Senior SIEM Engineer (Cybersecurity Analyst) at Nedbank

Company:

Nedbank

Nedbank

Industry: Banking / Financial Services

Deadline: Not specified

Job Type: Full Time

Experience: 5 years

Location: Gauteng

Province: Johannesburg

Field: ICT / Computer

Job Purpose

  • We are seeking a highly skilled and experienced Senior SIEM Engineer to lead and enhance our Security Information and Event Management (SIEM) capabilities. The ideal candidate will have deep expertise in Elastic and/or Splunk, strong Linux and scripting skills, and a solid understanding of Windows systems, firewalls, IPS, and EDR technologies. Experience in the financial sector, particularly banking, is highly desirable.

Job Responsibilities

  • Design, implement, and maintain SIEM solutions (Elastic/Splunk) across enterprise environments.
  • Develop and optimize detection rules, dashboards, and alerts for threat monitoring.
  • Integrate diverse log sources including Windows, Linux, firewalls, IPS, and EDRs.
  • Automate tasks using scripting languages (Bash, Python).
  • Collaborate with incident response and threat intelligence teams to improve detection and response capabilities.
  • Conduct regular health checks, performance tuning, and upgrades of SIEM infrastructure.
  • Support compliance and audit requirements through log retention and reporting.
  • Mentor junior engineers and contribute to capability development within the department.
  • Write and maintain technical documentation for SIEM configurations, processes, and playbooks.
  • Apply an automation-first mindset to streamline operations and reduce manual effort.
  • Demonstrate strong attention to detail in rule creation, log analysis, and incident handling.

Essential Qualifications – NQF Level

  • Diploma
  • Advanced Diplomas/National 1st Degrees

Preferred Qualification

  • Certifications such as GCIA, GCIH, Splunk Certified Architect, Elastic Certified Engineer, or similar.
  • Exposure to regulatory frameworks (e.g., SARB, POPIA, PCI-DSS)

Preferred Certifications

  • Relevant Information Security Certification 

Required Skills & Experience

  • 5+ years in cybersecurity operations or engineering roles.
  • Proven experience with Sentinel, Elastic Stack (ELK) and/or Splunk Enterprise Security.
  • Proficient in Linux administration and scripting (Bash, Python).
  • Familiarity with Windows event logging, firewalls, IPS/IDS, and EDR platforms.
  • Familiarity with different Cloud platforms.
  • Experience in log ingestion, parsing, and normalization.
  • Understanding of MITRE ATT&CK, threat detection frameworks, and incident response workflows is highly advantageous.
  • Excellent problem-solving and communication skills.
  • Experience with alert lifecycle management, data indexing, and case management is highly advantageous.

Technical / Professional Knowledge

  • Administrative procedures and systems
  • Data analysis
  • Governance, Risk and Controls
  • Principles of project management
  • Relevant regulatory knowledge
  • Relevant software and systems knowledge
  • Cluster Specific Operational Knowledge
  • System Development Life cycle(SDLC)
  • TCP/IP
  • Information Security terms and definitions
  • Relevant Operating System
  • Information Security policies and procedures
  • Vendor Management Principles

Behavioural Competencies

  • Applied Learning
  • Communication
  • Collaborating
  • Customer Focus
  • Initiating Action
  • Managing Work
  • Technical/Professional Knowledge and Skills



Share this job:

IDM Data Analyst at Nedbank

Recoveries Officer at Nedbank