Purpose Statement

  • The incumbent will form part of the Cyber Offence team, whose goal is to ensure that the business is prepared and skilled to mitigate any cyber security threat.
  • The incumbent will play a major role in developing “world-class” cyber security capabilities within the Bank.

Experience

Min:

  • 5+ years’ experience in Information Security
  • 2+ years’ experience in Penetration testing

Ideal:

  • 2 – 3 years’ financial services / banking background

Qualifications (Minimum)

  • Grade 12 National Certificate / Vocational
  • Certification in Information Systems Auditing (CISA) or CISSP

Qualifications (Ideal or Preferred)

  • A relevant tertiary qualification in Science or Engineering – Other

Knowledge

General

  • Knowledge of basic system administration, network, and operating system (Windows and Linux) hardening techniques.
  • Knowledge of cryptography and cryptographic key management concepts.
  • Knowledge of host/network access control mechanisms (e.g., access control list).
  • Knowledge of common network protocols (e.g. TCP, UDP, DHCP, DNS).
  • Knowledge of information technology security principles and methods (e.g., firewalls, demilitarized zones, encryption).
  • Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defence-in-depth).
  • Knowledge of the application and network firewall concepts and functions.

Cyber Security

  • Knowledge of cyber threats and vulnerabilities.
  • Knowledge of vulnerability assessment tools, including open source tools, and their capabilities.
  • Knowledge of infrastructure, network, and software penetration testing principles, tools, and techniques.
  • Knowledge of root cause analysis techniques.
  • Knowledge of cybersecurity principles that apply to infrastructure and network deployments and software development
  • Knowledge of national and international laws, regulations, policies, and ethics as they relate to cybersecurity.
  • Knowledge of cyber attackers (e.g., script kiddies, insider threat, organised crime, and nation-states).
  • Knowledge of general attack stages (e.g. cyber kill-chain).
  • Knowledge of known vulnerabilities from alerts, advisories, errata, and bulletins.

Software Testing and development

  • Knowledge of the secure software development lifecycle.
  • Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, cross-site scripting, SQL injection).
  • Knowledge of web services, including service-oriented architecture (e.g. SOAP, REST) and web service description language (e.g. WSDL, Swagger)
  • Knowledge of secure software deployment methodologies, tools, and practices.
  • Knowledge of software development models (e.g., Waterfall, Agile).

Standards

  • Knowledge of Payment Card Industry (PCI) data security standards.
  • Knowledge of Personally Identifiable Information (PII) data security standards.
  • Knowledge of Information and Cybersecurity best practices (.e.g. ISF, CIS, OWASP)

Skills

  • Communications Skills

Competencies

  • Achieving Personal Work Goals and Objectives
  • Delivering Results and Meeting Customer Expectations
  • Working with People

Additional Information

  • A valid driver’s license and own vehicle is preferred
  • Clear criminal and credit record
  • Contactable via own mobile phone
  • Required to be available after hours in case of emergency
  • Willingness to work or be available overtime and / or weekends if required

Capitec is committed to diversity and, where feasible, all appointments will support the achievement of our employment equity goals.

Learn more/Apply for this position