Job Description

Job Classification

Job req - 142582

Closing date - 24 October 2025
Job Family
Information Technology
Career Stream

IT Risk

Leadership Pipeline
Manage Self: Technical
FAIS Affected

Job Purpose

We are seeking a highly skilled and experienced Senior SIEM Engineer to lead and enhance our Security Information and Event Management (SIEM) capabilities. The ideal candidate will have deep expertise in Elastic and/or Splunk, strong Linux and scripting skills, and a solid understanding of Windows systems, firewalls, IPS, and EDR technologies. Experience in the financial sector, particularly banking, is highly desirable.

Job Responsibilities

Design, implement, and maintain SIEM solutions (Elastic/Splunk) across enterprise environments. Develop and optimize detection rules, dashboards, and alerts for threat monitoring. Integrate diverse log sources including Windows, Linux, firewalls, IPS, and EDRs. Automate tasks using scripting languages (Bash, Python). Collaborate with incident response and threat intelligence teams to improve detection and response capabilities. Conduct regular health checks, performance tuning, and upgrades of SIEM infrastructure. Support compliance and audit requirements through log retention and reporting. Mentor junior engineers and contribute to capability development within the department. Write and maintain technical documentation for SIEM configurations, processes, and playbooks. + Apply an automation-first mindset to streamline operations and reduce manual effort. + Demonstrate strong attention to deta

il

in rule creation, log analysis, and incident handling.
Essential Qualifications - NQF Level
Diploma Advanced Diplomas/National 1st Degrees Preferred Qualification
Certifications such as GCIA, GCIH, Splunk Certified Architect, Elastic Certified Engineer, or similar. Exposure to regulatory frameworks (e.g., SARB, POPIA, PCI-DSS) Preferred Certifications

Relevant Information Security Certification

Required Skills & Experience

5+ years in cybersecurity operations or engineering roles. Proven experience with Sentinel, Elastic Stack (ELK) and/or Splunk Enterprise Security. Proficient in Linux administration and scripting (Bash, Python). Familiarity with Windows event logging, firewalls, IPS/IDS, and EDR platforms. Familiarity with different Cloud platforms. Experience in log ingestion, parsing, and normalization. Understanding of MITRE ATT&CK, threat detection frameworks, and incident response workflows is highly advantageous. Excellent problem-solving and communication skills. Experience with alert lifecycle management, data indexing, and case management is highly advantageous.

Technical / Professional Knowledge

Administrative procedures and systems Data analysis Governance, Risk and Controls Principles of project management Relevant regulatory knowledge Relevant software and systems knowledge Cluster Specific Operational Knowledge System Development Life cycle(SDLC) TCP/IP Information Security terms and definitions Relevant Operating System Information Security policies and procedures Vendor Management Principles Behavioural Competencies
Applied Learning Communication Collaborating Customer Focus Initiating Action Managing Work Technical/Professional Knowledge and Skills
-

Please contact the Nedbank Recruiting Team at +27 860 555 566