Level 2 SOC Analyst
Location: Woodmead, Sandton
Job Type: Full-Time
Overview
We are hiring a proven, technically strong Level 2 SOC Analyst who can operate independently under pressure, take ownership of incidents, and drive them to resolution without constant supervision.
You will be expected to lead investigations, make defensible decisions, and close security gaps proactively. If you require step-by-step guidance or lack real-world incident handling experience, this role will not be a fit.
Key Responsibilities
- Own incident response end-to-end: triage, investigate, contain, eradicate, and document without escalation unless absolutely necessary.
- Perform deep-dive forensic analysis across endpoints, identities, cloud, and network layers.
- Correlate data across SIEM, EDR, IAM, and network tools to identify advanced threats and attacker behaviour.
- Eliminate false positives through tuning and optimization — not just escalating alerts.
- Conduct root cause analysis and produce clear, technically sound reports with actionable remediation steps.
- Actively hunt for threats using hypothesis-driven and intelligence-led approaches.
- Develop, maintain, and enforce high-quality playbooks — not generic documentation.
- Drive measurable improvements in detection capability and SOC efficiency.
- Mentor junior analysts, but without compromising your own output or performance.
- Challenge weak controls and poor practices — passively following process is not acceptable.
- Continuously tune and optimize SIEM rules and detection logic in collaboration with engineering teams.
- Operate effectively during high-pressure incidents, including after-hours escalation when required.
Required Skills and Qualifications
- Minimum 5+ years of hands-on SOC / incident response experience (not general IT support).
- Demonstrated experience handling real-world security incidents independently.
Strong working knowledge of:
- SIEM (e.g., Sentinel, Splunk)
- EDR/XDR (e.g., Microsoft Defender)
- IDS/IPS
- Threat intelligence platforms
Deep understanding of:
- Windows and Linux internals
- Networking fundamentals (TCP/IP, DNS, HTTP/S, etc.)
- Identity-based attacks and lateral movement techniques
Proven ability to analyse:
- Logs, memory artifacts, process execution, and authentication events
Experience with:
- Microsoft 365 Defender, Intune, Azure AD / Entra ID
- Working knowledge of MITRE ATT&CK framework and ability to map detections accordingly.
- Scripting/automation capability (PowerShell, Python, or KQL is expected — not optional).
Performance Expectations (Non-Negotiable)
- You must be able to handle multiple incidents simultaneously without loss of quality.
- You must produce clear, concise, and technically accurate reports — poor documentation will not be accepted.
- You are expected to reduce noise, not contribute to it.
- You must demonstrate initiative, ownership, and accountability at all times.
Preferred Qualifications (Strong Advantage)
Certifications such as:
- CySA+, CEH or equivalent
Microsoft Certifications:
- AZ-104
- SC-200
Experience with:
- Azure security and cloud-native threats
- Detection engineering and SIEM rule creation
- DevOps environments
Familiarity with frameworks:
- NIST, CIS, ISO 27001
What Will Disqualify You
- Only theoretical knowledge without hands-on incident response experience
- Inability to explain past incidents you have handled in detail
- Reliance on escalation instead of investigation
- Weak understanding of logs, attack techniques, or detection logic
Application Requirements
Submit your CV along with clear examples of incidents you have handled, including:
- Tools used
- Investigation approach
- Outcome and remediation
Artificial Intelligence Innovation:
Join Netsurit at the forefront of AI transformation—where technology meets ambition. Help us design, implement, and scale intelligent solutions that empower our clients to automate processes, uncover insights, and accelerate growth. Leverage tools like Microsoft Copilot, Azure AI, and custom machine learning models to turn data into meaningful business outcomes. Be part of a team thats shaping the future of AI-powered innovation.
Note to Agencies: Principals only. No recruiters, no agencies, no unsolicited services.