Key Responsibilities:
1. Security Event Monitoring & Incident Handling
o Monitor real-time alerts via Microsoft 365 Defender, Microsoft Sentinel, Cybereason, and Zscaler.
o Perform first- and second-level triage, document incidents, and support resolution.
o Work with managed service providers (MSPs) or third-party security providers as needed.
2. Microsoft Secure Score & Compliance
o Track and improve Microsoft Secure Score across Office 365 and Azure tenants.
o Implement security best practices and remediate configuration gaps.
o Maintain compliance with South African regulations (e.g., POPIA) and ISO 27001 controls.
3. Vulnerability Management
o Use Rapid7, Qualys, or Microsoft TVM to scan and report vulnerabilities.
o Collaborate with infrastructure and application teams to manage risk-based remediation.
4. Endpoint & Cloud Security Operations
o Support Defender for Endpoint, Defender for Cloud Apps, Zscaler, and Cybereason.
o Investigate suspicious user and system activity across endpoint, identity, and cloud layers.
o Monitor Azure and Microsoft 365 security baselines via Lacework or Defender for Cloud.
5. Security SOPs & Playbooks
o Maintain operational procedures and contribute to playbooks for incident response.
o Support internal and external audit processes with evidence and technical documentation.
Qualifications Required (South African Market Alignment):
· Essential:
o National Diploma or Bachelor’s Degree in Information Technology, Cybersecurity, or related field
o 3–5 years' experience in a technical cybersecurity, security analyst, or SOC role
o Proven experience using Microsoft 365 Defender portal (https://security.microsoft.com)
· Advantageous:
o Microsoft SC-200: Security Operations Analyst Associate
o Microsoft AZ-500: Azure Security Engineer
o CompTIA Security+ / CySA+ / CEH
o ISO 27001 Implementer or Auditor
o Understanding of POPIA, NIST CSF, MITRE ATT&CK
Core Skills & Competencies:
Technical Skills Behavioural Competencies Microsoft 365 Defender portal fluency Strong attention to detail Sentinel SIEM/SOAR alert triage Analytical and investigative thinking Secure Score remediation – M365 and Azure Problem-solving mindset Rapid7 / Qualys / Microsoft TVM vulnerability scans Proactive and self-driven Zscaler / Cybereason / Lacework administration Ability to work under pressure Basic scripting (PowerShell, KQL) Effective communication (verbal & written) Endpoint, identity, and cloud workload protection Collaborative and team-oriented