Join Sabio Group as a Security Operations Centre Analyst and be the frontline defender against cyber threats. You'll monitor, investigate, and respond to security incidents while collaborating with engineering teams to enhance our security posture.
Dynamic and tech-forward, with a strong emphasis on security and innovation.
### **Description** At Sabio Group, we build and operate AI\-powered customer experience platforms for some of the world’s most demanding enterprise brands. Our environment spans our own internal corporate estate, the SaaS products we build, and the live production solutions we run on behalf of customers — across multiple clouds, identity domains and AI services. Keeping that surface safe is a 24/7 discipline, and we’re investing in the people and automation to do it well. We’re hiring a **Security Operations Centre (SOC) Analyst** to join our Information Security \& Cyber Security team in South Africa. You’ll be the defensive heartbeat of our operation — triaging alerts, hunting for threats, running incidents to ground, and partnering with platform and engineering teams to make sure the same issue doesn’t bite us twice. You’ll work across both our internal platforms and the customer environments we operate, with visibility across cloud, identity, endpoint, application and AI workloads. This is a hands\-on role for someone who is genuinely curious about how attackers operate, comfortable writing code and scripts to amplify their own impact, and excited about using AI as a force multiplier — not just another tool in the stack. We don’t need you to be a contact centre expert; we do need you to be a strong defender who can learn our environments quickly and automate relentlessly.### **Key Responsibilities** **Reactive Event Handling \& Incident Response*** Monitor, triage and investigate security alerts across our internal estate and customer\-operated solutions — covering cloud, identity, endpoint, network, application and AI workloads. * Drive incidents end\-to\-end: scoping, containment, eradication, recovery and post\-incident review, working to clearly defined SLAs and rules of engagement. * Produce high\-quality incident write\-ups and lessons\-learned for both technical and executive audiences, and feed findings back into detections, runbooks and engineering backlogs. * Act as an escalation point for first\-line alerts and partner with on\-call engineering when an incident crosses into platform reliability or customer impact. **Proactive Threat Hunting*** Develop and execute hypothesis\-driven threat hunts across cloud telemetry, identity signals, endpoint data and application logs — looking for what alerts won’t catch. * Map adversary behaviour to frameworks such as MITRE ATT\&CK, and turn confirmed findings into durable detections, dashboards and automated playbooks. * Track emerging threats, CVEs and threat\-actor TTPs relevant to our stack and customer base, and translate them into concrete hunts and detections. * Partner with our Red Team and AI Ethics functions on purple\-team exercises to validate and improve coverage. **Detection Engineering \& Automation*** Treat automation as a core part of the role — use code, scripts and AI to remove repetitive toil and free up time for the work only humans should do. * Build, tune and maintain...
You'll be taken to the original listing on za.indeed.com to apply.