• Job Description

  Req#: R-15975584

  Empowering Africa’s tomorrow, together…one story at a time.

  With over 100 years of rich history and strongly positioned as a local bank with regional and international expertise, a career with our family offers the opportunity to be part of this exciting growth journey, to reset our future and shape our destiny as a proudly African group.

  Job Summary

  To provide specialist advice & support in the development & implementation of IT security service delivery processes, methods and techniques enabling secure management & control of IT access, in alignment with governance requirements.

  Job Description

  Job Description:

  SIEM Engineering & Maintenance

  • Assist in configuring, deploying, and maintaining the SIEM platform (e.g., Splunk, Sentinel, Elastic, etc.).
  • Onboard and normalize new log sources (cloud, endpoint, network, application).
  • Tune data ingestion pipelines for performance, cost, and data quality.

  Detection Engineering

  • Assist in developing and tuning correlation rules, detection logic, and alerts.
  • Contribute to building and maintaining detection-as-code pipelines.
  • Test, validate, and document detections using simulated threats or lab environments.

  Security Automation & Scripting

  • Build scripts or workflows to automate common SOC and engineering tasks (Python, Bash, PowerShell, etc.).
  • Work with SOAR platforms or CI/CD pipelines to implement response automation and infrastructure as code.

  Operational Support

  • Support incident response by providing log analysis and developing temporary queries.
  • Work with internal teams to resolve data quality or telemetry issues.

  Documentation & Collaboration

  • Maintain clear documentation of detection logic, log source onboarding, and automation scripts.
  • Collaborate with IT, DevOps, and application teams to align on telemetry and monitoring requirements.

  Experience & Qualifications Required:

  • 1–3 years of experience (or equivalent internship/work-study) in cybersecurity, scripting, or systems engineering.
  • Familiarity with SIEM platforms (e.g., Splunk, Sentinel, QRadar, Elastic).
  • Basic knowledge of log formats (JSON, Syslog, Windows Event Logs, etc.).
  • Hands-on experience with at least one scripting language (Python preferred).
  • Understanding of common attack techniques and frameworks (MITRE ATT&CK).
  • Comfortable working in Linux and/or Windows environments.

  Preferred Experience

  • Exposure to detection-as-code frameworks or version control (e.g., Git).
  • Experience with SOAR platforms (e.g., Cortex XSOAR, Tines, or custom automation).
  • Familiarity with cloud environments (AWS, Azure, or GCP) and cloud-native telemetry.
  • Security certifications such as Security+, GSEC, or Blue Team Level 1 (BTL1).

  Soft Skills:

  • Strong analytical and problem-solving abilities.
  • Eagerness to learn and adapt in a fast-paced environment.
  • Good written and verbal communication skills.
  • Collaborative mindset with a proactive attitude.

  Education

  Higher Diplomas: Physical, Mathematical, Computer and Life Sciences (Required)

  Absa Bank Limited is an equal opportunity, affirmative action employer. In compliance with the Employment Equity Act 55 of 1998, preference will be given to suitable candidates from designated groups whose appointments will contribute towards achievement of equitable demographic representation of our workforce profile and add to the diversity of the Bank.

  Absa Bank Limited reserves the right not to make an appointment to the post as advertised

• About the company

  Absa Group Limited, and originally Amalgamated Banks of South Africa, is a South African-based financial services group, offering personal and business banking, credit cards, corporate and investment banking, wealth and investment management, as well a...

Notice