Information Security Specialist

SUMMARY:
The Information Security Specialist plays a vital role in keeping our customers’ proprietary and sensitive information, systems and applications secure.
He/she searches for and identifies security flaws in networks, devices, systems, solutions, operating systems and applications, while recommending specific measures that can improve the overall security posture.
By identifying which flaws can be exploited to cause business risk, the pen tester provides crucial insights into the most pressing issues.

POSITION INFO:
DETAILS OF POSITION
ROLES & RESPONSIBILITIES
 
The primary focus for this position is to:
a)     Put your ethical hacking skills, problem solving, vulnerability and exploitation knowledge to use by performing penetration testing and attack simulations on business-critical customer infrastructures including internal servers, networks and applications, to identify security flaws, exploiting vulnerabilities to determine weaknesses in their IT operations, processes, systems and related controls.
b)     Probe for security weaknesses in applications, wired and wireless networks and systems.
c)      Experiment with various methods attackers could use to exploit information security vulnerabilities.
d)     Test the human element within an organization’s security posture.
e)     Target customer staff with emails, phone calls, and in-person interactions in an attempt to convince them to give up sensitive information or take an action that could help an attacker.
f)       Conduct physical security assessments of servers, systems and network devices.
g)     Identify unique issues specific to the customers’ environment.
h)     Complete threat assessment reports that outline penetration test findings, including the exploit chain/proof of concept scenarios.
i)       Presents findings to customers and recommend solutions based on your findings.
 
In addition to the primary role described above, the Information Security Specialist  will also consult customers on the design and implementation of information security solutions in the organization, performing  network, systems and product security testing to ensure that new products, and systems (and changes to existing), are designed and implemented in a manner that complies with defined security standards, processes and procedures.
He/she will consult a wide variety of customers through a set of professional services to:
a)     Support the roll-out of their Information Security Governence system through a set of fit-for-purpose security policies and practices.
b)     Support various customer organizational unit/teams as a resource focusing on the technical security matters, including educating and replying to staff and their clients on information security related issues ranging from features, functionality, integration, specifications, and risks.
c)      Define, establish, maintain and apply an information security architecture and framework, containing the appropriate processes, methods and practices, tools, standards, structures, governance and reporting.
d)     Identify security settings that needs to be “hardened” and recommend a multi-layered approach to prevent attacks, including proper defense, relationships, communication and training.
e)     Support the design and realization of their Information security strategy through operational initiatives or specific projects, including all the elements of the Information security capability: people, process, technology and facilities.
f)       Review the tactics and processes customers have in place to protect them from threats and interpret findings to determine if systems and processes can appropriately react to threats.
g)     Support customers with remediating vulnerabilities, implementing technology, etc.
h)     Install, configure, audit various infrastructure components which he/she is certified on, which may include routers, switches, wireless access points, firewalls, servers, operating systems, etc.
i)       Perform periodic vulnerability testing and leading remediation projects.
j)       Guarantee network security best practices are executed through auditing: router, change control, switch, firewall configurations, and monitoring.
k)      Log analysis to ensure customer policy and security requirements are met.
l)       Maintain customer network security devices to enable pro-active defense.
 
 
Other responsibilities include:
a)     Work under the direction of the Department Head to maintain the company’s security devices and show practical experience in managing SIEM environments, firewalls, content filters, proxy servers, and packet capture devices.
b)     Tuning and development of the creation of custom intrusion detection and SIEM signatures and rules, including the efficient on-boarding and understanding of varying log sources into SIEM environments.
c)      Work in collaboration with appropriate stakeholders to ensure customers have devices that are fully operational and secure.
d)     Act under authorization from engineering to maintain the configuration and have a comprehensive understanding and technical know-how in server administration, including MS AD Group Policy Objects, deployment, patching, network device configuration and hardware management (including cable management).
e)     Work under strict change control processes to ensure only authorized changes are made to devices.
f)       Collaborate with sales, product management, engineering, and other departments on security-related items and any other duties as assigned by the company.
 
