CYBER SECURITY SPECIALIST: DevSecOps, IT CYBER SECURITY

Job Description

• Secure the development of products - integrate security practices as early as possible in the lifecycle of software development under the guiding principles of shift left and security by default.
• Prescribe, maintain and enhance cool toolsets manage the relevant tools required for mature product security that include pen testing, secure coding, and source code analysis. Investigate new approaches, technology, and automation to challenge traditional thinking and raise the level of security.
• Verify the security of internally and externally developed applications and services during and after development and deployment. Actively participate in the SDLC though guidance, education, input, and facilitation.
• Perform threat modelling enhance and optimize infrastructure, platform, application, and mobile security by identifying threats, vulnerabilities, and associated countermeasures.
• Provide AppSec training and raise the awareness banner high create and manage learning and reference materials and exercises.
• Define and implement documentation and standards on application security processes, tooling, and other resources to assist collaboration with the various stakeholder across company.
• Provide expert guidance on, and where relevant maintain and enhance the toolsets required for mature application security covering secure coding, source code analysis and vulnerability management.
• Investigate new approaches, technologies, and automation to mature AppSec.

Additional Responsibilities:

• Collaborate with the broader SecOps Team to drive and support various operational and strategic initiatives.
• Champion or co-champion internal security solutions and/or processes.

Minimum Requirements

Mandatory

• 3-year IT or NQF aligned Qualification
• 5 years relevant experience in cyber security, with at least 3 years in a DevOps / DevSecOps capacity.
• Hands on practical experience in DevOps / DevSecOps and the ability to integrate security into the CI/CD processes
• Hands on practical experience in application security testing.
• Extensive knowledge of DevSecOps principles, practices, and tools, including containerization, orchestration, and automation.
• Experience in securing CI/CD pipelines on Cloud platforms, specifically AWS and Azure.
• Experience with infrastructure-as-code tools (e.g., Terraform).
• Basic scripting experience and skills. Python and JavaScript are preferred.
• Solid experience in Secure Code Development practices and tools, e.g., SonarCube.
• Good understanding of common security libraries, frameworks, and tools.
• Ability to explain the common security flaws as well as potential ways to address them.
• Deep technical skills and ability to automate manual processes.
• Bloodhound approach to security.
• Relentless pursuit of threat identification and remediation.
• Relevant research and translation into defence.
• Very good people skills to engage with the various stakeholders across the business, while ensuring that professionalism is maintained.
• Ability to engage with and contribute to the Information Security community.

Additional Criteria

• Software development experience.
• Relevant qualifications and certifications such as SANS (SEC 540 or SEC 534), GIAC GCSA or the AWS Developer Associate certification is highly advantageous.
• Practical experience with the MITRE ATT&CK framework is advantageous.
• May be required to assist outside of working hours.
• Knowledge of company IT and cyber security landscape, including systemic understanding of key business linkages and dependencies
• Is aware of and responsive to internal and external events and influences on the technical landscape
• Ability to research technology-related concepts, trends, and best practices, and apply findings
• Appropriately derives and organises the essence of information to draw solid conclusions
• Looks beyond symptoms to uncover root causes of problems to be solved
• Synthesises data from different sources to identify trends
• Presents problem analysis and a recommended solution rather than just identifying and describing the problem itself
• Proactively approaches others to obtain missing information
• Demonstrates a results-oriented mindset in planning and implementing activities/projects
• Clearly defines objectives and translates them into workable activities
• Monitors and tracks progress to ensure delivery of all planned commitments, and keeps the appropriate people informed
• Prepares written reports and briefs and communicates ideas clearly
• Speaks fluently in team meetings when presenting information
• Manages existing partnerships within established agreements or contracts; negotiates adjustments when mutually beneficial to do so
• Genuinely cultivates personal bonds with colleagues to enhance performance throughout the organisation
• Adjusts to work effectively within new work structures, processes, requirements, or cultures
• Demonstrates resourcefulness in acquiring necessary knowledge, skills, and competencies to adapt to change