37 Soc Analyst jobs in South Africa

The opportunity that awaits you:

Are you obsessed with uncovering digital threats, fine-tuning detection strategies, and architecting bulletproof incident response plans? Then stop scrolling—this is the opportunity you've been hunting for.

Join one of South Africa's fastest-growing security enterprises as they expand their elite Security Operations Centre (SOC). They are not just building a team—they are assembling a cyber defence force.

As a Senior SOC Engineer, you won't just monitor—you'll lead. You'll be the subject matter expert in SIEM and next-gen cyber defence, driving proactive threat hunting, rapid incident response, and high-impact client engagement. Your insights will shape Managed Detection and Response (MDR) capabilities, and your mentorship will elevate the next wave of analysts.

Your key responsibilities:

• Lead Level 3 escalation and incident response efforts
• Enrich threat intelligence and validate detection hypotheses
• Author and execute advanced threat hunting strategies
• Serve as CSIRT Secretary for complex investigations
• Conduct deep technical analysis of security events across network, endpoint, and log sources
• Mentor Detection and QA layers, driving R&D enhancements
• Maintain and optimize IRPs and SLAs for MDR services
• Collaborate with cross-functional teams and third-party vendors
• Enhance defence playbooks and partner training modules

Our required expertise:

• Degree or Diploma in Computer Science
• Proven experience in SOC operations (Defensive & Offensive)
• Strong knowledge of:
• SIEM platforms and detection engineering
• Network architecture and system administration
• Endpoint security (EDR/XDR), IAM, and cloud services (IaaS/SaaS)
• Threat analysis, risk triage, and attacker tradecraft
• Familiarity with ISO27001, NIST, CIS, Mitre ATT&CK (beneficial)
• Scripting skills (Python, Bash, PowerShell – advantageous)
• Industry certifications (CISSP preferred or in progress)
• Valid driver's license or reliable transport (beneficial

Reward:
R400K -R500K

Please apply to directly or on our website
)

For more roles, please have a look at our website ). or follow us on LinkedIn ) and Instagram (@60d_sixtydegrees).

The ideal candidate for this position is one who has a record of good response-time and has the ability to monitor, detect and analyze and respond to security incidents and cyber threats as well as implement preventative measures.

Responsibilities

• Protect organizations network and systems by identifying vulnerabilities, investigating suspicious activity and implementing security measures to prevent or mitigate attacks.
• Continuously monitor systems and networks for signs of security breach.
• Improve existing strategies to defend against threats.
• Report security incidents and actions taken.

Qualifications

• Bachelor's degree in IT-related field and relevant Certifications
• 3+ years of experience as a Security Operations Centre Analyst

Required Skills:

·   Advanced experience with SIEM administration, including watch list creation, alerting tuning, threat feeds, use case development, and case/incident management.

·   Proven experience working with leading EDR solutions, CAS, IDS/IPS, network- and host-based firewalls, data leakage protection (DLP), DAM (Database activity monitoring)

·   In-depth, hands-on experience with at least two of the following technologies: Unix administration, Windows Server administration, Active Directory, Windows Workstation, Routers /Switches management, Firewall Management, SANS/NAS, Web servers, IAM/AAA, IDS/HDS, System vulnerability scanning tools, Application/Database vulnerability scanning tools.

·   Ability to analyze possible attack activities such as network probing/ scanning, DDOS, malicious code activity, and possible abnormal activities, such as worms, Trojans, viruses, etc., and coordinating remediation actions as necessary.

·   Understanding and working knowledge of MITRE ATT&CK Framework and security forensics.

·   Experience with security industry standards and best practices. Proven experience with the interpretation and implementation of those standards in a corporate environment. 

