Job Description
Responsibility: Application Security(70%)
- Identify, implement, and maintain security tools and technologies
- Participate in regular security reviews and assessments of the infrastructure, applications, and processes.
- Up to date knowledge of security testing methodologies, tools, and frameworks (OWASP, IST, SANS, etc.)
- Schedule (and ideally automate) Vulnerability scans and tests, remediate findings and ensure accurate reporting to satisfy regulatory compliance.
- Perform quarterly penetration tests of all deployed projects and ensure implementation of items identified in remediation plans.
- Software dependency scanning
Responsibility: DevSecOps (20%)
- Maintain & Administer Security controls on Cloud Development Infrastructure
- Improve Automation of Security Controls on Deployments in Azure & On-Premise Environments
- Work with the dev team to ensure that security standards and policies are being set up and configured correctly
Responsibility: Knowledge sharing & documentation (10%)
- Host the secure development forum for OUTsurance.
- Communicate effectively with stakeholders at all levels of the organization, including technical and non-technical audiences.
- Develop and maintain security policies, procedures, and guidelines for development, deployment, and operations.
Qualifications
- 3 Years industry specific experience & Minimum 5 Years in Technology & Software
- Great knowledge and understanding of Secure Code Development practices and tools such as SonarQube, AquaSec, Harbor, etc.
- Knowledge in security classification frameworks like MITRE or the cyber-attack kill chain and Open Threat Networks
- Knowledge of security testing methodologies, tools, and frameworks (OWASP, NIST, SANS, etc.)
- Solid knowledge of IT security (FortiGate Firewalls, Local Traffic Managers, SIEM, SOAR, EDR, XDR)
- Experience with security compliance frameworks (PCI DSS, HIPAA, GDPR, etc.)
- Experience drafting and implementing security policies, security procedures, security design and implementation.
- Extensive knowledge of DevSecOps principles, practices, and tools, including containerization, orchestration, and automation
- Experience with cloud platforms (AWS, Azure, GCP) and infrastructure-as-code tools (Terraform)
- Familiarity with operational observability, including monitoring, log aggregation, application performance monitoring, etc.
Additional Information
An ideal candidate will be able to align their personal work values to the OUTsurance values of Awesome Service, Dynamic, Honest, Human, Passionate and Recognition.
In accordance with OUTsurance Insurance Company Ltd Employment Equity goals, preference will be given to individuals who meet the job requirements and are from the various designated groups.
Desired Skills:
- SonarQube
- AquaSec
- Harbor
About The Employer:
OUTsurance has been propelling the South African insurance industry forward for the last 25 years. As leaders in the field, we’re always looking for innovative ways to create digitally advanced solutions, without losing sight of our human values. Our continued success can be attributed to outstanding employees who set the bar high with their energy and expertise. If you’re keen to grow your career in a vibrant environment with lots of ‘fun’, this could be the career opportunity you’ve been looking for.
What do you get OUT?
OUTsurance has been voted Top Employer South Africa since 2022. Our people vision is to be a great company to work for where you always get something OUT.
We offer our employees:
– A winning, fun and inclusive company culture that embraces diversity.
– Great Rewards and Recognition programs.
– Benefits (Medical Aid, Pension fund, Group life and Disability benefits)
– Growth opportunities (we hire talent, train skill and promote values driven leaders from within)
– Wi-Fi on campus and Emergency Panic-Assist through the OUTsurance app
– Employee wellness programs: Free Counselling, Legal Advice and Financial Coaching for you and your members of household.
– Casual Dress Code
– Central office location with shuttles to and from the Gautrain station and Centurion Taxi Rank
– Onsite Clinic, Canteen, Carwash, Barber, Beauty Salon and Sports facilities
– Day care centre during public school holidays
– Maternity Expressing Rooms
– Prayer Rooms
– A chance to give back (Staff Helping SA OUT volunteer program) and much more…
We are seeking a highly experienced Application Security Engineer/ Penetration Tester to join our team. The ideal candidate will have a strong background in software development, information security, and operations.