PERFORM secure-by-design assessments and support and implement the secure development strategy as your technical expertise as a cybersecurity application specialist is sought by an independent asset management company. Your role will also include identifying potential cybersecurity risks to development products, reviewing the design and implementation of identified controls, and providing technology security assurance and guidance to product teams. You should have a technical degree/diploma in Information Security/IT/Engineering, preferably CISSP certified, but OSCP/GPEN/CIMS or other relevant certifications will be considered. You will also need 3-5 years of experience in a technical application security testing, development or penetration testing role, an in-depth understanding of cybersecurity and data privacy risks and security solutions. mitigation, cloud security, Windows, Linux, CI/CD and a good understanding. common IT management/compliance frameworks such as ISO/IEC 27001, NIST CSF, ISF, OWASP, SANS.
- Identify potential cybersecurity risks to development products and identify controls to minimize, mitigate, or remove identified risks.
- Review the design and implementation of identified controls to ensure they are built into the product (at the design and build stages).
- Provide technology security assurance, guidance and support to product teams.
- Create and maintain technical documents such as secure coding guidelines, security checklists, and technical security requirements.
- Make sure that security is built into developed applications.
- Effectively define, implement and maintain technology security controls and requirements for secure development.
- Support security awareness programs and educational efforts to build security champions within product teams.
- Perform security assessments: attack surface analysis and reduction, threat modeling, data protection, secure code reviews, SAST and DAST analysis, security testing.
- Code pipeline security.
- Assess and monitor cloud infrastructure hosting applications for vulnerabilities and misconfigurations.
- Perform security audits on the product stack and the underlying infrastructure and tools.
- Provide accurate and timely reports on technology security risks identified during security-by-design assessments, project engagement and propose remediation and mitigation options in accordance with policy and best practices.
- Ensure that information and cybersecurity controls and processes operate effectively.
- Provide SME skills and mentorship to the operational security team as well as collaboration with business and technology teams.
- Identify potential information security risks or control failures.
- Facilitate cloud risk assessments.
- Perform security threat modeling including analysis and documentation of security controls for internal or cloud technologies and internally developed applications to ensure compliance with documented and approved security policies and standards.
- Technical degree/diploma in information security, computer science or engineering.
- CISSP is strongly preferred, but OSCP, GPEN, CISM or other relevant certifications will be considered.
- Minimum of 3-5 years of experience in an application security testing, development, or penetration testing technical role.
- A thorough understanding of cybersecurity and data privacy risks and mitigation solutions.
- Review security architecture and design.
- Manage, extend, schedule, and review penetration testing.
- Support product teams that require security oversight, advisory input and research.
- Extensive technical knowledge of information systems, security, infrastructure, networking solutions, security assessment and testing, software development security, architecture and engineering of security.
- Good understanding of common IT management/compliance frameworks such as ISO/IEC 27001, NIST CSF, ISF, OWASP, SANS.
- Cloud Security.
- Good knowledge of operating systems such as Windows and Linux and how to secure them.
- Master at least one of the programming languages such as Java, Python, R, React to enable collaboration with product teams and to identify and implement improvement and automation opportunities in the CI/CD pipeline .
- Knowledge of cloud and container technologies such as AWS/GCP/Azure, Docker, Kubernetes and how to implement developer tools such as GitHub and Dependency Management.
- Specialist experience in DevSecOps, Application Security or Offensive Security.
- Knowledge and/or experience in creating and managing DevSecOps pipelines practicing CSA, SAST, DAST and Security as Code.
- Ability to work on team and individual goals.
- Establish and maintain effective working relationships with internal and external stakeholders.
- Excellent time management skills.
- Excellent written and verbal communication skills.
Although we would really like to respond to every application, if you are not contacted for this position within 10 working days, please consider your application unsuccessful.
When applying for a job, make sure you meet the minimum job requirements. OnlySouth African citizens will be considered for this role. If you are not at the stated location of any of the jobs, please note your relocation plans in all job applications and correspondence. Please email a word copy of your CV to [Email Address Removed] and mention the reference numbers of the works. We have a job listing on [URL Removed] Datafin IT Recruitment – Jobs in Cape Town.