Cloud Direct

How we help

Technical consultancy

Assurance and Security

Innovation

Getting AI Ready

Adopting AI can seem complex, but it doesn’t have to be. The secret to successfully implementing AI is putting the right foundations in place.

Find out how

What we do

Microsoft Azure

Data & AI

Microsoft Modern Work

Security

Getting AI Ready

Adopting AI can seem complex, but it doesn’t have to be. The secret to successfully implementing AI is putting the right foundations in place.

Find out how

Explore

Resources

Company

Industries

Bulb Icon

The Learning Hub

All your questions answered

Browse learning hub

“Can you investigate, contain, and respond to cyber threats with precision – using the Microsoft Security stack, automation, and AI to protect both our business and the customers who trust us?” 

As a frontier partner, we grow through great people, smart tech, and teamwork between humans and AI.

Cloud Direct is building a modern, AI-enabled Security team to defend our organisation from evolving cyber threats. As a Tier 2 Security Analyst based in our Cape Town Centre of Excellence, you will be at the operational heart of this capability — investigating and responding to security alerts, developing detection content, and helping improve security outcomes through automation, insight, and disciplined response. 

Working alongside the Senior Security Lead and the wider Security team, you will support detection and response using Microsoft Sentinel, Microsoft Defender, and adjacent Microsoft Security capabilities. As the function matures, you will also contribute to the development of repeatable customer-facing security services grounded in the Microsoft ecosystem.

What You’ll Do:

Alert Triage & Incident Management:

  • Perform in-depth analysis of escalated alerts to confirm, classify, and prioritise security incidents. 
  • Investigate suspicious activity across endpoints (Defender for Endpoint), identity (Entra ID), email (Defender for Office 365), and cloud workloads (Azure/M365). 
  • Correlate data from multiple sources using KQL queries in Microsoft Sentinel to determine scope and impact. 
  • Escalate confirmed P1/P2 incidents to the Senior Security Lead with clear, evidence-based assessments. 

Incident Response & Containment

  • Execute containment and remediation actions following established runbooks — isolating hosts, revoking credentials, blocking indicators of compromise. 
  • Coordinate with IT operations and service desk teams to ensure rapid recovery from security events. 
  • Document all investigation steps and outcomes within ServiceNow for case management and post-incident review. 
  • Contribute to post-incident reports with root-cause analysis, lessons learned, and improvement recommendations. 

Detection Content & Runbook Development

  • Develop and refine Sentinel analytics rules, hunting queries, and automated playbooks under the guidance of the Senior Security Lead. 
  • Author and maintain investigation runbooks and standard operating procedures for common alert types. 
  • Assist with the deployment, configuration, and optimisation of Microsoft Security capabilities across the estate. 
  • Tune alert thresholds and suppression rules to reduce false positives and improve signal-to-noise ratio. 

Mentoring & Knowledge Sharing

  • Provide day-to-day guidance and mentoring to the Level 1 engineer on triage techniques, investigation methodology, and tool usage. 
  • Contribute to internal knowledge-base articles, detection-engineering documentation, and training materials. 
  • Participate in tabletop exercises, purple-team drills, and continuous-improvement initiatives. 

Operational Reporting

  • Contribute to regular security performance reporting, tracking operational trends, incident themes, and opportunities for improvement. 
  • Maintain accurate and up-to-date records in ServiceNow and Sentinel workbooks. 

What We’re Looking For:

  • Experience within a security operations, incident response, detection-focused, or security engineering role. 
  • Solid working knowledge of Microsoft Sentinel, including KQL query writing and analytics rule configuration. 
  • Hands-on experience with Microsoft Defender for Endpoint, Defender for Office 365, and Entra ID. 
  • Understanding of common attack techniques (credential theft, lateral movement, ransomware, BEC) and the MITRE ATT&CK framework. 
  • Excellent analytical and problem-solving skills with the ability to investigate complex, multi-stage incidents. 
  • Strong written and verbal communication skills for documentation and cross-team collaboration. 
  • Relevant certification: CompTIA CySA+, Microsoft SC-200, or Blue Team Level 1 (BTLO).

Highly Desirable:

  • Experience working within an MSP, MSSP, or multi-tenant security environment. 
  • Familiarity with Microsoft’s extended detection, response, automation, and investigation capabilities. 
  • Working knowledge of ServiceNow (incident/case management) and Intune for endpoint management. 
  • Exposure to SOAR playbook development and automation (Logic Apps, Power Automate). 
  • Additional certifications: GIAC GCIH, CompTIA Security+, SC-100, or equivalent. 
  • Understanding of UK GDPR and South Africa POPIA regulatory requirements. 

