Cybersecurity Analyst II

• Continuously monitor security alerts and events from sources such as Microsoft Sentinel, Defender for Endpoint, and Defender for Cloud.
• Perform log management by ingesting logs, defining use cases, and creating alerts for critical assets.
• Develop, implement, and fine-tune detection rules, alerts, and queries in Microsoft Sentinel and Defender to identify security incidents and reduce false positives. Leverage UEBA to detect abnormal activities and improve detection capabilities.
• Customize automation playbooks in Sentinel and Defender to streamline incident response and enhance efficiency.
• Perform threat hunting using IOCs and threat intelligence across the environment.
• Create and maintain risk profiles for users, systems, and applications.
• Identify patterns, trends, and anomalies in security events to detect threats.

• Analyze and investigate security incidents to identify potential threats.
• Respond promptly to incidents, conduct initial analysis, assess business impact, isolate, eradicate, and recover from threats.
• Document and report incidents with accurate records.
• Follow and contribute to incident response procedures and playbooks.
• Manage cybersecurity incidents end-to-end, including stakeholder engagement and reporting.
• Automate repetitive response tasks to speed up investigations and improve threat intelligence.

• Participate in Blue/Red/Purple team exercises, cyber crisis simulations, and tabletop exercises.

• Understand the business value chain and key processes.
• Map business architecture to critical assets and conduct risk assessments as needed.

• Manage endpoint security and compliance.
• Perform daily health checks and remediate issues.
• Conduct regular vulnerability assessments.
• Collaborate with IT to ensure endpoint configurations align with standards.
• Enhance threat hunting with threat intelligence teams.
• Correlate EDR data with SIEM, XDR, and threat intel for insights.

• Embrace continuous improvement and platform optimization.
• Understand SaaS budgeting and licensing.
• Engage in R&D and possess deep technical expertise.

• Write incident reports and create dashboards with KPIs/KRIs for leadership.
• Present findings to senior management.
• Engage with multicultural teams.

• 4-6 years in SOC or cybersecurity roles.
• Preferred experience with Microsoft Defender XDR, EDR, JAMF, Symantec DCS, DNS, network security, Mimecast, CrowdStrike, Azure Sentinel, etc.
• Experience with Windows, VMware, Cisco, UNIX, Linux.
• Knowledge of security tools like WAF, Proxy, IDS, firewalls, DLP, IAM, MFA, NAC.
• Understanding of Cloud Security, Mobile Architecture, Network, and Data Protection.

• Excellent communication skills in English.
• Teamwork and knowledge sharing.
• Strong reporting skills.
• Effective time management under pressure.
• Stress management and continuous learning passion.
• Proactive problem-solving attitude.

• Action-oriented, effective communicator, courageous, decisive, accountable, able to simplify complexity, strategic planning, tech-savvy.

Preference will be given to candidates from designated groups per the Employment Equity Act.

TFG is a diversified retail group with 34 brands, committed to inspiring customers and creating remarkable omnichannel experiences. Join us to grow and make an industry impact.

Our Infotec team supports over 3,600 stores with innovative retail technology, cloud-native applications, and AI/ML solutions. We foster engineering, data, and architecture talents to build enduring solutions.