Senior SIEM Engineer (Cybersecurity Analyst) at Nedbank

Job Purpose

• We are seeking a highly skilled and experienced Senior SIEM Engineer to lead and enhance our Security Information and Event Management (SIEM) capabilities. The ideal candidate will have deep expertise in Elastic and/or Splunk, strong Linux and scripting skills, and a solid understanding of Windows systems, firewalls, IPS, and EDR technologies. Experience in the financial sector, particularly banking, is highly desirable.

Job Responsibilities

• Design, implement, and maintain SIEM solutions (Elastic/Splunk) across enterprise environments.
• Develop and optimize detection rules, dashboards, and alerts for threat monitoring.
• Integrate diverse log sources including Windows, Linux, firewalls, IPS, and EDRs.
• Automate tasks using scripting languages (Bash, Python).
• Collaborate with incident response and threat intelligence teams to improve detection and response capabilities.
• Conduct regular health checks, performance tuning, and upgrades of SIEM infrastructure.
• Support compliance and audit requirements through log retention and reporting.
• Mentor junior engineers and contribute to capability development within the department.
• Write and maintain technical documentation for SIEM configurations, processes, and playbooks.
• Apply an automation-first mindset to streamline operations and reduce manual effort.
• Demonstrate strong attention to detail in rule creation, log analysis, and incident handling.

Essential Qualifications - NQF Level

• Diploma
• Advanced Diplomas/National 1st Degrees

Preferred Qualification

• Certifications such as GCIA, GCIH, Splunk Certified Architect, Elastic Certified Engineer, or similar.
• Exposure to regulatory frameworks (e.g., SARB, POPIA, PCI-DSS)

Preferred Certifications

• Relevant Information Security Certification 

Required Skills & Experience

• 5+ years in cybersecurity operations or engineering roles.
• Proven experience with Sentinel, Elastic Stack (ELK) and/or Splunk Enterprise Security.
• Proficient in Linux administration and scripting (Bash, Python).
• Familiarity with Windows event logging, firewalls, IPS/IDS, and EDR platforms.
• Familiarity with different Cloud platforms.
• Experience in log ingestion, parsing, and normalization.
• Understanding of MITRE ATT&CK, threat detection frameworks, and incident response workflows is highly advantageous.
• Excellent problem-solving and communication skills.
• Experience with alert lifecycle management, data indexing, and case management is highly advantageous.

Technical / Professional Knowledge

• Administrative procedures and systems
• Data analysis
• Governance, Risk and Controls
• Principles of project management
• Relevant regulatory knowledge
• Relevant software and systems knowledge
• Cluster Specific Operational Knowledge
• System Development Life cycle(SDLC)
• TCP/IP
• Information Security terms and definitions
• Relevant Operating System
• Information Security policies and procedures
• Vendor Management Principles

Behavioural Competencies

• Applied Learning
• Communication
• Collaborating
• Customer Focus
• Initiating Action
• Managing Work
• Technical/Professional Knowledge and Skills