CYBER SECURITY SPECIALIST: DevSecOps, IT CYBER SECURITY
Boardroom Appointments
Cape Town
ZAR 200 000 - 300 000
Job description
CYBER SECURITY SPECIALIST: DevSecOps, IT CYBER SECURITY
Job Openings CYBER SECURITY SPECIALIST: DevSecOps, IT CYBER SECURITY
About the job CYBER SECURITY SPECIALIST: DevSecOps, IT CYBER SECURITY
Job Description
Secure the development of products - integrate security practices as early as possible in the lifecycle of software development under the guiding principles of shift left and security by default.
Prescribe, maintain and enhance cool toolsets manage the relevant tools required for mature product security that include pen testing, secure coding, and source code analysis. Investigate new approaches, technology, and automation to challenge traditional thinking and raise the level of security.
Verify the security of internally and externally developed applications and services during and after development and deployment. Actively participate in the SDLC though guidance, education, input, and facilitation.
Perform threat modelling enhance and optimize infrastructure, platform, application, and mobile security by identifying threats, vulnerabilities, and associated countermeasures.
Provide AppSec training and raise the awareness banner high create and manage learning and reference materials and exercises.
Define and implement documentation and standards on application security processes, tooling, and other resources to assist collaboration with the various stakeholder across company.
Provide expert guidance on, and where relevant maintain and enhance the toolsets required for mature application security covering secure coding, source code analysis and vulnerability management.
Investigate new approaches, technologies, and automation to mature AppSec.
Additional Responsibilities:
Collaborate with the broader SecOps Team to drive and support various operational and strategic initiatives.
Champion or co-champion internal security solutions and/or processes.
Mandatory
3-year IT or NQF aligned Qualification
5 years relevant experience in cyber security, with at least 3 years in a DevOps / DevSecOps capacity.
Hands on practical experience in DevOps / DevSecOps and the ability to integrate security into the CI/CD processes
Hands on practical experience in application security testing.
Extensive knowledge of DevSecOps principles, practices, and tools, including containerization, orchestration, and automation.
Experience in securing CI/CD pipelines on Cloud platforms, specifically AWS and Azure.
Experience with infrastructure-as-code tools (e.g., Terraform).
Solid experience in Secure Code Development practices and tools, e.g., SonarCube.
Good understanding of common security libraries, frameworks, and tools.
Ability to explain the common security flaws as well as potential ways to address them.
Deep technical skills and ability to automate manual processes.
Bloodhound approach to security.
Relentless pursuit of threat identification and remediation.
Relevant research and translation into defence.
Very good people skills to engage with the various stakeholders across the business, while ensuring that professionalism is maintained.
Ability to engage with and contribute to the Information Security community.
Additional Criteria
Relevant qualifications and certifications such as SANS (SEC 540 or SEC 534), GIAC GCSA or the AWS Developer Associate certification is highly advantageous.
Practical experience with the MITRE ATT&CK framework is advantageous.
May be required to assist outside of working hours.
Knowledge of company IT and cyber security landscape, including systemic understanding of key business linkages and dependencies
Is aware of and responsive to internal and external events and influences on the technical landscape
Ability to research technology-related concepts, trends, and best practices, and apply findings
Appropriately derives and organises the essence of information to draw solid conclusions
Looks beyond symptoms to uncover root causes of problems to be solved
Synthesises data from different sources to identify trends
Presents problem analysis and a recommended solution rather than just identifying and describing the problem itself
Proactively approaches others to obtain missing information
Demonstrates a results-oriented mindset in planning and implementing activities/projects
Clearly defines objectives and translates them into workable activities
Monitors and tracks progress to ensure delivery of all planned commitments, and keeps the appropriate people informed
Prepares written reports and briefs and communicates ideas clearly
Speaks fluently in team meetings when presenting information
Manages existing partnerships within established agreements or contracts; negotiates adjustments when mutually beneficial to do so
Genuinely cultivates personal bonds with colleagues to enhance performance throughout the organisation
Adjusts to work effectively within new work structures, processes, requirements, or cultures
Demonstrates resourcefulness in acquiring necessary knowledge, skills, and competencies to adapt to change