Purpose Statement
- The incumbent will form part of the Cyber Offence team, whose goal is to ensure that the business is prepared and skilled to mitigate any cyber security threat.
- The incumbent will play a major role in developing “world-class” cyber security capabilities within the Bank.
Experience
Min:
- 5+ years’ experience in Information Security
- 2+ years’ experience in Penetration testing
Ideal:
- 2 – 3 years’ financial services / banking background
Qualifications (Minimum)
- Grade 12 National Certificate / Vocational
- Certification in Information Systems Auditing (CISA) or CISSP
Qualifications (Ideal or Preferred)
- A relevant tertiary qualification in Science or Engineering – Other
Knowledge
General
- Knowledge of basic system administration, network, and operating system (Windows and Linux) hardening techniques.
- Knowledge of cryptography and cryptographic key management concepts.
- Knowledge of host/network access control mechanisms (e.g., access control list).
- Knowledge of common network protocols (e.g. TCP, UDP, DHCP, DNS).
- Knowledge of information technology security principles and methods (e.g., firewalls, demilitarized zones, encryption).
- Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defence-in-depth).
- Knowledge of the application and network firewall concepts and functions.
Cyber Security
- Knowledge of cyber threats and vulnerabilities.
- Knowledge of vulnerability assessment tools, including open source tools, and their capabilities.
- Knowledge of infrastructure, network, and software penetration testing principles, tools, and techniques.
- Knowledge of root cause analysis techniques.
- Knowledge of cybersecurity principles that apply to infrastructure and network deployments and software development
- Knowledge of national and international laws, regulations, policies, and ethics as they relate to cybersecurity.
- Knowledge of cyber attackers (e.g., script kiddies, insider threat, organised crime, and nation-states).
- Knowledge of general attack stages (e.g. cyber kill-chain).
- Knowledge of known vulnerabilities from alerts, advisories, errata, and bulletins.
Software Testing and development
- Knowledge of the secure software development lifecycle.
- Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, cross-site scripting, SQL injection).
- Knowledge of web services, including service-oriented architecture (e.g. SOAP, REST) and web service description language (e.g. WSDL, Swagger)
- Knowledge of secure software deployment methodologies, tools, and practices.
- Knowledge of software development models (e.g., Waterfall, Agile).
Standards
- Knowledge of Payment Card Industry (PCI) data security standards.
- Knowledge of Personally Identifiable Information (PII) data security standards.
- Knowledge of Information and Cybersecurity best practices (.e.g. ISF, CIS, OWASP)
Skills
- Communications Skills
Competencies
- Achieving Personal Work Goals and Objectives
- Delivering Results and Meeting Customer Expectations
- Working with People
Additional Information
- A valid driver’s license and own vehicle is preferred
- Clear criminal and credit record
- Contactable via own mobile phone
- Required to be available after hours in case of emergency
- Willingness to work or be available overtime and / or weekends if required
Capitec is committed to diversity and, where feasible, all appointments will support the achievement of our employment equity goals.