Level 1 Cyber Security Analyst (JHB)

Whether we realize it or not, every business today is a target in a global cyber conflict, one that unfolds in networks, endpoints, and inboxes rather than traditional battlefields. As a Level 1 Cybersecurity Analyst, you are a cyber sentry on the front lines, charged with identifying, analysing, and responding to digital threats targeting both client and internal environments.

You will monitor a suite of cybersecurity tools, investigate suspicious activity, respond to phishing attempts, and help ensure a rapid and effective first line of defence against cyber threats. Your mission is to detect anomalies, isolate malicious activity, and escalate incidents when needed, ultimately reducing risk and enhancing security posture across the board.

Cybersecurity threats are becoming more sophisticated, frequent, and damaging. In this high-stakes digital landscape, the role of a Level 1 Cybersecurity Analyst is essential for early detection and rapid response. You are the first line of defense, your ability to investigate alerts and recognize potential compromise determines how quickly and effectively threats are contained. Without this frontline vigilance, client environments and internal assets face increased exposure to operational disruptions, data breaches, and reputational damage.

Security Monitoring and Threat Detection

• Monitor logs and alerts from SIEM systems to detect anomalous behavior and security threats across client and internal networks.
• Identify deviations in baseline user behavior (e.g., odd login times, unusual access patterns, unauthorized file access or exfiltration).
• Regularly assess logs from firewalls, VPNs, DNS traffic, and endpoint activity for indicators of compromise (IOCs).
• Monitor and analyze traffic patterns across systems to detect early signs of intrusions, malware infections, or lateral movement.

Incident Detection, Response, and Containment

• Respond promptly to security alerts generated from various tools (SIEM, EDR, email protection platforms) and triage based on severity and risk.
• Validate, investigate, and classify incidents (false positive vs true positive) using available threat intel and internal SOPs.
• Perform initial containment steps (e.g., isolating infected machines, disabling user accounts, blocking malicious IPs).
• Document each phase of the incident lifecycle in the ticketing system for accurate post-incident analysis and compliance reporting.
• Support higher-tier analysts in complex incident resolution through collection of relevant artifacts (logs, screenshots, memory dumps).

Phishing Investigation and Email Threat Handling

• Investigate reported phishing emails, analyze headers, links, and attachments for indicators of malicious intent.
• Coordinate with users to validate the authenticity of suspicious communications and educate them on identifying potential phishing attempts.
• Leverage tools for phishing detection, user simulation campaigns, and automated response mechanisms.
• Document findings and collaborate with internal teams to implement preventive controls (e.g., improved filtering rules, SPF/DKIM updates).

Endpoint Detection and Response (EDR) Operations

• Monitor and manage endpoint alerts assessing threat severity and identifying malicious processes or unauthorized changes.
• Conduct root cause analysis of endpoint incidents (e.g., malware infections, unauthorized software installation).
• Take action to isolate affected systems, remove malicious payloads, and restore secure configurations.
• Verify compliance of endpoints with security policies and flag deviations for remediation.

Log Analysis and Correlation

• Collect and analyze security event logs from SIEM to detect vulnerabilities, misconfigurations, and attack patterns.
• Correlate data from multiple sources (e.g., SIEM, EDR, firewall logs, application logs) to piece together potential attack chains.
• Maintain logs with appropriate timestamping, tagging, and labeling to aid in future investigations and compliance audits.
• Generate regular summaries or reports highlighting key findings, ongoing threats, and systemic weaknesses.

Security Ticket and Case Management

• Track all incoming security-related tickets, alerts, and requests through the internal ticketing platform.
• Assign priority levels based on threat type, business impact, and exposure.
• Ensure timely updates and clear communication within tickets, including details of investigation steps, resolution status, and escalation notes.
• Follow up on open issues and drive them to closure in coordination with IT support and client stakeholders.

Escalation and Collaboration

• Identify events that exceed Level 1 scope and escalate to Level 2 or specialist teams with all relevant context and evidence.
• Participate in handovers and collaborative sessions to ensure seamless case management and knowledge transfer.
• Contribute to a shared knowledge base by documenting repeatable incident response procedures and playbooks.
• Collaborate with engineers, IT admins, and client contacts to validate observations and execute coordinated responses.

Threat Intelligence and Process Improvement

• Stay informed about emerging threats, vulnerabilities, and attacker tactics through threat feeds and advisories.
• Contribute to internal threat hunting efforts and suggest hypothesis-driven searches within the SIEM.
• Recommend improvements to detection rules, alert tuning, or workflows based on lessons learned during investigations.
• Assist in testing and refining response playbooks to ensure agility and accuracy in future incidents.