• Strong knowledge of cybersecurity frameworks, regulations, and compliance standards (e.g., NIST, ISO 27001, FERPA)
• Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate strategic information security topics, policies, and standards, as well as risk-related concepts, to technical and non-technical audiences at various hierarchical levels.
• Understanding of network devices such as routers and switches. TCP/IP knowledge
• Understanding of common network services (web, mail, FTP, etc.), network vulnerabilities, and network attack patterns.
• Ability to work effectively under pressure and in a fast-paced environment.

Qualifications:

· years of proven experience in a SOC Analyst role

· years working in the Cybersecurity Domain, securing enterprise-level networks

• Industry certifications such as CYSA+, CEH, OWASP or GIAC certifications (preferred)
• Bachelor's degree in Cybersecurity or related field (Master's preferred)
• Advanced proficiency in security tools, including SIEM (Splunk or Devo), EDR (Carbon Black or CrowdStrike), IDS/IPS, and threat intelligence platforms.
• Excellent analytical, problem-solving, and communication skills

Who we are?

Europa Worldwide Group is an ambitious independent logistics operator with three divisions, Europa Road, Europa Air & Sea, and Europa Warehouse, and has been featured in The Sunday Times Top Track 250 for three years.

The group employs over 1,100 people with 16 sales offices in the UK, and the Republic of Ireland, plus European teams in France, Belgium and the Netherlands and internationally in Cape Town Hong Kong, China, India and the UAE.

We are looking for.

The Security Operations Analyst will play an important role in protecting the organisation's IT systems from the growing number of cyber threats through continuous monitoring and 24/7 support.

Following on from initial training, you will be expected to follow a rotational schedule of four consecutive workdays followed by four days off. This schedule will entail 12-hour shifts, ensuring continuous coverage over a 24-hour period.

** Please note: This role is offered on a 6 month fixed term contract basis**

You will play a vital part in protecting Europa Worldwide Group's information technology systems, networks, and data from unauthorised access, theft, and other types of cyber-attack using state-of-the-art tools. You will be responsible for the daily operations of the Security Operations Centre, continuously monitoring the environment to protect the organisation's IT systems and act as the first line of defense against cyber threats. Key duties involve continuous IT monitoring, security incident detection, management and response.

What can we offer in return?

• Competitive package
• Family Leave: Benefit from enhanced maternity, paternity, and adoption pay.
• Wellbeing Focus: Access our employee wellbeing programme for your overall health and happiness.
• Referral Rewards: Earn up to £500 by referring a friend to join our team.
• Work-Life Balance: Thrive in a fantastic working culture that promotes an excellent work-life balance.
• Recognition Programs: Celebrate your contributions with our charity 50-50 and long service awards

What you will be doing:

• Perform 24/7 threat monitoring, detection, event management, and incident response on a rotational basis.
• Provide BAU support for security related incidents.
• Respond to security incidents and provide analysis of security log data from various event sources and identify the root cause.
• Use advanced tools for detecting and analysing threats including, but not limited to, Security Information and Event Management (SIEM), Endpoint Detection and Response (EDR), Security Orchestration (SOAR), and email security.
• Monitoring systems, networks, and applications for unusual activity and investigating in a timely manner.
• Perform proactive threat hunting and cyber threat intelligence activities.
• Maintain security controls, policies, and procedures.
• Stay up to date with the latest trends in cyber security threats and defenses.
• Work under strict change control processes to ensure only authorised changes are carried out.
• First line IT Helpdesk support assistance outside of standard business hours

Please note - if you submit your CV, you are giving Europa Worldwide Group Ltd and its subsidiaries consent to hold your personal data. An offer of employment is subject to the completion of a satisfactory pre-employment checks

All applications will be dealt with according to General Data Protection Regulations. Europa Worldwide Group are committed to equality of opportunity for all staff, and applications from individuals are encouraged regardless of age, disability, sex, gender reassignment, sexual orientation, pregnancy and maternity, race, religion or belief and marriage and civil partnerships.

