Cyber Security Analyst I

TFG's Information Technology team is responsible for the company's technological systems and the maintenance of its digital and technological infrastructure.

By selecting future-fit technology and methodologies, they help the business meet its strategic objectives.

They assess our business landscape and our market to ensure adaptability, scalability, expansion, and risk reduction. Who we are is because of our people.

TFG is an internationally diversified retail portfolio of 34 speciality lifestyle and apparel brands that inspire our customers to live their best lives and are woven into the lives of millions.

Our vision is to create the most remarkable omnichannel experiences for our customers.

TFG is more than a workplace; it's a launchpad for your growth.

Join us and explore endless growth opportunities across our diverse brands.

We're a purpose-led business, and on this team, you'll share the pride of making an impact across a whole industry. We're the designers, the makers, the shakers, and the teams behind the scenes. Are you with us?

1. Security Monitoring

• Continuously monitor security alerts and events from various sources, including Microsoft Sentinel, Defender for Endpoint, and Defender for Cloud.
• Perform log management: ingest logs, define use cases, and create alerts for critical assets.
• Create, implement, and fine-tune detection rules, alerts, and queries in Microsoft Sentinel and Defender to detect security incidents and reduce false positives.
• Leverage user and entity behaviour analytics (UEBA) to identify abnormal activities and enhance detection capabilities.
• Develop and customize automation playbooks in Sentinel and Defender to streamline incident response processes and improve efficiency.
• Perform threat hunting using IOCs and threat intelligence across the environment.

• Analyze and investigate security incidents to identify potential threats.
• Respond promptly to incidents, conduct initial analysis, assess business impact, and execute containment, eradication, and recovery.
• Document and report incidents with accurate records.
• Follow established incident response procedures and contribute to their improvement.

• Participate in Blue/Red/Purple team exercises, cyber crisis simulations, and tabletop exercises.

• Understand the business value chain, key processes, and architecture.
• Conduct risk assessments and manage risks appropriately.

• Manage and maintain endpoint security and compliance.
• Perform health checks, scans, and assessments to identify vulnerabilities.
• Collaborate with IT teams to ensure endpoint security configurations.

• 1-3 years' experience in a SOC or cybersecurity-related role.
• Preferred experience with Microsoft Defender XDR, EDR, JAMF, Symantec DCS, DNS, network security, and other listed technologies.
• Experience with common IT technologies (Windows, VMware, Cisco, UNIX, Linux).
• Knowledge of security tools and cloud security operations.

• Excellent communication skills in English.
• Ability to share knowledge and learn collaboratively.
• Effective time management and stress handling.
• Strong reporting skills and proactive problem-solving attitude.
• Passion for continuous learning.

• Action-oriented, effective communicator, courageous, decisive, accountable, and capable of managing complexity.
• Ability to plan, prioritize, leverage new technology, and align initiatives with organizational goals.

Preference will be given to candidates from designated groups as per the Employment Equity Act.