What We Offer:

  • Responsible Time off (uncapped annual leave)
  • Group Life Cover /Disability Income Cover/ Trauma Insurance Cover (Injury / Disability)
  • Fitness Cash Contribution
  • Pension Fund Contribution
  • Medical Insurance Contribution
  • Employee Assistance Programme
  • Enhanced Maternity & Paternity Leave
  • Endless Growth Opportunities: We provide ample opportunities for professional development, mentoring, and advancement.
  • Culture of Excellence: We foster a high-performance culture that recognizes and rewards exceptional talent.

At Cloud Direct, we believe that diversity, equity, and inclusion are essential to our success. We are committed to creating a workplace where everyone feels valued, respected, and empowered. We welcome applicants from all backgrounds and strive to build a team that reflects the diverse communities we serve. We encourage candidates of all races, ethnicities, genders, sexual orientations, ages, abilities, and socioeconomic statuses to apply.

“Can you build and lead an AI-native Security team that protects our people, our customers, and our reputation — while helping define the future of security services in a human-plus-AI world?” 

As a frontier partner, we grow through great people, smart tech, and teamwork between humans and AI.

Cloud Direct is evolving its security capability to protect our organisation and the customers that depend on us. As our Senior Security Lead, you will be the architect and operational owner of this capability — shaping detection and response, guiding the use of automation and AI across the Microsoft Security stack, and building a high-performing Security team. This role offers the opportunity to help define modern, AI-enabled security services that combine expert judgement with intelligent automation. 

This is a hands-on leadership role. You will define detection logic, lead incident response, mentor analysts, and report directly to the CEO and leadership team. You will shape not only how we defend ourselves but how we bring modern security capabilities to market.

What You’ll Do:

Security Platform Architecture & Build

  • Design the end-to-end security monitoring and response capability using Microsoft Sentinel, Microsoft Defender, and the wider Microsoft Security stack. 
  • Architect the security platform and operating model so it can scale effectively across internal and customer environments over time. 
  • Assess the current Microsoft estate and identify opportunities to strengthen security outcomes through better use of existing capabilities, automation, and AI. 
  • Define and deploy log-ingestion strategy across endpoints, identity (Entra ID), email, and cloud workloads. 
  • Shape the use of complementary Microsoft Security capabilities to improve visibility, prioritisation, and response across the environment. 

Detection Engineering & Threat Response

  • Develop and tune Sentinel analytics rules, KQL queries, and automated playbooks to detect high-priority threats across identity, endpoint, collaboration, and cloud workloads. 
  • Author and maintain investigation runbooks and standard operating procedures for all alert categories. 
  • Act as the primary escalation point for P1/P2 security incidents, coordinating containment, eradication, and recovery. 
  • Lead proactive threat hunting, purple-team collaboration, and continuous improvement activities to strengthen coverage and resilience. 

Team Leadership & Mentoring

  • Lead and develop security analysts, creating clear operating rhythms, coaching, and capability growth across the team. 
  • Define a pragmatic coverage and escalation model that balances human expertise, automation, and intelligent assistance. 
  • Mentor team members in modern detection, investigation, response, and security engineering practices across the Microsoft ecosystem. 
  • Foster a culture of continuous learning through tabletop exercises, post-incident reviews, and knowledge sharing. 

Operational Reporting & Governance

  • Produce regular security performance reporting for leadership, covering operational trends, incident themes, and opportunities for improvement. 
  • Integrate security workflows with ServiceNow for case management and Dynamics for commercial pipeline tracking. 
  • Own security-related compliance and audit readiness for UK GDPR (ICO) and South Africa POPIA. 

Commercial Security Service Development

  • Partner with Sales and Pre-Sales to shape a modern managed security service aligned to customer needs and the Microsoft Security opportunity. 
  • Define service outcomes, onboarding approaches, and operating principles for customer-facing security services. 
  • Contribute to the evolution of Cloud Direct’s broader security services strategy and go-to-market proposition. 

What We’re Looking For:

  • Strong hands-on experience in security operations, incident response, detection engineering, or security engineering. 
  • Deep expertise with Microsoft Sentinel (KQL, analytics rules, playbooks, workbooks) and the Microsoft Defender suite. 
  • Proven experience building or significantly maturing a security operations capability — ideally within an MSP, MSSP, or multi-tenant environment. 
  • Strong knowledge of MITRE ATT&CK, common adversary TTPs targeting MSPs, and threat-hunting methodologies. 
  • Experience leading, mentoring, and developing junior security analysts. 
  • Excellent communication skills — able to translate technical findings into clear, actionable reports for senior leadership. 
  • Relevant certification: GIAC GCIH, Microsoft SC-200, or equivalent. 

Highly Desirable:

  • Experience designing or operating a commercial managed security or MDR offering. 
  • Familiarity with Microsoft’s extended detection, response, and security operations capabilities across endpoint, identity, email, and cloud. 
  • Working knowledge of ServiceNow (SecOps module), Entra ID, Intune, and Azure Arc. 
  • Understanding of UK GDPR/ICO and South Africa POPIA compliance requirements. 
  • Additional certifications: CISSP, CISM, GSOM, or Microsoft SC-100. 
  • Background in MSP toolchain security (RMM, remote access, PSA platforms). 