Europa Worldwide Group do not accept agency CV submissions unless specifically requested/ engaged with the role by the Internal Recruitment Team. Please do not submit speculative CV'S to our Recruiters, Employees, Hiring Managers, or any branches/locations directly. Europa will not be responsible for any fees related to CV's received in this unsolicited manner

Make an impact with NTT DATA
Join a company that is pushing the boundaries of what is possible. We are renowned for our technical excellence and leading innovations, and for making a difference to our clients and society. Our workplace embraces diversity and inclusion – it's a place where you can grow, belong and thrive.

Your day at NTT DATA
The Senior Information Security Incident Response Analyst is an advanced subject matter expert, responsible for detecting and monitoring escalated threats and suspicious activity affecting the organization's technology domain (servers, networks, appliances and all infrastructure supporting production applications for the enterprise, as well as development environments).

This role acts as the technical second responder for the team and supports the work of technical staff from various business areas, as well as third-party technical experts.

The Senior Information Security Incident Response uses their technical competencies of systems and automated mechanisms to detect unauthorized activity on company information assets.

Key responsibilities:

• Manages the prevention and resolution of security breaches and ensure incident and problem management processes are initiated.
• Performs access management activities according to the policy.
• Implements and discusses security service audit schedules, review access authorization and perform the required access controls and testing to identify security weaknesses.
• Interacts with a global team of Cyber Security Analysts and specialists.
• Manages 2nd level triaging of security alerts, events, and notifications.
• Manages notifications of internal and/or external teams according to agreed alert priority levels, and escalation trees.
• Communicates status of response, resolution and final root cause analysis to the appropriate stakeholders.
• Follows and updates established and/or ad-hoc processes and work instructions and create procedures where deficiencies are identified.
• Logs, manages and coordinates service requests through to resolution including the identification, isolation, resolution and escalation of IT infrastructure faults.
• Maintains an understanding of current and emerging threats, vulnerabilities, and trends.

To thrive in this role, you need to have:

• Advanced understanding of End Point Protection Software.
• Advanced understanding of Enterprise Detection and Response software.
• Advanced knowledge of technological advances within the information security arena.
• Advanced understanding of inter-relationships in an overall system or process.
• Advanced knowledge of information security management and policies.
• Advanced understanding risk management principles and frameworks is crucial for prioritizing and addressing security incidents
• Advanced understanding of the organization's business operations, goals, and objectives enables the analyst to align incident response efforts with the broader business strategy.
• Ability to effectively communicate technical information to both technical and non-technical stakeholders, and end-users, as well as working with cross-functional teams during incident response.
• Ability to think critically, analyze information, and solve medium to complex problems.

Academic qualifications and certifications:

• Bachelor's degree or equivalent in Information Technology, Computer Science or related preferred.
• SANS GIAC Security Essentials (GSEC) or equivalent preferred.
• SANS GIAC Certified Intrusion Analyst (GCIA) or equivalent preferred.
• SANS GIAC Certified Incident Handler (GCIH) or equivalent preferred

Required experience:

• Advanced experience in a Technology Information Security Industry.
• Advanced experience or knowledge of SIEM and IPS technologies.
• Advanced experience with Wireshark or tcpdump to identify normal and abnormal/malicious traffic patterns and behaviors.

Workplace type:
Hybrid Working

About NTT DATA
NTT DATA is a $30+ billion trusted global innovator of business and technology services. We serve 75% of the Fortune Global 100 and are committed to helping clients innovate, optimize and transform for long-term success. We invest over $3.6 billion each year in R&D to help organizations and society move confidently and sustainably into the digital future. As a Global Top Employer, we have diverse experts in more than 50 countries and a robust partner ecosystem of established and start-up companies. Our services include business and technology consulting, data and artificial intelligence, industry solutions, as well as the development, implementation and management of applications, infrastructure, and connectivity. We are also one of the leading providers of digital and AI infrastructure in the world. NTT DATA is part of NTT Group and headquartered in Tokyo.

