CSOC Lead Analyst (Level 2) | IT Recruitment

  • Full Time
  • Midrand

Main purpose of the role:

To lead the team in the daily operation of our Real-time Threat Management activities. This includes operational security tasks such as performance and availability, monitoring, log monitoring, security incident detection and response, security event reporting, and content maintenance (tuning).

To mentor and coach team to ensure service is effectively delivered and at the required level of services.


Job level:

  • Level 2


Level of leadership:

  • Level 2


Reports to [role]:

  • CSOC Manager


Required minimum education and work experience:

  • Matric / University Degree in Information Security and/ or a minimum of 5 years related practical SOC experience.
  • Industry Certifications: CISSP, CISM, CISA, CEH, CHFI (desired)
  • Prior experience working in a SOC/CSIRT for at least 5years
  • Product Certifications in SIEM, Security Analytics, AV, Log Management
  • Strong knowledge of security standards including ISO27001, ASD, PCI DSS
  • Proven skills in improving SIEM alerting rules
  • Must have the ability to understand large, complex systems and be able to focus on specific details or subsystems, their vulnerabilities, and linkages
  • Extensive experience dealing with malware, attack vectors and the ability to perform pattern analysis
  • Requires basic knowledge of hardware / software architecture and domains in IT operations with a focus on governance, risk, and compliance.


Internal contacts:

  • Head of Cyber Security Operations Centre CSOC.
  • CSIRT team.
  • Other functional peers.
  • Account manager.
  • Service delivery manager.
  • Technical delivery manager.


External contacts

  • Vendor


Key performance areas

  • Delivery of quality security monitoring service.
  • Reporting and documentation.
  • Mentoring and coaching.
  • Personal development.
  • Deliver according to Statement of Work.


Technical knowledge / competencies

  • Be familiar will current SOC operational methodologies
  • Knowledge of NIST 800 – (any SP in the 800 range)
  • Knowledge of firewalls, IDS, IPS, VLANS, AD, LDAP, routers, and switches
  • Knowledge of SIEM technologies
  • Knowledge of root cause analysis and escalation procedures
  • Knowledge of CVE, Google Hacking, and threat intelligence
  • Knowledge of MITRE Att&ck Framework
  • Knowledge of ISO 27001
  • Reporting skills, being able to articulate technical reports into business language in order to provide situational awareness and specialist advisory.
  • OSCP
  • SANS Cyber Threat Intelligence
  • Project and process management


Behavioral competencies

  • Leadership and climate setting
  • Team player and Team building (creation of a cohesive division)
  • Must be capable of setting goals and priorities for others and prioritization for self
  • Adopting and accepting the organization’s professional standards
  • Awareness and consistency in own self-awareness and basic managerial style
  • Structured thinking
  • Teachability – (having a positive attitude and a willingness to learn)
  • Individual thinking within the current role
  • Collaboration – willingness and ability to collaborate with other Team Leaders / Supervisors
  • Action oriented – production of desired outcomes within the required timeframes
  • Work pro-actively – both independently and with peers
  • Assertive and confident.
  • Ability to handle conflict.
  • Ability to plan and organize work tasks.
  • Strong sense of accountability and responsibility


Delivery of quality security monitoring service


  • Makes customers and their needs a primary focus of one’s actions and attention, while developing / maintaining productive customer relationships.
  • Seeks to understand customer environment to ensure realistic and effective recommendations and/or solutions.
  • Seeks to understand customer circumstances, problems, expectations and needs, while resolving problems quickly.
  • Responsible for ensuring divisional policies, procedures and standards are documented, approved, communicated, and adhered to.
  • Act as an advisor to internal and external customers regarding CSOC related matters.


  • Meeting customer expectations / deliverables in line with SOW.
  • Number of complaints / compliments from customers.

Reporting and Documentation


  • Manage and report on the team’s performance, including mentoring and coaching
  • Develop and deliver timely reports to management
  • Log and report all customer interactions
  • Drive the effective service delivery at the required level of services
  • Actively support technology and product adoption within the department to ensure it is best of breed (discerning), in order to provide quality services at scale
  • Implement automation of processes and technology management wherever possible to eliminate human error and effort, and to facilitate faster incident alerting and response times.



  • Level of cooperative reliability in working with other functional Peers
  • Quality of products and services that are taken to the market and effectiveness of supporting technologies used within the CSOC
  • Minimal incidents/problems due to human error, reduced effort to provide services, enhanced incident response times.


Mentoring and coaching


  • Support and coach staff and deal with peer queries
  • Direct work-related tasks, manage and communicate expectations
  • Ensure adherence to company related processes and policies
  • Mentor individuals in order to manage expectations and performance
  • Assess changing situations and effectively manage changes and communicate accordingly to staff
  • Ensure the development of CSOC team, supporting capability-building within the team
  • Coach and mentor to align teams with overall business objectives


  • Accurately communicate expectations that are outcome focused, as measured by the quality of the job description
  • Evidence of training and personal development plans
  • Feedback from employees, evidence of helping employee grow and develop
  • Level of general awareness within the CSOC environment as to organisational changes and prevailing circumstances.

Personal development


  • Obtain relevant Vendor Certifications aligned to immediate/assigned job requirements and Personal Development Plan (PDP).


  • Certifications are current.
  • Training and upskilling take place as indicated in PDP.

Deliver according to Statement of Work


To investigate and coordinate timely and appropriate the company response to security incidents as well as provide investigation and coordination services to intelligence, investigative and support functions with regards to security.

Job objectives:

  • To investigate incident reports and alerts referred from the triage officers.
  • To continuously assess the response strategy of ongoing incidents, coordinate the execution of such strategy with operational areas and initiate the SIRT (Security Incident Response team) process.
  • To provide ongoing status updates to Triage officers, the Security Incident Response Team, the business continuity incident management team as well as other stakeholders.
  • To capture detailed incident information into incident management system to enable post incident analysis.
  • To ensure that the root cause issues of incidents have been addressed or have been handed over to the appropriate security governance team member.
  • To provide recommendations on response process improvements to the security monitoring team and applicable operational areas.
  • To support investigative functions with the provision or sourcing of needed technical security information and refer detailed computer based forensic analysis to the team lead or investigation coordinator to manage.
  • To engage with stakeholders across the company at different levels of seniority, displaying the ability to solicit information as well as convey and explain information fluently.
  • To take responsibility to ensure industry practices and changes are maintained and incorporated in own functional area.
  • To organize self to ensure work allocated is completed within set time and defined standards.

Administrative tasks:

  • To manage the Triage team in terms of daily functions, operations, administration.
  • To provide leadership and direction for the Triage officers.
  • Check all leave rosters, shift rosters, Tripper Accounts for correctness before submission to Services Delivery Manager.
  • Ensure that there is always a Triage officer on site for shift work.
  • Escalate any concerns to Services Delivery Manager as soon as possible to address, in order to provide consistent excellent customer service.



  • Half yearly feedback from customer.
  • Number of complaints / compliments from customer.
  • Half yearly feedback from peers, product leads, project managers based on delivery.
Upload your CV/resume or any other relevant file. Max. file size: 20 MB.