Cyber Defence & Reporting Engineer at Tiger Brands

The Cyber Defence & Reporting Engineer is a hands‑on security specialist responsible for the detection, analysis, and reporting of cyber threats across the organisation's security monitoring ecosystem. Reporting to the Security Operations Lead, this role focuses on security monitoring, SIEM use‑case development, alert analysis, threat detection, incident support, and operational security reporting, ensuring the organisation has timely visibility into threats and security posture. The role works closely with the outsourced Security Operations Centre (SOC) and internal Endpoint Security Specialists and Firewall Engineers to validate alerts, support investigations, and continuously improve detection capability. This role requires practical SOC experience and the ability to operate effectively in high severity (P1) incident scenarios, including war room coordination and time critical decision making.


WHAT YOU WILL DO:


Monitor and analyse security events and alerts across endpoint, network, identity, and application security platforms.
Operate and tune SIEM and security monitoring tools, including use‑case development, correlation rules, and alert optimisation.
Develop and maintain Microsoft Defender detections and use cases (including custom detections/analytics rules where applicable) to strengthen coverage across identity, endpoint, and cloud telemetry.
Work closely with the outsourced SOC to validate alerts, manage escalations, and improve detection accuracy.
Perform initial investigation and triage of security incidents, supporting containment and remediation activities led by Security Operations.
Conduct threat analysis and pattern identification, identifying trends, emerging risks, and gaps in detection coverage.
Support threat‑hunting activities using available telemetry and intelligence sources.
Maintain security defence platforms used for detection and early warning (e.g., network detection and response and deception technologies), ensuring operational health, tuning, and meaningful alerting.
Facilitate cyber forensics investigations by coordinating evidence collection, timelines, and handover to internal/external forensic providers; maintain investigation structure and evidence readiness.
Plan, arrange and run purple team exercises with the SOC and relevant technology teams, ensuring clear scenarios, measurable outcomes, and documented detection/response improvements.
Create and maintain run books / playbooks jointly with the SOC, aligning response actions to business requirements for predefined threat scenarios (e.g., containment approach, escalation paths, decision points, and communications).
Drive incident automation and operational efficiency improvements (alert enrichment, ticketing workflows, response orchestration opportunities, and repeatable investigation patterns).
Maintain and produce security operations reporting, including incident metrics, SOC performance data, and executive dashboards.
Track and report on security posture, trends, and key risk indicators, translating technical findings into actionable insights.
Support post‑incident reviews and root cause analysis, contributing detection and monitoring improvements.
Maintain accurate monitoring documentation, including use‑cases, dashboards, and alert logic.
Support security audits and compliance activities by providing monitoring evidence and incident records.


WHAT YOU WILL BRING TO THE TABLE:

Key attributes and competencies


Strong analytical mindset with the ability to identify, interpret, and prioritise security events.
Solid understanding of cyber attack techniques, threat vectors, and detection methodologies.
Strong attention to detail and data‑driven decision‑making capability.
Ability to communicate technical security findings in a clear, concise manner.
Comfortable working in operational security environments with high alert volumes and time‑critical response.
Demonstrated ability to work effectively in high pressure incident scenarios, including P1 escalation and war room style coordination.
Collaborative approach, working closely with SOC, Endpoint, Firewall, and Infrastructure teams.


Experience and Qualifications


3 - 7 years' experience in cyber defence, SOC, or security monitoring roles.
Hands‑on experience with:
SIEM platforms and security monitoring tools
Security alert analysis and incident triage
Security reporting and metrics creation


Qualifications & Certifications


Relevant IT or Information Security qualification (Diploma or Degree preferred).
Cyber Defence / Monitoring Certifications (advantageous)
SIEM or SOC‑focused certifications
Threat detection, incident response, or cyber‑defence certifications
Vendor‑neutral security certifications (e.g. Security+ or equivalent)