Equal Opportunity Employer
NTT DATA is proud to be an Equal Opportunity Employer with a global culture that embraces diversity. We are committed to providing an environment free of unfair discrimination and harassment. We do not discriminate based on age, race, colour, gender, sexual orientation, religion, nationality, disability, pregnancy, marital status, veteran status, or any other protected category. Join our growing global team and accelerate your career with us. Apply today.

Third parties fraudulently posing as NTT DATA recruiters
NTT DATA recruiters will never ask job seekers or candidates for payment or banking information during the recruitment process, for any reason. Please remain vigilant of third parties who may attempt to impersonate NTT DATA recruiters—whether in writing or by phone—in order to deceptively obtain personal data or money from you. All email communications from an NTT DATA recruiter will come from an

email address. If you suspect any fraudulent activity, please
contact us
.

Make an impact with NTT DATA

Join a company that is pushing the boundaries of what is possible. We are renowned for our technical excellence and leading innovations, and for making a difference to our clients and society. Our workplace embraces diversity and inclusion – it's a place where you can grow, belong and thrive.

Your day at NTT DATA

The Associate Information Security Incident Response Analyst is an entry level subject matter expert, responsible for assisting with the detection and monitoring of threats and suspicious activity affecting the organization's technology domain.

This role acts as the technical first responder by supporting the work of technical staff from various business areas as well as third-party technical experts.

This role uses their technical competencies of systems and automated mechanisms to detect unauthorized activity on company's information assets.

Key responsibilities:

• Assists with the prevention and resolution of security breaches and ensures incident and problem management processes are initiated.
• Supports access management activities according to the policy.
• Assists with the implementation of and discusses security service audit schedules, review access authorization and performs the required access controls and testing to identify security weaknesses.
• Interacts with a global team of Cyber Security Analysts and specialists.
• Notifies internal and/or external teams according to agreed alert priority levels, escalation trees, 1st level triaging of security alerts, events, and notifications.
• Communicates status of response, resolution and final root cause analysis to the appropriate stakeholders.
• Ability to follow and update established and/or ad-hoc processes and work instructions and create procedures where deficiencies are identified.
• Logs, manages and coordinates service requests through to resolution including the identification, isolation, resolution and escalation of IT infrastructure faults.

To thrive in this role, you need to have:

• Knowledge of technological advances within the information security arena.
• Understanding of inter-relationships in an overall system or process.
• Knowledge of information security management and policies.
• Maintain an understanding of current and emerging threats, vulnerabilities, and trends.

Academic qualifications and certifications:

• Bachelor's degree or equivalent in Information Technology, Computer Science or related preferred.
• SANS GIAC Security Essentials (GSEC) or equivalent preferred.
• SANS GIAC Certified Intrusion Analyst (GCIA) or equivalent preferred.
• SANS GIAC Certified Incident Handler (GCIH) or equivalent preferred.

Required experience:

• Entry level experience in a Technology Information Security Industry.
• Experience using End Point Protection Software.
• Experience using Enterprise Detection & Response software.
• Experience or knowledge of SIEM and IPS technologies.
• Experience with Wireshark or tcpdump to identify normal and abnormal/malicious traffic patterns and behaviors.

Workplace type:

Hybrid Working

About NTT DATA

NTT DATA is a $30+ billion trusted global innovator of business and technology services. We serve 75% of the Fortune Global 100 and are committed to helping clients innovate, optimize and transform for long-term success. We invest over $3.6 billion each year in R&D to help organizations and society move confidently and sustainably into the digital future. As a Global Top Employer, we have diverse experts in more than 50 countries and a robust partner ecosystem of established and start-up companies. Our services include business and technology consulting, data and artificial intelligence, industry solutions, as well as the development, implementation and management of applications, infrastructure, and connectivity. We are also one of the leading providers of digital and AI infrastructure in the world. NTT DATA is part of NTT Group and headquartered in Tokyo.

