Qualifications and Experience: Matric plus NQF Level 6 Qualification in Information Technology, Computer Science, Cybersecurity, or related field Professional certification: CompTIA CySA+, ECCouncil CEH, GIAC GCIH , or similar Strong knowledge of SOC operations, incident management, network security, and cyber defence principles Valid Drivers License. 710 Years in cybersecurity operations, including at least 3 years leading SOC or IR teams Proven experience managing complex, multi-stage cyber incidents and investigations Hands-on experience configuring and operating SIEM, SOAR, and XDR platforms Demonstrated ability to lead cross-functional incident response (Apps, Infra, Data) Proficiency in scripting, automation, and analytics for SOC efficiency Experience producing executive reports on incidents, trends, and risk posture Working knowledge of threat frameworks: MITRE ATT&CK, NIST SP 800-61, Cyber Kill Chain. Key Deliverables: SOC Leadership and Operational Oversight Lead day-to-day operations of the companys SOC, ensuring 24×7 threat monitoring and response Manage incident queues, escalation processes, and resource allocation across shifts Ensure consistent quality and accuracy of investigations and incident reports Establish KPIs/KRIs for SOC performance (MTTD, MTTR, alert-to-incident ratio) Coordinate across IT and business units during a major incident command. Threat Detection and Response Strategy Design and maintain the companys detection and response strategy aligned to the enterprise risk appetite Oversee tuning and optimisation of SIEM and EDR correlation rules Validate coverage against MITRE ATT&CK tactics and regulatory control requirements Develop advanced detection content, threat models, and analytics dashboards Continuously assess and enhance response processes through automation. Incident Management and Forensics Lead high-severity investigations, containment, eradication, and recovery actions Ensure incident playbooks are tested, documented, and continuously improvement Coordinate digital forensics and evidence-collection activities when required Drive post-incident reviews and ensure corrective actions are implemented Maintain compliance with ISO 27001 incident management requirements. SOC Technology Management and Automation Oversee integration of SOC tools (SIEM, SOAR, EDR, threat-intel platforms) Evaluate and recommend new technologies to strengthen detection capability Implement automation scripts and SOAR playbooks to improve efficiency Maintain system health, performance, and data integrity across monitoring tools Manage relationships with SOC vendors and managed-service providers. Threat Intelligence and Continuous Improvement Integrate internal and external threat intelligence into operational workflows Track emerging TTPs and adjust detection content accordingly Conduct regular threat-hunting and red/blue exercises Benchmark SOC maturity against global best practice (NIST CSF, MITRE D3FEND) Report improvement initiatives and roadmap progress to the Senior Manager: IT Security. People Leadership and Capability Building Lead, mentor, and develop the SOC team across L1L3 levels Conduct performance reviews and define individual development plans Facilitate certification pathways and simulation training Foster a culture of continuous learning and operational excellence Promote collaboration with Security Engineering, Risk & Compliance, and Architecture teams.