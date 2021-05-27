- Responsible for comprehensively reviewing the existing and new software application security configurations (on-premise and cloud), influencing change in the security controls standards, creation of easily consumed IT security standards, creation of application security architectures patterns & diagrams, and ownership of the application security capability roadmap. The application security architect role is a valued partner to development and engineering teams (internal and outsourced) to ensure secure architectures, patterns, and solutions are created and maintained for key applications for example the Fintech, digital, IoT and Cloud environments.
QUALIFICATIONS AND EXPERIENCE
- Minimum of 3 years tertiary qualification in Information Technology/ Engineering
- CISSP/CEH/ CGEIT certification (one of)
- SABSA and/or TOGAF qualification will be an advantage
- Business analysis/architecture qualifications
- Other qualifications (ITIL, TMF, COBIT) or product specific certification is an advantage
- Minimum of 5 years of strong cybersecurity experience across network network, application (web, API) & public/private cloud security architecture (web application firewalls, containers)
- Experience in designing and implementing application security systems architecture
- Experience in managing and implementing large scale security projects preferably with banking and telecoms companies
- Other security experience such as incident handling (from appsec perspective), threat modelling, operations, GRC, OWASP, etc
- Experience in application development with at least one modern programming language, Devops and Agile methods.
- Experience in ethical hacking or vulnerability assessment on web apps, mobile, and thick client (scanners, fuzzers, debuggers, decompliers)
- Experience performing code reviews with associated applications such as static code and dynamic code analysis tools and in several languages
- Knowledge of web application architectures, web stack technologies (HTTP, REST) and platforms (e.g. Apigee, AngularJS, Tomcat, .Net, MS SQL)
POSITION OUTPUTS
- Participate in and lead the security design and implementation of all products across Financial Services, Consumer, Enterprise, Technology and Digital – design phase security and post implementation.
- Evaluate the ongoing effectiveness of security controls established to ensure the security of the company product and application suits.
- Partner with IT, Risk management and Group Security to develop a comprehensive set of cyber-security controls (policies and procedures) governing hosted and SaaS environments.
- Provide security guidance and review on business and technology products/ solutions, model threats and risks as well as the controls necessary to mitigate them, on both an organisational and technical level – thinking like a malicious hacker, understanding and anticipating the moves and tactics that a hacker might use to attack the company systems.
- Research, validation and evaluation of all new product initiatives, with phase gates reviews presented to all stakeholders during the process
- Ensure that third party solutions and products follow the company Application Security controls and standards.
- Review the security design of the company applications and products, drive the testing process (prior to deployment).
- Perform best-practices risk assessment of the company’s product security stacks – Momo, Digital, Consumer
- Build security into the company Software Development Lifecycle; creating and maintaining secure software development/ acquisition methodology – secure application development/ acquisition and coding practices across all development teams (internal and 3rd Party), security testing for existing and new systems, defining processes and establishing meaningful metrics for management.
- Implement security controls and technologies for managing Microservices, APIs and Containers
Operational Delivery:
- Assist Senior Manager Security Architecture to develop and implement the product security architecture requirements and framework, overarched by the business risk strategy
- Develop and implement the application security solution architecture, DevSecOps tooling infrastructure and define various interface requirements for various toolsets
- Drive the design and implementation of secure applications in support of Enterprise-wide and Business Unit applications. Ensure thorough security design and testing is built into them, new and existing applications and products (inhouse & applications, on-prem or cloud)
- Roadmap definitions for security of key products by monitoring security environment; identifying security gaps; evaluating and implementing enhancements.
- Utilize security tools for the appsec program such as static and dynamic code analysis tools and develop continual improvement program.
- Supervise and manage collaboration with relevant vendors/stakeholders for vulnerability scanning and penetration testing exercises. Coordinate red teams and penetration testers to facilitate exercises and work with application engineering teams on remediation. Oversee remediation efforts
- Assist with code reviews and create secure reusable patterns.
- Perform risk and threat assessments.
- Ensure implementation of technical security standards on the application platforms as well as ongoing monitoring and reporting of compliance against the standards
- Ensure the integration of the financial technology and digital platforms into the security compliance and monitoring eco-system both at opco and Group level then regularly confirm and report on ongoing effectiveness
- Participate in information security operations duties, including incident response escalations.
- Liaise with other relevant functions to facilitate the timeous closure of incidents and vulnerabilities in relation to the financial technology and digital platforms
- Assist relevant business owners and custodians in identifying and setting activities logs, audit trails, functional and technical requirements, and ensure adequate custody of such.
- Stay abreast of current and evolving technologies in the application security area.
Creativities (improvement/innovation inherent):
- Implement and enhance security disciplines
- Investigate and research best practices in Application Security and related disciplines with a view to leveraging for the company
- Reduce complexity and streamline processes with a view to optimize technologies and reduce operational costs
- Input and leadership in analytical thinking for the company
Desired Skills:
- software application security configurations
- application security and testing
- Crytographic
- OWASP understanding
- cloud and fintech technology
Desired Work Experience:
- 5 to 10 years
Desired Qualification Level:
- Diploma