Intermediate Cyber Security Analyst (L2/L3)

Company: Opliciti South Africa (Pty) Ltd

Geographical responsibility: Global

Reports to: Managing Director RSA, Head of Security Operations UK

The Senior Security Analyst is a core member of the SOC, responsible for detecting, investigating, and mitigating cyber threats across complex client environments. Utilizing modern tools and expertise, the analyst conducts advanced investigations, enhances detection capabilities, and promotes ongoing improvements in incident response and threat hunting. This role combines deep technical expertise with strategic oversight—enhancing monitoring, automation, and defence capabilities while mentoring junior analysts. The analyst also stays informed of emerging threats and vulnerabilities, ensuring clients in critical sectors remain protected against evolving attack vectors.

Internally: Interacts with the professional services teams, security operations teams and company Directors. Externally: Engages with clients for escalations, investigations and service reviews, and supports business development through technical insights, pre‑sales consultations, and solution alignment.

• Monitor client environments/security systems as part of a dedicated security team or a shared services security team for alerts/incidents, analyse logs and traffic patterns, providing appropriate response in accordance with processes agreed with in contractual terms i.e. Service Description.
• Provide support where required, to multiple customer environments concurrently; drive customer satisfaction and continuously seek to improve operational performance.
• Work with internal and external client stakeholders to conduct in‑depth investigations on security events, raise incidents, contain and provide remediation and/or recommendations supporting the incident management process.
• Act as an escalation point for any incidents and investigations that may be required.
• Develop and understanding of client environment and requirements, build relationships with relevant stakeholders to provide effective communication through support channels.
• Understand and apply use‑cases and develop playbooks enabling efficiency, improvements.
• Develop and implement automation, notification, response and remediation processes.
• Lead threat hunting investigations and apply any new feeds and sources relevant to detecting threats to the client.
• Contribute to, and help in development of, security Dashboards/Reporting and processes.
• Stay up to date and regularly educate team on the changing cyber security landscape and share information.
• Support the ongoing maintenance of the company’s Information Security Management System (ISMS).
• Be able to optimise workstreams beyond BAU and assigned tasks, such as identifying enhancements and opportunities for continuous improvement.

• To have a passion for security and rise to challenges.
• Possess excellent communication, interpersonal and good leadership skills.
• Good time management and ability to solve problems and manage different workloads.
• Sufficient networking knowledge with the ability to understand network traffic, to be able to explain activity and advise next steps.
• Minimum 4 years of experience working as a Cyber Security Analyst or equivalent.
• Experience working in a SOC environment with tools as SIEM, SOAR, EDR etc.
• Experience with Azure, Microsoft Sentinel and the Microsoft Security stack.
• Proficiency in Kusto Query Language (KQL) and comfortable developing queries for detection and reporting.
• Experienced with development of playbooks and applied automation for efficient workflows.
• Comprehensive understanding of common malware types along with detection and prevention methods.
• Understanding of Cloud computing/architecture and security.
• Good awareness and understanding of the MITRE ATT&CK Framework.
• Solid understanding of the different stages of the Cyber‑Kill‑Chain.
• Be able to interact comfortably with stakeholders across multiple organisations, building strong relationships across all business units at all levels.

• Prior experience in an MSSP delivering security services to multiple clients.
• Experience with multiple SIEM Technologies (Splunk, MS Sentinel, LogRhythm, ELK, QRadar, Arcsight, Wazuh etc.).
• Experience with cloud platforms such as AWS and GCP.
• Experience with high‑profile enterprise clients e.g. – Oil & Gas, Manufacturing, Supply Chain etc.
• Experience with using Microsoft Logic Apps/Power Automate or third‑party orchestration tools.
• Experience with PowerBI and developing visualisations via custom queries.

At least one or more of the following: Industry standard certifications such as Microsoft, CompTIA, SANS, CREST, GIAC, ISC2 and or any other cyber security relation certifications.