure cloud transformation by combining Microsoft cloud technology with cyber security, and managed services is looking for a T2 Security Analyst in Cape Town to assist the SecOps Tech Lead and Head of Security Operations in enhancing the SOC & SOAR operations within the company. 

The Security Analyst will collaborate closely with other teams to build services and solutions that align with security best practices and client assurance requirements. This includes, but is not limited to, the use of Microsoft Sentinel, Microsoft Defender for Endpoint, Microsoft Defender for Cloud, and all other MS Security Stacks 

The primary responsibility of the Senior Security Analyst role is to carry out operational SOC and SOAR activities as directed by the SecOps Tech Lead and Head of Security Operations. This includes monitoring and responding to incidents and alerts within the D3 platform and also Microsoft Sentinel which will include escalations from Security Analysts within the team.  The successful candidate will leverage their strong KQL knowledge to drive threat hunting and tuning, effectively closing down incidents with comprehensive documentation. Furthermore, they will contribute to the efficient day-to-day operations of the SOC, focusing on personnel, processes, and technology. With a solid foundation in Security, IT Administration and an understanding of common corporate technologies, they will ensure all client SLAs are met, maintaining consistently high client satisfaction scores. 

They will be required to work with all members of the Security Operations Team to ensure all SOC & SOAR operational tasks are completed on time and work tickets updated / closed with comprehensive technical details included. Where appropriate they will escalate suspicious / malicious events to senior team members of the team as well as Managed Services and / or client incident response personnel, in order to identify, contain and remediate active threats. They will also be required to develop and update operational documentation, as necessary as well as deliver Monthly Service reports to clients. 

Senior Security Analysts will be comfortable engaging at both technical and non-technical levels, contributing as required in technical workshops and client briefings / service reviews. They will be working in an incredibly passionate environment, with great people, in which they can actively contribute to develop and deliver the company’s SOC & SOAR capability. 

Location: Hybrid, Cape Town, South Africa 


Strategy and Leadership: 

  • This is not a leadership role though you will be expected to mentor and support Junior Colleagues. 

Technical Specialism: 

  • Advanced knowledge and experience with Microsoft Sentinel, Microsoft Defender for Endpoint, and Microsoft Defender for Cloud  
  • Familiarity with other Microsoft Security Stacks and a broad understanding of common corporate technologies. 
  • A sound knowledge of Azure infrastructure & technologies 
  • Proficient in using KQL (Kusto Query Language) for threat hunting and other security-related investigations. 
  • Experience in IT administration, preferably within a Security Operations Center (SOC) environment. 
  • Experience in incident response and handling, including detailed incident reporting and documentation. 
  • Ability to analyze complex data and security logs to identify cyber security threats.  
  • Ability to communicate in both technical and non-technical terms, tailoring approach to the audience 
  • Self-motivated learner of technologies and methodologies to support best practice. 
  • Actively contributing to knowledge sharing across the business. 

Security Operations: 

  • Act as an operational point of contact during significant cyber security events 
  • Assist in the support of major incident handling within the SOC, and where applicable for clients 
  • Provide support and guidance regarding monitoring activities 
  • Provide “hands on” resource, working to ensure the company’s objectives and client SLA targets are achieved. 
  • Provide input and support for stakeholder communication. 
  • Assist and support the implementation of security controls, threat protection etc for both the company and its clients 
  • Assist and support the building and maintenance of security tools and applications e.g., MS Sentinel, MS Defender for Endpoint, and the other elements of the Defender suite 
  • Support other Security Analysts and clients on rules/policies/filters/use cases and SOC tooling. 
  • Assist with the implementation of improvements as part of on-going service enhancement or “lessons learned” following incident investigation (cause and affect). 
  • Assist in the review of incident closures, post incident reports and act upon improvements identified 
  • Undertake Threat Hunting, to include the development of queries to support improvements to the identification of undetected threats on client estates. 
  • Contribute to team development through knowledge sharing, briefing and production of guides, incident scenarios and playbooks. 
  • Show flexibility in developing knowledge of supporting areas and performing their responsibilities during times of operational need. 
  • Maintain currency in relation to security concepts, tools and best practices 

Business Operations: 

  • Ability to work effectively with internal systems such as Kimble, Teams, SharePoint and Office 365. 
  • Effective personal resource and time management with a commercial approach to work. 
  • Working remotely, or on site 
  • Willingness to be part of an on-call rota for out-of-hours escalations 

Delivery and KPIs: 

  • Contribute to the full lifecycle of client solutions and service offerings, from proposition through to delivery and support and maintenance 
  • Communicate technical solutions in a clear, and concise approach for a variety of audiences from both a technical and business background. 
  • Contribute to well written and professional documentation, performance, and client reports. 
  • Assist the SecOps lead and Head of Security Operations in development of new service offerings, procedures, techniques, and policies. 
  • Assist in the training and development of the security operations team. 
  • Promoting and practicing high quality outcomes across all aspects of work 


  • • ITIL V3 
  • • CompTIA Security (or equivalent) 
  • • CompTIA Network (or equivalent) 
  • • SC-200, SC-300, SC-400 
  • • Blue Team Level 1 / 2 


  • Demonstrable experience of operating within a security operations function. 
  • Strong IT Security knowledge, understanding the balance of business objectives and information security 
  • Strong KQL understanding 
  • Experience with or understanding IT Infrastructure – Windows / Linux Servers, Firewalls etc 
  • A technical understanding of the security components and their impact. 
  • Experience with or understanding of Microsoft’s security stack, technologies – Microsoft Sentinel, Microsoft Defender suite etc 
  • Good working knowledge of multiple SOC tooling including SIEM / SOAR 
  • Good understanding of network methodologies and OSI Model layers. 
  • Good understanding of network technologies, Routers, Switches, Firewalls, ID/IPS, WAF & Proxy’s etc. 
  • Experience of working at technical levels within a Security Operations service. 
  • Demonstrable ability to troubleshoot and fault find technical issues. 
  • Good communication and report writing skills. 
  • Knowledge of Backup and Disaster Recovery methodologies. 


  • Experience in supporting and assisting a Senior Incident Responder 
  • Willingness to work shifts (including unsociable hours and bank holidays) as part of 24×7 team working is desirable