Key skills
AWSCloudKubernetesLinuxPythonBashPowerShellIAMSaaSCollaborationCloud Security
About this role
Role Overview
- Investigate and respond to security incidents across endpoints, networks, and cloud environments
- Lead threat hunts to uncover malicious activity beyond automated alerts
- Refine and tune SIEM, IDS/IPS, and EDR detections to reduce false positives
- Analyse logs and network traffic to uncover patterns and attack techniques
- Support vulnerability management, working with Engineering to prioritise and remediate risks
- Research emerging threats and apply threat intelligence to improve defences
- Contribute to runbooks and playbooks that raise the team’s effectiveness
- Identify process gaps and recommend improvements with data-driven evidence
- Generate actionable reports and insights to improve detection and prevention
Requirements
- Core experience (minimum 2 years):
- Experience working in a SOC or similar IT security and network operations environment, with confidence investigating incidents end-to-end and producing clear, actionable reports
- Hands-on use of Wazuh (or similar SIEM/IDS) for log analysis, detection, correlation, and tuning custom detection rules
- Exposure to endpoint detection and response (EDR) platforms (e.g., SentinelOne) and ability to analyse network traffic to identify anomalies or attack patterns
- Basic scripting skills (Python, Bash, or PowerShell) to automate investigations and improve efficiency
- Experience supporting vulnerability management (e.g., reviewing scan results, collaborating on remediation, or assessing risks in codebases)
- Familiarity with security monitoring practices to support compliance frameworks such as ISO27001
- Mindset and behaviours:
- Takes ownership of investigations and projects, delivering high-quality outcomes.
- Open to feedback and transparent about gaps or mistakes.
- Proactively improves tools, processes, and detection coverage.
- Bonus if you have:
- Experience with AWS security monitoring and incident response (CloudTrail, GuardDuty, IAM).
- Experience with Wiz or similar tool for cloud security posture management and vulnerability detection
- Security certifications (e.g. AWS Security Specialty)
- Strong understanding of networking and operating systems (Windows/Linux)
- Hands-on experience with container or Kubernetes security and SaaS Security Posture Management (SSPM)
Tech Stack
- AWS
- Cloud
- Kubernetes
- Linux
- Python
Benefits
- Unlimited holidays – we want well rested and motivated teams so encourage people to take plenty of time off. We don’t cap your allowance, but do set a minimum of at least 20 days per year plus national holidays
- Three company-paid mental health days of rest every year (these are pre-scheduled, so the entire company can take the same days off regularly to reset)
- Thoughtfully designed offices to support both individual work and collaboration without interrupting others
- Private medical healthcare cover
- Medical Aid
- Group risk, life & disability contributions
- Wellbeing benefits such as free yoga and access to trained therapists / counsellors
- Paid 24h secure parking in Cape Town
- Free coffee, lunches and in-office snacks
- Tailored personal development through training allowances, coaching, mentorship and career frameworks