ENVIRONMENT:SUPPORT the delivery and execution of Cyber Security operations with a primary focus on application security across the software development lifecycle (SDLC) as the next Application Specialist I sought by a growing Retail Group. Your core role will be to build and mature AppSec as an internal capability to build in security by default. This is a highly technical role requiring practical experience in Penetration Testing, code reviews, SDLC security and DevOps. The role will be split 50% Penetration Testing and 50% Application Security. You will require Grade/Matric, up to years IT experience with 3 being in Cyber Security, hands-on practical experience in Application Security and Penetration Testing, be able to script & automate processes and DevOps / DevSecOps knowledge with the ability to integrate bug resolution into CI/CD processes. You must also possess relevant Certifications such as OSCP, OSWE, SANS and [URL Removed] for managing and monitoring Application Security
- Define and manage a risk-based methodology for application security testing and validation.
- Perform internal application and service Penetration Testing according to the methodology.
- Coordinate external Penetration Testing where required.
- Help drive and validate remediation of findings.
- Consult with Application Development teams during projects and initiatives.
- Provide AppSec reporting for operational security dashboards.
- Provide guidance via documentation and standards on application security practices.
Responsible for improving Application Security –
- Integrate security practices into the SDLC and DevSecOps under the guiding principle of security by default.
- Maintain and enhance the toolsets required for mature application security covering pen testing, secure coding, source code analysis and vulnerability management.
- Investigate new approaches, technologies and automation to mature AppSec.
- Provide AppSec training.
Responsible for Red Teaming
- Work with the rest of the Security Operations team to proactively identify vulnerabilities and validate controls across the environment.
- Support the team in responding to security incidents.
- Work with, and coordinate, external providers where and when relevant.
- Grade 12 / Matric.
- Relevant 3-year Degree/Diploma.
- Relevant qualifications and Certifications such as OSCP, OSWE, SANS and CREST.
- 3 Years relevant experience in Cyber Security, up to 10 years in IT.
- Hands-on practical experience in Application Security and Penetration Testing
- Knowledge of DevOps / DevSecOps and the ability to integrate bug resolution into CI/CD processes.
- Software Development experience.
- Ability to script and automate processes.
- Prepares written reports and briefs and communicates ideas clearly.
- May be required to assist outside of working hours.
- Practical experience with the MITRE ATT&CK framework.
- Is aware of and responsive to internal and external events and influences on the technical landscape.
- Ability to research technology-related concepts, trends and best practices, and apply findings.
- Appropriately derives and organises the essence of information to draw solid conclusions.
- Looks beyond symptoms to uncover root causes of problems to be solved.
- Synthesises data from different sources to identify trends.
- Presents problem analysis and a recommended solution rather than just identifying and describing the problem itself.
- Proactively approaches others to obtain missing information.
- Demonstrates a results-oriented mindset in planning and implementing activities/projects.
- Clearly defines objectives and translates them into workable activities.
- Monitors and tracks progress to ensure delivery of all planned commitments, and keeps the appropriate people informed.
- Speaks fluently in team meetings when presenting information.
- Manages existing partnerships within established agreements or contracts; negotiates adjustments when mutually beneficial to do so.
- Genuinely cultivates personal bonds with colleagues in order to enhance performance throughout the organisation.
- Adjusts to work effectively within new work structures, processes, requirements, or cultures.
- Demonstrates resourcefulness in acquiring necessary knowledge, skills and competencies to adapt to change.
While we would really like to respond to every application, should you not be contacted for this position within 10 working days please consider your application unsuccessful.COMMENTS:When applying for jobs, ensure that you have the minimum job requirements. OnlySA Citizens will be considered for this role. If you are not in the mentioned location of any of the jobs, please note your relocation plans in all applications for jobs and correspondence. Please e-mail a word copy of your CV to [Email Address Removed] and mention the reference numbers of the jobs. We have a list of jobs on [URL Removed] Datafin IT Recruitment – Cape Town Jobs.
- Cyber Security