Cyber Security Analyst L2

About the Role

We’re looking for a proactive and detail-oriented Cyber Security Analyst L2 to join a growing security team (office based with flexibility). This role is ideal for someone passionate about defending modern cloud environments and working hands-on with the Microsoft security stack.

You’ll play a key role in monitoring, detecting, and responding to threats across a Microsoft-centric ecosystem, helping to strengthen overall security posture while ensuring compliance across cloud and on-prem environments.

Key Responsibilities

Security Monitoring & Incident Response

• Monitor, triage, and investigate alerts using Microsoft Sentinel (SIEM/SOAR)
• Respond to incidents including malware, phishing, identity compromise, and data exfiltration
• Conduct root cause analysis and produce detailed incident reports
• Develop and optimise detection rules, dashboards, and automation workflows

Microsoft Defender Security Operations

• Manage and operate Microsoft Defender (Endpoint, Identity, Cloud Apps, Office 365)
• Investigate threats using Defender XDR
• Tune alerts to improve detection accuracy and reduce false positives
• Work with IT teams to remediate vulnerabilities

Cloud & Identity Security (Azure)

• Secure Azure workloads, networks, and identities
• Support Zero Trust implementation
• Apply best practices (RBAC, Conditional Access, MFA)
• Monitor logs and security telemetry across Azure services

Network Security

• Manage and monitor Fortinet solutions (FortiGate, FortiAnalyzer, FortiManager)
• Investigate suspicious network activity and threats
• Support firewall rule reviews, segmentation, VPN security, and IDS/IPS tuning
• Integrate network logs into Microsoft Sentinel

Security Playbooks & Automation

• Develop and maintain incident response playbooks
• Align processes with MITRE ATT&CK and organisational policies
• Test and refine playbooks through simulations and real incidents
• Maintain clear, auditable documentation

Vulnerability Management

• Support full vulnerability lifecycle: discovery, assessment, prioritisation, remediation
• Work with Microsoft Defender Vulnerability Management and other tools
• Track remediation progress and report on risk reduction

Data Protection & Compliance

• Support Microsoft Purview (DLP, data classification, compliance reporting)
• Monitor and respond to DLP alerts
• Assist with compliance initiatives (POPIA, ISO 27001, GDPR where applicable)

Continuous Improvement & Collaboration

• Contribute to security policies and best practices
• Collaborate with infrastructure, cloud, and development teams
• Stay up to date with emerging threats and technologies

Required Skills & Experience

Technical Skills

• Hands-on experience with Microsoft Sentinel
• Strong experience with Microsoft Defender suite
• Solid understanding of Microsoft Azure (IAM, networking, security controls)
• Experience with Microsoft Purview
• Knowledge of SIEM/SOAR concepts and MITRE ATT&CK framework
• Strong understanding of identity and access management and cloud security

Experience

• 3+ years in a Security Analyst / SOC / Cyber security role
• Experience securing Microsoft 365 and Azure environments
• Proven incident response and threat investigation experience

Certifications (Advantageous)

• CompTIA Security+, CISSP, or similar
• Microsoft SC-200, AZ-500, SC-400

Why Join?

• Work with modern Microsoft security technologies
• Exposure to enterprise-scale cloud and hybrid environments
• Collaborative and forward-thinking team
• Opportunity to grow within a maturing security function