PERFORM secure by design assessments and support and implement the secure development strategy as your technical expertise as a Cyber Security Application Specialist is sought by an independent Asset Management firm. Your role will also entail identify potential Cyber Security risks for development products, review design and implementation of the identified controls and provide technology security assurance and guidance to Product teams. You must possess a technical Degree/Diploma in Information Security/Computer Science/Engineering, preferably CISSP Certified, however OSCP/GPEN/CIMS or other relevant certifications will be considered. You will also require 3 -5 years’ experience in a technical application security testing, development or pen testing role, a deep understanding of Cyber Security and data privacy risks and mitigating solutions, Cloud Security, Windows, Linux, CI/CD and good understanding of common IT Management / Compliance frameworks such as ISO/IEC 27001, NIST CSF, ISF, OWASP, SANS.
- Identify potential Cyber Security risks for development products, and identify controls to minimise, mitigate or remove any risks identified.
- Review design and implementation of the identified controls to ensure they are built into the product (at Design & Build stages).
- Provide technology security assurance, guidance and support to the Product teams.
- Create and maintain technical documents such as secure coding guidelines, security checklists, and technical security requirements.
- Ensure security is built into developed applications.
- Define, implement, and efficiently maintain technology security controls and requirements for secure development.
- Support security awareness programs and educational efforts to build security champions within the Product teams.
- Perform security assessments: Attack surface analysis and reduction, threat modelling, data protection, secure code reviews, SAST and DAST analysis, security testing.
- Code pipeline security.
- Assess and monitor cloud infrastructure hosting applications for vulnerabilities and misconfigurations.
- Conduct security audits across the product stack and underlying infrastructure and tooling.
- Provide accurate and timely reporting of technology security risks identified during secure by design assessments, project engagement and propose remediation and mitigation options in line with policy and good practice.
- Ensure that Information and Cyber Security controls and processes are functioning effectively.
- Provide SME skills and mentorship to the operational security team as well as collaboration with the business and technology teams.
- Identify potential information security risks or control failures.
- Facilitate Cloud Risk Assessments.
- Perform security threat modelling including analysing and documenting security controls for internal or cloud technologies and in house developed applications to ensure compliance with documented and approved security policies and standards.
- Technical Diploma/Degree in Information Security, Computer Science or Engineering.
- CISSP is strongly preferred, however OSCP, GPEN, CISM, or other relevant certifications will be considered.
- Minimum of 3 -5 years’ experience in a technical application security testing, development or pen testing role.
- A deep understanding of Cyber Security and data privacy risks and mitigating solutions.
- Review security architecture and design.
- Manage, scope, schedule and review penetration tests.
- Support Product teams who require a security oversight, consultative input and research.
- A broad technical knowledge of information systems, security, infrastructure, networking solutions, security assessment and testing, software development security, security architecture and engineering.
- Good understanding of common information technology management / compliance frameworks such as ISO/IEC 27001, NIST CSF, ISF, OWASP, SANS.
- Cloud Security.
- Good knowledge of operating systems such as Windows and Linux and how to secure them.
- Be well-versed in at least one of the programming languages like Java, Python, R, React to allow for collaboration with Product teams and to identify and implement opportunities for improvement and automation in the CI/CD pipeline.
- Knowledge of Cloud and container technologies such as AWS/GCP/Azure, Docker, Kubernetes, and how to implement developer tools such as GitHub and Dependency Management.
- Specialist experience in either DevSecOps, Application Security, or Offensive Security.
- Knowledge of and/ or experience in creating and managing DevSecOps pipelines practicing CSA, SAST, DAST, and Security as Code.
- Ability to work towards team and individual targets.
- Building and maintaining effective working relationships, both internal and external stakeholders.
- Excellent time management skills.
- Excellent written and verbal communication skills.
While we would really like to respond to every application, should you not be contacted for this position within 10 working days please consider your application unsuccessful.
When applying for jobs, ensure that you have the minimum job requirements. OnlySA Citizens will be considered for this role. If you are not in the mentioned location of any of the jobs, please note your relocation plans in all applications for jobs and correspondence. Please e-mail a word copy of your CV to [Email Address Removed] and mention the reference numbers of the jobs. We have a list of jobs on [URL Removed] Datafin IT Recruitment – Cape Town Jobs.