Equal Opportunity Employer

NTT DATA is proud to be an Equal Opportunity Employer with a global culture that embraces diversity. We are committed to providing an environment free of unfair discrimination and harassment. We do not discriminate based on age, race, colour, gender, sexual orientation, religion, nationality, disability, pregnancy, marital status, veteran status, or any other protected category. Join our growing global team and accelerate your career with us. Apply today.

Third parties fraudulently posing as NTT DATA recruiters

NTT DATA recruiters will never ask job seekers or candidates for payment or banking information during the recruitment process, for any reason. Please remain vigilant of third parties who may attempt to impersonate NTT DATA recruiters—whether in writing or by phone—in order to deceptively obtain personal data or money from you. All email communications from an NTT DATA recruiter will come from an email address. If you suspect any fraudulent activity, please contact us .

Make an impact with NTT DATA
Join a company that is pushing the boundaries of what is possible. We are renowned for our technical excellence and leading innovations, and for making a difference to our clients and society. Our workplace embraces diversity and inclusion – it's a place where you can grow, belong and thrive.

Your day at NTT DATA
The Associate Information Security Incident Response Analyst is an entry level subject matter expert, responsible for assisting with the detection and monitoring of threats and suspicious activity affecting the organization's technology domain.

This role acts as the technical first responder by supporting the work of technical staff from various business areas as well as third-party technical experts.

This role uses their technical competencies of systems and automated mechanisms to detect unauthorized activity on company's information assets.

Key responsibilities:

• Assists with the prevention and resolution of security breaches and ensures incident and problem management processes are initiated.
• Supports access management activities according to the policy.
• Assists with the implementation of and discusses security service audit schedules, review access authorization and performs the required access controls and testing to identify security weaknesses.
• Interacts with a global team of Cyber Security Analysts and specialists.
• Notifies internal and/or external teams according to agreed alert priority levels, escalation trees, 1st level triaging of security alerts, events, and notifications.
• Communicates status of response, resolution and final root cause analysis to the appropriate stakeholders.
• Ability to follow and update established and/or ad-hoc processes and work instructions and create procedures where deficiencies are identified.
• Logs, manages and coordinates service requests through to resolution including the identification, isolation, resolution and escalation of IT infrastructure faults.

To thrive in this role, you need to have:

• Knowledge of technological advances within the information security arena.
• Understanding of inter-relationships in an overall system or process.
• Knowledge of information security management and policies.
• Maintain an understanding of current and emerging threats, vulnerabilities, and trends.

Academic qualifications and certifications:

• Bachelor's degree or equivalent in Information Technology, Computer Science or related preferred.
• SANS GIAC Security Essentials (GSEC) or equivalent preferred.
• SANS GIAC Certified Intrusion Analyst (GCIA) or equivalent preferred.
• SANS GIAC Certified Incident Handler (GCIH) or equivalent preferred.

Required experience:

• Entry level experience in a Technology Information Security Industry.
• Experience using End Point Protection Software.
• Experience using Enterprise Detection & Response software.
• Experience or knowledge of SIEM and IPS technologies.
• Experience with Wireshark or tcpdump to identify normal and abnormal/malicious traffic patterns and behaviors.

Workplace type:
Hybrid Working

About NTT DATA
NTT DATA is a $30+ billion trusted global innovator of business and technology services. We serve 75% of the Fortune Global 100 and are committed to helping clients innovate, optimize and transform for long-term success. We invest over $3.6 billion each year in R&D to help organizations and society move confidently and sustainably into the digital future. As a Global Top Employer, we have diverse experts in more than 50 countries and a robust partner ecosystem of established and start-up companies. Our services include business and technology consulting, data and artificial intelligence, industry solutions, as well as the development, implementation and management of applications, infrastructure, and connectivity. We are also one of the leading providers of digital and AI infrastructure in the world. NTT DATA is part of NTT Group and headquartered in Tokyo.

