SOC Lead – Cybersecurity Operations

About the role

Our client in Isando is looking for an experienced SOC Lead to drive 24x7 security operations. You will lead a team of analysts and incident responders, ensuring rapid detection, investigation, and remediation of cyber threats across the organisation.

Key responsibilities

• Oversee day‑to‑day SOC activities, managing incident queues, escalations and shift resources.
• Define and monitor KPIs such as MTTD, MTTR and alert‑to‑incident ratios.
• Design, tune and optimise detection rules for SIEM, SOAR and XDR platforms.
• Lead high‑severity investigations, containment, eradication and post‑incident reviews.
• Coordinate digital forensics, evidence collection and compliance with ISO 27001 incident management.
• Maintain relationships with SOC vendors and evaluate new security technologies.

Required profile

• Matric plus NQF Level 6 qualification in IT, Computer Science, Cybersecurity or related field.
• 7–10 years of experience in cybersecurity operations, including at least 3 years leading SOC or Incident Response teams.
• Professional certifications such as CompTIA CySA+, EC‑Council CEH or GIAC GCIH.
• Valid driver’s licence.

Required skills

• Hands‑on experience configuring and managing SIEM, SOAR and XDR platforms.
• Proficiency in scripting, automation and analytics for SOC efficiency.
• Strong knowledge of MITRE ATT&CK, NIST SP 800‑61 and the Cyber Kill Chain.
• Experience producing executive incident reports and risk‑posture dashboards.

What we offer

• Leadership role within a dynamic security operations environment.
• Opportunity to shape detection and response strategy aligned with enterprise risk appetite.
• Access to cutting‑edge security technologies and continuous professional development.