Lead Security Analyst - Isando

The Lead Security Analyst (L4) is positioned between tactical SOC management and technical engineering leadership, ie, the bridge between detection, response, and enterprise threat resilience. The Lead Security Analyst (L4) is accountable for overseeing Zeda’s enterprise-wide threat detection and incident response capability.

This role provides operational leadership for the Security Operations Centre (SOC), ensuring 24×7 monitoring, investigation, and resolution of security incidents. The Lead Analyst designs detection strategies, optimises toolsets (SIEM, SOAR, EDR), manages major incident response, and ensures the SOC operates within defined KPIs and SLAs. The incumbent drives cross-functional response coordination, ensures continuous improvement in detection maturity, and contributes to enterprise cyber resilience through advanced automation, playbook orchestration, and analytics.

• Lead day-to-day operations of Zeda’s SOC, ensuring 24×7 threat monitoring and response
• Manage incident queues, escalation processes, and resource allocation across shifts
• Ensure consistent quality and accuracy of investigations and incident reports
• Establish KPIs/KRIs for SOC performance (MTTD, MTTR, alert-to-incident ratio)
• Coordinate across IT and business units during a major incident command.

• Design and maintain Zeda’s detection and response strategy aligned to the enterprise risk appetite
• Oversee tuning and optimisation of SIEM and EDR correlation rules
• Validate coverage against MITRE ATT&CK tactics and regulatory control requirements
• Develop advanced detection content, threat models, and analytics dashboards
• Continuously assess and enhance response processes through automation.

• Lead high-severity investigations, containment, eradication, and recovery actions
• Ensure incident playbooks are tested, documented, and continuously improved
• Coordinate digital forensics and evidence-collection activities when required
• Drive post-incident reviews and ensure corrective actions are implemented
• Maintain compliance with ISO 27001 incident management requirements.

• Oversee integration of SOC tools (SIEM, SOAR, EDR, threat-intel platforms)
• Evaluate and recommend new technologies to strengthen detection capability
• Implement automation scripts and SOAR playbooks to improve efficiency
• Maintain system health, performance, and data integrity across monitoring tools
• Manage relationships with SOC vendors and managed-service providers.

• Integrate internal and external threat intelligence into operational workflows
• Track emerging TTPs and adjust detection content accordingly
• Conduct regular threat-hunting and red/blue exercises
• Benchmark SOC maturity against global best practice (NIST CSF, MITRE D3
  
  FEND)
• Report improvement initiatives and roadmap progress to the Senior Manager: IT Security.

• Lead, mentor, and develop the SOC team across L1–L3 levels
• Conduct performance reviews and define individual development plans
• Facilitate certification pathways and simulation training
• Foster a culture of continuous learning and operational excellence
• Promote collaboration with Security Engineering, Risk & Compliance, and Architecture teams.

The role requires close engagement and collaboration with key internal and external stakeholders.

Senior Manager: IT Security;
Head:
Information Security, Infrastructure, Applications, Data and Integration teams, Risk and Compliance, Legal, and Internal Audit, Enterprise Architecture and PMO.

MSSPs, forensic partners, and technology vendors, External auditors and law enforcement (for notifiable breaches).

• NQF Level 6 Qualification in Information Technology, Computer Science, Cybersecurity, or related field
• Professional certification:
  CompTIA CySA+, EC-Council CEH, GIAC GCIH, or similar
• Strong knowledge of SOC operations, incident management, network security, and cyber defence…