Application Security Specialist

SUMMARY:
A vacancy exists for an Application Security Specialist based at Head Office, Rosebank reporting into the Group Chief Information Security Officer

POSITION INFO:

Qualifications & Experience:

• 6 Years IT Experience
• 5 Years’ experience in Information Security
• Undergraduate or masters’ degree preferably in one of the following areas Business Management, Information Systems, Computer Science, Engineering, and other related majors
• And /or technical experience working within large IT type environments
• 5+ Years direct incident response, cyber security red team / pen tester experience
• Certifications such as CEH, OSCP, Application Security

Key Responsibilities:

• Build secure development processes aligned with development methodologies,
• Create security awareness and train developers, testers, and business analysts on secure development,
• Create and maintain technical documents such as secure coding guidelines, security checklists, and technical security requirements,
• Ensure security is built into developed applications,
• Perform security assessments: Attack surface analysis and reduction, threat modeling, data protection, secure code reviews, SAST and DAST analysis, security testing,
• Code pipeline security
• Develop fixes and seek solutions for software vulnerabilities,
• Assess and monitor the production cloud infrastructure hosting applications for vulnerabilities and misconfigurations,
• Conduct security audits across the product stack and underlying infrastructure and tooling
• Mitigate future IT security risk,
• To manage own professional and self-development
• Identify security risks and vulnerabilities, analyse impact thereof and engage relevant stakeholders (e.g. governance bodies and product owners) on relevant security solutions, as well as to drive and monitor the implementation thereof in order to mitigate, remediate security vulnerabilities. ·
• Provide guidance with regard to the design and implementation of software components in support of building an advanced security posture. ·
• Proactively broaden knowledge in the area of application security and apply new knowledge and skills. ·
• Participate in application security audits through the provision of relevant information. ·
• Participate in information technology (IT) security projects as the application security Subject Matter Expert (SME) ensuring compliance during each stage of the project development life cycle. ·
• Identify security risks and vulnerabilities, engage relevant stakeholders (e.g. governance bodies and product owners) on relevant security solutions, and drive and monitor the implementation thereof in order to mitigate, remediate security vulnerabilities. ·
• Engage with the larger security community to acquire new information and adopt new security capabilities within the LHC solution delivery environment. ·
• Identify and implement opportunities for integration and consolidation, while ensuring the optimal use of security best practice with the development of new solutions. · Develop and maintain secure system development life cycle (SDLC) procedures and standards. 
• Manage the Security Major Incident Response Procedures, during a security breach, for the designated business application support area:

Cloud Security - IAM, NSG, ASG, ID Federation, VPN’s, IPSec
Cloud Security - Policies, controls, procedures and technologies

• WAF Implementations
• OWASP top 10 mitigation approaches – Service based environments e.g. REST
• Mastery of Linux/Mac/Windows operating systems
• Network/Wireless Penetration Testing
• Ability to understand and modify code in a diverse range of programming languages and frameworks - OO Programming concepts
• Proficiency in cryptographic protocols and cipher suites
• Thorough understanding of network protocols, data on the wire, and covert channels
• Source code reviews.
• Experience with penetration testing methodology and standards
• Deep understanding of Secure SDLC

Present periodic reports and analytics pertaining to the security landscape surrounding the designated business applications.

NB! This job is now closed. You can apply for other jobs by uploading your CV.