Other contributions:
 
a)     Incident response manages the negative effects of an attack or breach, from minimizing the impact to altering security controls for future prevention.
b)     Computer forensics aids in the prevention of crime through the collection, analysis, and reporting of data. It also enables an Specialist to create evidence in the event of a breach.
c)      Reverse engineering allows a Specialist to comprehend why a piece of software does what it does so that he/she can patch a bug or analyze malware.
d)     Keep up to date with all relevant IT security technologies.
e)     Subscribe to all relevant IT and Information security forums and keep up to date with the current cyber threat landscape, continuously evaluating the relevance of such threats and assist the Head: Information Security in the remediation thereof.
 
The Information Security Specialist  will work from a combination of the following:
a)     Home office environment (A FTTH service at home is mandatory)
b)     Office environment (Gauteng)
c)      Work onsite at customer locations as necessary
From time to time, the Information Security Specialist  will need to perform overnight work due to the nature of the tasks being performed.
We require that all coworkers be fully vaccinated against COVID-19 and the successful candidate will need to provide proof of full vaccination.
 
SKILLS, COMPETENCIES & ATTRIBUTES
●       Ability to perform web penetration testing.
●       Good understanding of HTTP protocol, Oauth, SSO, JWT, HTML.
●       Good understanding of REST, JSON, WebServices, SOAP, XML.
●       Basic understanding of JavaScript and Python debugging.
●       Basic understanding of web-app architectures.
●       Basic understanding of software development concepts.
●       Experienced with security frameworks OWASP, SANS, MITRE, OSSTMM.
●       Basic understanding of PortSwigger, BurpSuite or equivalent software.
●       Ability to clearly communicate and present technical topics.
●       Extensive technical know-how of security network devices (switches, antivirus, firewalls, cryptography, SIEM) and any other security networking hardware or software tools
●       Knowledge of various range of NextGen Firewalls and strong routing & switching experience is an added advantage.
●       Knowledge of networking concepts such as WAN connectivity, transport types and protocols, and experience with wireless technology and wireless deployments.
●       Extensive knowledge of Microsoft Active Directory.
●       Juniper orientated Junos understanding, working with router and switch platforms and experience working with stakeholders at an operational Level.
●       Ability to deliver a high level of client service, including the ability to identify client needs and explain complex concept to non-technical audiences.
●       Good team player, self-confident, motivated, and independent.
●       Ability to remain calm while multi-tasking and working under pressure in a fast-paced environment.
●       Attention to details and good problem-solving skills.
●       Good analytical and problem-solving skills.
●       Good aptitude for learning new technologies.
●       Good written and verbal communication skills.
 
QUALIFICATIONS & EXPERIENCE
 
●       B.Sc or B.Tech in IT/Computer Science. (Optional but highly preferred)
●       Fortinet NSE 6. Compulsory to stay Certified whilst in this position.
●       Industry recognized security certifications (i.e. Security+, Cisco CCNP Security, Certified Information Systems Security Professional, etc.). Compulsory to stay certified whilst in this position.
●       2+ years of experience with vulnerability assessment and penetration best practices, techniques and tools.
●       2+ years of experience with programming experience in Python, PHP, Perl, Ruby, .NET, or other interpreted or compiled languages.
●       2+ years of experience and/or detailed knowledge of most of  the following technologies:
a)     Security testing tools including Metasploit, Nessus, Burp Suite, or equivalents
b)     Linux operating systems
c)      Microsoft technologies
d)     Mobile application programming and/or security testing
e)     Wireless technologies
f)       Web application technologies
g)     Network implementation (operational and security)
h)     VoIP technologies
i)       Social engineering
j)       Physical security
k)      Source code analysis software
l)       Intermediate to advanced Microsoft Office Suite (i.e., Word, Excel, PowerPoint)
●       Proven experience in planning, organizing, and developing IT security system technologies.
●       2+ years experience identifying threats and developing appropriate protection measures.
●       Experience in reviewing system changes for security implications and recommending improvements.
●       Excellent hands-on experience and knowledge implementing, configuring, integrating and supporting servers, Windows and Linux operating systems, networks and firewalls.
●       Experience in planning and executing security policies and standards development.
●       Excellent understanding of project management principles.
●       Demonstrated ability to apply IT in solving security problems.
 
Should you wish to apply for this position, please forward your CV and motivation to --------Please upload your CV here-------->

NB! This job is now closed. You can apply for other jobs by uploading your CV.