Apply now »
Position

Senior SIEM Engineer (Cybersecurity Analyst)

Details
Location: 

Johannesburg, ZA

Date:  17 Oct 2025
Reference:  142582

Job Classification

Job req - 142582

Closing date - 24 October 2025

Job Family

Information Technology

Career Stream

IT Risk

Leadership Pipeline

Manage Self: Technical

FAIS Affected

Job Purpose

We are seeking a highly skilled and experienced Senior SIEM Engineer to lead and enhance our Security Information and Event Management (SIEM) capabilities. The ideal candidate will have deep expertise in Elastic and/or Splunk, strong Linux and scripting skills, and a solid understanding of Windows systems, firewalls, IPS, and EDR technologies. Experience in the financial sector, particularly banking, is highly desirable.

Job Responsibilities

  • Design, implement, and maintain SIEM solutions (Elastic/Splunk) across enterprise environments.
  • Develop and optimize detection rules, dashboards, and alerts for threat monitoring.
  • Integrate diverse log sources including Windows, Linux, firewalls, IPS, and EDRs.
  • Automate tasks using scripting languages (Bash, Python).
  • Collaborate with incident response and threat intelligence teams to improve detection and response capabilities.
  • Conduct regular health checks, performance tuning, and upgrades of SIEM infrastructure.
  • Support compliance and audit requirements through log retention and reporting.
  • Mentor junior engineers and contribute to capability development within the department.
  • Write and maintain technical documentation for SIEM configurations, processes, and playbooks.
    • Apply an automation-first mindset to streamline operations and reduce manual effort.
    • Demonstrate strong attention to detail in rule creation, log analysis, and incident handling.

Essential Qualifications - NQF Level

  • Diploma
  • Advanced Diplomas/National 1st Degrees

Preferred Qualification

  • Certifications such as GCIA, GCIH, Splunk Certified Architect, Elastic Certified Engineer, or similar.
  • Exposure to regulatory frameworks (e.g., SARB, POPIA, PCI-DSS)

Preferred Certifications

Relevant Information Security Certification 

Required Skills & Experience

  • 5+ years in cybersecurity operations or engineering roles.
  • Proven experience with Sentinel, Elastic Stack (ELK) and/or Splunk Enterprise Security.
  • Proficient in Linux administration and scripting (Bash, Python).
  • Familiarity with Windows event logging, firewalls, IPS/IDS, and EDR platforms.
  • Familiarity with different Cloud platforms.
  • Experience in log ingestion, parsing, and normalization.
  • Understanding of MITRE ATT&CK, threat detection frameworks, and incident response workflows is highly advantageous.
  • Excellent problem-solving and communication skills.
  • Experience with alert lifecycle management, data indexing, and case management is highly advantageous.

Technical / Professional Knowledge

  • Administrative procedures and systems
  • Data analysis
  • Governance, Risk and Controls
  • Principles of project management
  • Relevant regulatory knowledge
  • Relevant software and systems knowledge
  • Cluster Specific Operational Knowledge
  • System Development Life cycle(SDLC)
  • TCP/IP
  • Information Security terms and definitions
  • Relevant Operating System
  • Information Security policies and procedures
  • Vendor Management Principles

Behavioural Competencies

  • Applied Learning
  • Communication
  • Collaborating
  • Customer Focus
  • Initiating Action
  • Managing Work
  • Technical/Professional Knowledge and Skills

---------------------------------------------------------------------------------------

Please contact the Nedbank Recruiting Team at +27 860 555 566 

 

If you can't find the job you're looking for, activate job alerts to be one of the first to know when new positions open up.

Apply now »