Our client based in Rosebank is currently looking for a Cyber Safety & Security Engineer within the Digital Technology Department. Their hybrid working model allows you to work from home for 3 days a week, for this 6 month contract.
Key Responsibilities?
- Analyze information to identify security control and/or capability gaps that impacts the organization’s security posture
- Provide advice and consultancy to internal customers on application and infrastructure threats and vulnerability remediation
- Consume and prioritize vulnerability results; provide remediation guidance and help eliminate false positives.
- Attend design and application architectural reviews and actively lead the discussions from a security standpoint
- Create formal written documentation of findings and recommendations to address vulnerabilities; assist development teams with writing patches for discovered vulnerabilities; assist security, server management, desktop, private/public cloud and application development teams with identifying and remediation of vulnerabilities
- Enhance the current controls and oversight of the various compute environments (private/public cloud, IaaS, PaaS and SaaS), reviewing configuration and designs and documenting improvements when necessary.
- Expand the use of automation in securing the environment and across multiple technology platforms.
- Provide the Interface between the local business unit and the global security team.
Minimum Requirements
- Strong analytical skills and cross functional knowledge across multiple security platforms and other infrastructure disciplines
- Deep knowledge of Infrastructure security architectures, vulnerabilities and controls including Active Directory, Azure Active Directory, Cloud IaaS/PaaS and network implementations.
- Deep knowledge of application security vulnerabilities, testing techniques, and the OWASP framework.
- Experience in using security tools across different facets of infrastructure and applications. (SIEM, EDR, Threat Hunting (scripting), Vulnerability Exploitation, IAM, PAM etc.)
- Skilled in Security Penetration covering Microsoft Enterprise Environment (On-Premises and Cloud)
- Skilled in the Microsoft Security Stack (Defender, Sentinel, Endpoint Management)
- Skilled PowerShell & API Scripter (Python, C++, KQL will be advantageous)
- Experience in Penetration Testing and/or simulating of security events for controlled testing and validating of infrastructure and application environments
- Be able to articulate vulnerabilities, defects, technical controls and risks, with the Business in a manner that can be easily understood.
- Experience of Security frameworks like NIST and IEC 62443
- Strong Investigation and Post-mortem analysis skills with the expectation to discuss the root causes of an issue as they come up.
- Solid project management skills.
Job Type:
- Contract
Workplace type:
- Hybrid
Location:
- Johannesburg, South Africa
Experience Level:
- Mid-Senior level
Desired Skills:
- Azure Active Directory
- Infrastructure
- OWASP