Security Awareness and Client Education

• Participate in the planning and execution of phishing simulations for client environments.
• Communicate clearly and confidently with non-technical stakeholders to explain the findings and next steps.
• Help build client understanding of security best practices, including endpoint hygiene, access control, and secure communication.
• Assist with drafting client-facing communiques for high-visibility incidents or recurring threats.

• CIA triad, threat actors, common attack vectors, and defense strategies.
• Experience reviewing logs and alerts in a platform like Splunk.
• Understanding of EDR concepts and tools.
• Familiarity with common phishing techniques and investigation workflows.
• Detect, contain, eradicate, recover, and post-incident analysis.
• TCP/IP, DNS, VPN, HTTP/S.
• Windows (mainly), with exposure to Linux and Mac being advantageous.
• GDPR and endpoint security best practices.

• Ability to explain complex issues in layperson terms to clients.
• Break down incidents into who, what, when, where, why, and how.
• Comfortable learning new tools and processes in dynamic environments.
• Think critically and creatively to investigate and resolve incidents.
• Clear and professional report writing and client interaction.
• Comfortable navigating and correlating information across multiple platforms.

• 1–2 years of experience in general IT support or endpoint management.
• 1–3 years working in a Security Operations Center (SOC) or cybersecurity-focused role.
• Hands-on familiarity with ticketing systems, log analysis, and endpoint security.

• Analyzing alerts thoroughly to determine root causes and potential impacts.
• Skill in correlating data across multiple sources to build a coherent incident narrative.
• Stay current on threat intelligence and evolving attack techniques.

• Efficient in collecting, tagging, and reviewing security evidence.
• Distinguish noise from actual threat signals.
• Remains of active security incidents.
• Always operate with integrity and professionalism.
• Ask questions, seek improvement, and stay proactive in learning.

Required (or equivalent experience):

• CompTIA Security+
• CompTIA Network+
• Microsoft AZ-900 or SC-900
• 
  

Advantageous:

• CompTIA CySA+
• CASP+ or equivalent advanced certifications

At Numata, we’re not just a global IT services company, we are the #1 Business Technology Strategists for SMEs, and a people-first business that believes in the power of growth, support, and shared success. Our mission is to create a dynamic, empowering workplace where innovation meets integrity, and where every individual can thrive personally and professionally.

We believe your growth is our growth. That’s why we fund training and development programs, helping you gain certifications and build new skills without the financial burden. With career pathways and opportunities to promote from within, your potential at Numata knows no limits. As part of a globally recognized and rapidly scaling business, you’ll gain exposure to cutting-edge experiences. This isn’t just a job; it’s your gateway to a world of opportunity.

We equip our team with world-class tools and infrastructure, whether you're working remotely or from our offices. With premium IT support and the latest tech, we make it easy for you to do your best work, every day. Our offices are more than just places to work; they’re environments designed to energize and inspire. Enjoy fresh fruit, premium coffee, popcorn, vending machine, secure parking, and a space built around people’s needs and comfort. It’s truly a home away from home!

At Numata, integrity, honesty, respect, and trust are more than just words, they’re values we live by. We foster a collaborative, team-first environment with open-door leadership and real opportunities to connect, including regular initiatives like Lunch with the CEO. Got ideas? We’re listening. Innovation is everyone’s responsibility here. You’ll be empowered to share your voice, drive change, and shape the future of our business, no matter your role.

We care for our people beyond the workplace. Enjoy comprehensive benefits including fair compensation structures, medical insurance, disability cover, annual bonuses, and access to a dedicated counselling psychologist through our Employee Assistance Programme. From a healthy social calendar, monthly team meetings, celebrations of birthdays and milestones to leadership coaching and recognition programs, we make it a priority to celebrate achievements, big and small.

We’re growing the next generation of leaders. With access to mentorship, leadership development programs, and executive coaching, we help you step confidently into every stage of your professional journey.

Why Join, and Stay, with Numata?

Because at Numata, you’re not just doing a job. You’re building a career, doing whatever it takes, making an impact, and becoming part of a supportive, ambitious community that grows together.

Numata is where your potential meets purpose. Let’s grow together!

Visit our website for more information about us:

Business Technology Strategists for SMEs | Numata

We’re excited to meet passionate individuals who are ready to make a real impact and grow with us. If this sounds like the opportunity you’ve been looking for, we’d love to hear from you! Apply today and let’s start the conversation!