Job Description

Surgo (PTY) Ltd. has partnered with a global analytics and digital solutions company serving industries including insurance, healthcare, banking and financial services, media, retail, and others. They aim to bridge the gap between digital expectations and real outcomes for international companies with Digital Intelligence.

Our client is recruiting for a Cyber Threat Hunt Analyst to join their team based in Cape Town.

Job purpose:
The role will support and advise on product assessments, policy adjustments, and architectural transformation that will impact regional and global locations. The position requires someone with technical expertise and will provide influence on the design of detective, preventive, and proactive controls.

  • Identify and track threat actor groups and their TTPs while maintaining current knowledge of tools and best practices of APT groups
  • Perform cyber threat hunting activity using threat intelligence, analysis of anomalous log data, and related tools
  • Collect, enrich, and disseminate IOCs – Indicators of Compromise
  • Use the MITRE ATT&CK framework to analyze malicious campaigns and evaluate the effectiveness of security technologies and controls
  • Determine true threats, false positives, and network system misconfigurations and provide recommendations and solutions to issues detected
  • Monitor the organization’s attack surface against the current threat landscape
  • Support the Cyber Threat Intelligence team to provide threat informed defenses that will improve prioritization of preventative controls and mitigations to improve defense posture
  • Engage and collaborate with Red Team to analyze and evaluate the effectiveness of existing security controls
  • Support Cyber Threat DFIR for internal incidents by performing cyber threat hunting activities during investigations and building a common understanding of threat activities
Qualification & Experience:
  • Direct experience performing threat hunting in an active corporate environment
  • 2+ years of experience in a technical role in the areas of Security Operation, Incident Response, Detection Engineering, Offensive Security/Red Team, or Cyber Threat Intelligence
  • Security certification or working towards certification (e.g., SANS, SEC+, CompTIA, Security+, OSCP, or CEH), equivalent experience will be considered
  • Experience analyzing system, network, and application logging for attack techniques across all stages of the cyber kill chain
  • Direct experience working with large datasets, log review and bulk analysis tools
  • Experience consuming and analyzing Cyber Threat Intelligence for actionable takeaways
  • Ability to apply Cyber Threat Intelligence through enrichment, correlation, and attribution
  • Familiarity with offensive security strategies and assessment methodologies
  • Knowledge of threat actors, including malware families, intrusion techniques, and associated criminal entities
  • Experience explaining threat hunt objectives and ability to communicate associated risks
  • Ability to understand requirements and needs from across the organization in order to build consensus and drive results
  • Ability to navigate and work effectively across a complex, geographically dispersed organization
  • Able to perform proactive threat hunting using multiple toolsets, suggesting, and testing hypotheses, pivoting and reporting on investigation results
  • Ability to work on-side
  • Experience with more than one more enterprise scale EDR and SIEM tool
  • Experience using Internet and network scanning tools for malicious host discovery
  • Basic understanding of building threat hunting queries using KQL, SIGMA, or Yara
  • Previous experience using a Threat Intelligence platform or CTI vendor
  • Demonstrated ability to self-direct, with minimal supervision to achieve assigned goals
  • Knowledge of basic Data Science concepts and processes
  • Experience with offensive security tools and technical and the methods used to compromise large networks
  • Previous experience performing digital forensics or incident response on major security incidents
Salary: Market Related

Working Hours: Monday to Friday - 08:00am to 17:00pm

Should you wish to apply for the position, please apply directly via this job board, please ensure that you quote reference number 202607 subject heading or email body.

Surgo (Pty) Ltd will consider all applications in terms of its Employment Equity (EE) and is committed in maintaining diversity in its’ appointments. Surgo (Pty) Ltd, therefore also encourages people with disabilities and from other diverse backgrounds to apply. Due to the high volume of applications, should you not receive feedback within three months upon submission, you can assume your application was unsuccessful and we encourage you to reapply. Please note that as a registered member of APSO, Surgo (PTY) Ltd. does not hold applicants accountable for any application fee.

Your CV will be kept on our database for us to contact you should any future vacancies become available. If you do not wish for us to keep your CV for any other positions, please email


Employee Type
Full-Time Regular
Cape Town Western Cape
Min Salary
0.00 ZAR
Max Salary
0.00 ZAR