Equal Opportunity Employer
NTT DATA is proud to be an Equal Opportunity Employer with a global culture that embraces diversity. We are committed to providing an environment free of unfair discrimination and harassment. We do not discriminate based on age, race, colour, gender, sexual orientation, religion, nationality, disability, pregnancy, marital status, veteran status, or any other protected category. Join our growing global team and accelerate your career with us. Apply today.

Third parties fraudulently posing as NTT DATA recruiters
NTT DATA recruiters will never ask job seekers or candidates for payment or banking information during the recruitment process, for any reason. Please remain vigilant of third parties who may attempt to impersonate NTT DATA recruiters—whether in writing or by phone—in order to deceptively obtain personal data or money from you. All email communications from an NTT DATA recruiter will come from an

email address. If you suspect any fraudulent activity, please
contact us
.

About Us
Integrity360 is the largest independent cyber security provider in Europe, with a growing international presence spanning the UK, Ireland, mainland Europe, Africa and the Caribbean. With over 700 employees, across 12 locations, and six Security Operations Centres (SOCs)—including locations in Dublin, Sofia, Stockholm, Madrid, Naples and Cape Town—we support more than 2,500 clients across a wide range of industries.

Over 80% of our team are technical experts, focused on helping clients proactively identify, protect, detect and respond to threats in an ever-evolving cyber landscape. Our security-first approach positions cyber resilience as a business enabler, empowering organisations to operate with confidence.

At Integrity360, people come first. We invest heavily in learning, development and progression, fostering a dynamic culture where innovation, collaboration and continuous growth are at the heart of what we do. If you're ready to take your cyber security career to the next level, we'd love to hear from you.

Job Role

The Senior Cyber Incident Response Analyst will work within established methodologies to perform a variety of Incident Response related activities for new and existing customers, to include responding to cyber incidents, proactively hunting for adversaries in customer networks, conducting detailed Intrusion analysis – host and network, malware reverse engineering, Digital forensics and Cyber Threat Intelligence services.

Proactive client services, such as compromise assessments and evaluating and recommending tools and technology for incident response are also in scope. Demonstration of a strong comprehension of malware, emerging threats and adversary TTPs will be critical to success.

Responsibilities

• Customer focus - have the ability to work directly with customers and demonstrate services delivered to customers in a face-to-face setting when required.
• You will have the capacity to multitask on several technical and operational issues simultaneously.
• Have a very good understanding of customer issues and you are able to empathize with customers as to their current situation.
• Ability to think through difficult issues and provide advice or when necessary.
• A clear understanding of the ITIL processes.
• Ability to work on assignments requiring sound judgement in resolving issues or in making recommendations.
• Initiative to drive all incidents to resolution, ensuring timely participation by all stakeholders.
• Without hesitation when required, escalate issues to upper management, to include C-Level managers, in accordance with prescribed procedures.
• Incident Management and Incident communication experience.
• Experienced in meeting deadlines while following processes and procedures.
• Capable of working with other teams that challenge your processes and procedures.
• Understanding of ITIL, SANS, PCI DSS, ISO 27001 and ISO2000.
• Logical thought mindset and experience developing reusable processes / data architectures.

Requirements

• Host Intrusion Analysis:

• Windows (Endpoint and Server)

• Unix
• Network Intrusion Analysis.
• Familiarity with categories of Malware and Malware Reverse Engineering techniques.
• Experience working with security tools for the purposes of detection, diagnosis, containment and remediation.
• Extensive knowledge of Windows server systems.
• Experienced in creating and maintaining a security incident response plan (IRP).

Certifications/Qualifications

• SANS: Qualifications in Security Essentials (GSEC), Hacker Techniques & Incident Handling (GCIH), Host (GCFE/GCFA) & Network (GNFA) Forensics, Malware Analysis (GREM) and any Digital Forensics specializations.
• EC Council Certifications.
• A strong team player with a flexible approach.
• Can demonstrate consistency in work attitude.