What We Offer:

  • Responsible Time off (uncapped annual leave)
  • Group Life Cover /Disability Income Cover/ Trauma Insurance Cover (Injury / Disability)
  • Fitness Cash Contribution
  • Pension Fund Contribution
  • Medical Insurance Contribution
  • Employee Assistance Programme
  • Enhanced Maternity & Paternity Leave
  • Endless Growth Opportunities: We provide ample opportunities for professional development, mentoring, and advancement.
  • Culture of Excellence: We foster a high-performance culture that recognizes and rewards exceptional talent.

At Cloud Direct, we believe that diversity, equity, and inclusion are essential to our success. We are committed to creating a workplace where everyone feels valued, respected, and empowered. We welcome applicants from all backgrounds and strive to build a team that reflects the diverse communities we serve. We encourage candidates of all races, ethnicities, genders, sexual orientations, ages, abilities, and socioeconomic statuses to apply.

“A graduate programme designed to develop the next generation of Forward Engineers”

The Graduate Frontier Engineer role is designed to support graduates as they transition from education into real‑world, client‑facing roles at the forefront of AI‑enabled business change. You will help Cloud Direct and its customers become Frontier Firms — organisations that use AI, cloud technology, and human‑centred design to radically improve how work gets done. This role sits at the intersection of technology, people, and process, and is ideal for graduates who are excited about how AI is reshaping the business world.

From day one, graduates are supported through a preceptorship model, meaning you will be paired with an experienced Engineer who acts as your coach. This ensures you develop confidence, capability, and independence at a sustainable pace. Through the Breakthrough2AI programme, graduates build a balanced foundation of technical skills, business understanding, and human skills, learning how to design, build, and explain AI‑powered solutions that solve real customer problems. Graduates progress through three structured phases blending formal learning, Microsoft certifications, preceptor‑led development, and direct project involvement.

On successful completion, individuals are assessed as “Frontier Engineer Ready” and transition into a fully fledged frontier engineering role within Cloud Direct

What You’ll Be Doing:

Phase 1: Months 1-6

  • Formal onboarding and training, including basic certifications, supported by your assigned preceptor.
  • Shadow and assist in Frontier Impact Studio (FIS) sessions looking at AI ideation.
  • Contribute to simple PoC tasks (coding, cloud setup) with mentoring.

Phase 2: Months 7-12

  • Own larger components of projects (e.g. development of a feature or model) with ongoing support from your preceptor.
  • Continue supporting FIS outcomes by helping to build and deploy prototypes in real client contexts.
  • Increase client exposure: present in meetings, handle parts of workshops, get feedback.
  • Learn and apply business process mapping techniques to understand and improve how organisations work.
  • Use AI‑backed development tools to support coding and solution design.
  • Complete intermediate certification.

Phase 3: Months 13-18

  • Act as tech lead for an internal project or a client PoC with supervision by your preceptor.
  • End-to-end solution ownership: from design decisions to deployment and testing in a real-world setting.
  • Regular client interaction managed largely independently (status updates, demos, refining requirements).
  • Specialized training or elective projects to deepen expertise (e.g. MLOps, advanced data engineering, or architecture patterns).
  • Final Microsoft certification completion.

What We’re Looking For:

  • Achieved or on track for 2:1 or above in Computer Science or a similar technical discipline.
  • A strong interest in artificial intelligence and how it is transforming the business world.
  • Some experience in programming (Python, C#, JavaScript or similar), with specific interest in AI‑assisted coding and modern development practices.
  • Interest in applied AI, cloud technologies, and building real‑world systems.
  • Strong human and communication skills, including the confidence to explain ideas and present to others.
  • Curiosity about business processes, systems, and how technology supports people at work.
  • Ability to work collaboratively in fast‑moving environments.

What You’ll Gain:

  • Microsoft certifications
  • Full mentoring and coaching 
  • Real-world client project experience
  • Clear promotion and progression pathway
  • The opportunity to specialise in cuttingedge areas of AI engineering
  • Transition into a permanent Forward Deployed Engineer role on completion

How to apply:

Interested candidates are invited to submit their application via email to Careers@clouddirect.co.za.

Please ensure your application includes:

  • An up-to-date CV
  • A motivation letter outlining why you would like to pursue a role as a Forward Deployment Engineer and what you believe you would bring to the position
  • Kindly use the subject line: Application – Forward Engineer.

Only shortlisted candidates will be contacted.

At Cloud Direct, we believe that diversity, equity, and inclusion are essential to our success. We are committed to creating a workplace where everyone feels valued, respected, and empowered. We welcome applicants from all backgrounds and strive to build a team that reflects the diverse communities we serve. We encourage candidates of all races, ethnicities, genders, sexual orientations, ages, abilities, and socioeconomic statuses to apply.