SOC Engineer

SOC Engineer, South Africa (Hybrid)  
 

WHO WE ARE 

S-RM is a global intelligence and cyber security consultancy.  Since 2005, we’ve helped some of the most demanding clients in the world solve some of their toughest information security challenges.   

 

We’ve been able to do this because of our outstanding people.  We’re committed to developing sharp, curious, driven individuals who want to think critically, solve complex problems, and achieve success.   

 

But we also know that work isn’t everything. It’s about the lives and careers it helps us build.  We’re immensely proud of this culture and we invest in our people’s wellbeing, learning, and ideas every day. 

 

We’re excited you’re thinking about joining us. 

WORKING IN CYBER AT S-RM 

Our Cyber Security division is the fastest-growing part of S-RM. The cyber sector is always evolving, and our Advisory, Managed Services, and Incident Response practices are in more demand than ever.  

 

We’re building a team to meet this challenge.  We’re quick to respond, innovate, and improve.  We don’t get too hung up on hierarchy or bureaucracy.  If your ideas are good enough, we’ll empower you to implement them.  If you’re the best person to talk to a customer, you’ll get that opportunity, regardless of the title in your email signature. And when you need a hand, your team will always have your back. 

 

We also don’t believe there’s a typical cyber security professional.  We’ve built a team of intelligence analysts, technical specialists, software developers, investigators, risk managers, and more.  You’ll always find a range of perspectives and expertise to help you learn and grow.  

 

If that sounds like your kind of team, we’d like to hear from you. 

 

 

 

 

THE ROLE 

As SOC Engineer, you will drive the technical onboarding of MSSP customers and ensure comprehensive security monitoring coverage through log ingestion and detection engineering. The ideal candidate will have strong expertise in SIEM administration, log source integration, and detection rule development. Additionally, having experience with customer-facing technical roles, data parsing and normalization, and threat detection frameworks such as MITRE ATT&CK, will get you ahead. 

Key Responsibilities 

• Customer Onboarding & Integration: You will lead the technical onboarding of new MSSP customers, including scoping log sources, deploying collection infrastructure and validating end-to-end data flow. This includes managing onboarding timelines, coordinating with customer IT teams, and ensuring a smooth transition into active monitoring. 

• Log Ingestion & Data Engineering: You will implement log ingestion pipelines, including parsing, normalization, and enrichment of diverse log sources. This includes troubleshooting ingestion failures, managing data quality, and optimizing volume and retention across a multi-tenant architecture. 

• Detection Engineering: You will develop, tune, and maintain detection logic aligned to customer environments and threat landscapes. This includes reducing false positive rates and improving detection fidelity based on analyst feedback and emerging threats. 

• Documentation & Standardization: You will create and maintain runbooks, integration guides, and onboarding playbooks to ensure consistent, repeatable delivery across customer engagements. You will define and refine standards for log source coverage, parsing schemas, and detection rule lifecycle management. 

• Collaboration & Support: You will work closely with SOC analysts, platform engineers, threat intelligence teams, and client success managers to understand customer requirements and deliver monitoring solutions that maximize detection coverage. You will provide technical support and troubleshooting for ingestion and detection-related issues. 

• Contributing to Internal Technical Development Initiatives: When the schedule allows, you will have opportunities to participate in and contribute to internal technical development initiatives. 

WHAT WE’RE LOOKING FOR 

Candidates with the following qualifications and experience are likely to succeed in our Managed Services practice at S-RM.   

 

That said, if you don’t think you meet all of the criteria below but still are interested in the job, please apply. Nobody checks every box—we’re looking for candidates that are particularly strong in a few areas and have some interest and capabilities in others. 

 

We nurture a culture of equality, diversity and inclusion and we are dedicated to developing a workforce that displays a variety of talents, experiences and perspectives. 

 

We’re looking for: 

• Qualifications 

• Education: A Bachelor's or Master's degree in a relevant subject (e.g., computer science, software engineering, systems administration, or cybersecurity), or equivalent practical experience. Relevant industry certifications are advantageous, as is demonstrable knowledge such as contributions to open source software or personal projects. 

• Experience: 3+ years of experience in security engineering, detection engineering, data engineering, or a similar technical role, preferably within an MSSP or managed security operations environment. 

• Professional Expertise 

• Strong problem-solving skills with the ability to troubleshoot complex, multi-system issues 

• Strong communication skills, particularly in customer-facing and cross-team contexts 

• Self-directed with the ability to prioritize tasks and manage workload efficiently across multiple concurrent onboarding engagements 

• Technical Expertise 

• Strong experience with security tooling such as EDR, SIEM, and SOAR products 

• Strong experience with log management and data pipeline architectures, including familiarity with common log source formats (firewall, endpoint, cloud, identity) 

• Strong experience writing detection content using query languages such as KQL, SPL, or SQL 

• Familiarity with the MITRE ATT&CK framework and its application to detection coverage mapping 

• Experience with customer onboarding or technical integration delivery 

• Preferred Expertise 

• Experience with CI/CD pipelines and Infrastructure as Code (GitHub Actions, Terraform, Ansible, etc.) 

• Proficiency in programming and scripting languages such as Python, Go, PowerShell, and/or Bash 

• Experience with detection-as-code workflows and version-controlled rule management 

 

The successful candidate must have permission to work in South Africa by the start of their employment. 

 

 

OUR BENEFITS 

  

We offer thoughtful, balanced rewards and support to help our people do their best work and live their lives outside it, this includes but is not exhaustive of:  

• Holiday – 23 days per year increasing to 28 days (+1 day for every year you worked at S-RM, up  
  to a maximum of 5 days) in addition to bank holidays 

• Gap Cover policy – allowing you to bridge the gap between your medical bills and your medical  
  aid cover. 

• Hybrid working and flexible working hours;  

• Private pension – up to 7% contribution matched by the company 

• Life Insurance 4X annual salary.  

Parental Support:  

• Fertility treatment leave – 5 days of leave per cycle of treatment per year;  

• Maternity leave – 26 weeks of full pay followed by 13 weeks of half pay;  

• Paternity leave – 6 weeks of full pay.  

Various Health and Medical Benefits including:  

• Medical aid with Discovery Health for employee, partner, and children up to the cost of the Classic 
  Saver plan (taxable benefit) for you and your family;  

• EAP programme for you and your immediate family;  

• Free access to the world-famous mindfulness app Headspace.  

  

To apply for this role, please submit an up-to-date CV through this link:  Job Application for SOC Engineer at S-RM