197 Informationsecurity jobs in South Africa

Join to apply for the Global Privacy and Data Protection Specialist role at Dentons

Join to apply for the Global Privacy and Data Protection Specialist role at Dentons

Get AI-powered advice on this job and more exclusive features.

Dentons is designed to be different. We are driven to always be the firm of the future, to challenge the status quo, and to provide holistic business solutions to our clients in new and innovative ways. We are the lightbulb moments. The bold ideas. We are the world's largest global law firm, with 12,000+ people across 80+ countries. Driven by the diverse perspectives of our people, our clients, and our communities, we combine local knowledge with global insight.

We are looking for a Global Privacy and Data Protection Specialist to join our global privacy team. This role reports to the Global Senior Data Protection Specialist and is ideal for a professional with hands-on experience in privacy operations, stakeholder support and emerging technologies. While the role involves a high degree of autonomy, it operates under the guidance of senior privacy leadership to ensure alignment with global strategy and escalation of complex matters as needed. The successful candidate will support a broad range of global compliance activities across all regions, collaborating with cross-functional teams to embed privacy-by-design into projects, manage data subject rights and incidents, and optimize the use of privacy tools like OneTrust.

Key Responsibilities

Privacy Operations & Governance

• Support the evolution of the global privacy program, including all relevant monitoring activities, in alignment with GDPR and other international data protection frameworks
• Conduct and advise on DPIAs, vendor risk assessments, and manage Records of Processing Activities (RoPAs)
• Draft, review, maintain and harmonise privacy documentation, including internal procedures, notices, guidance, and training materials
• Maintain and oversee the privacy risk register, coordinating with stakeholders the implementation of mitigation plans
  
  
  

• Respond to day-to-day privacy queries and provide practical, risk-based privacy advice to internal teams (e.g., marketing, HR, IT, procurement) ensuring timely, accurate and business-relevant advice
• Support client-facing teams with privacy-related contract terms reviews (e.g. DPAs, SCCs), other privacy questions and due diligence
• Manage routine and moderately complex privacy queries independently, escalating high-risk or novel issues to senior privacy leadership as appropriate
  
  
  

• Act as a central contact for OT: oversee implementation, ongoing management, reporting and quality control
• Define and review workflows and processes, perform audits to identify and correct data gaps, errors or discrepancies (e.g. vendor names, documents, data processing details etc.)
• Develop and maintain user guidelines, manage access permissions, add vendors, processing activities, entities etc, and train users on OT functionality and best practices, including assessments, RoPAs, vendor risk, and incident tracking.
• Collaborate with InfoSec/IT teams to align privacy tech workflows with security controls within OT.
  
  
  

• Support the coordination, investigation and documentation of privacy incidents and breaches
• Conduct root cause analyses, facilitate stakeholder engagement, and support regulatory reporting.
• Maintain and enhance the incident and breach logs; track metrics to support internal and regulatory reporting and continuous improvement
  
  
  

• Act as the initial point of intake for data subject access and rights requests received centrally; route requests to appropriate owners, track completion, and maintain oversight of the process to ensure compliance.
• Support development and automation of Data Subject Rights' workflows
• Manage DSARs and related rights requests in compliance with global privacy laws. Coordinate with Regions, IT, Legal, and other business stakeholders to gather data and prepare responses for globally owned requests, ensuring proper documentation
• Maintain the data subject request log and ensure timely, accurate response in line with regulatory requirements
  
  
  

• Collaborate with privacy professionals and stakeholders across global regions to align practices, share insights, and support cross-border compliance efforts
• Support global training, awareness, and onboarding activities as needed
  
  
  

• Collaborate with relevant teams to ensure privacy-by-design in the development and deployment of AI, analytics, and other emerging technologies
• Contribute to risk assessments for AI and other innovative tech use cases, data sharing, and automation tools
  
  
  

• Define and maintain key privacy management information (PMI) dashboards and reporting tools, tracking key metrics such as number of DSARs, incident volumes and trends, DPIAs initiated and completed, vendor reviews etc
• Generate and maintain regular privacy dashboards and team reports, providing quarterly insights on performance, trends, and compliance health
• Support regulatory audits and internal reporting with accurate metrics and documentation
  
  
  

• Coordinate and deliver privacy training and awareness initiatives across the Firm, ensuring global relevance and compliance with local regulations
• Develop, update, and manage training materials tailored for different roles and risk levels (e.g., onboarding, IT, marketing, procurement) observing localization requirements as applicable
• Monitor completion of mandatory privacy training and track participation metrics across regions
• Assess training needs by engaging stakeholders, reviewing incidents/metrics, and staying current on regulatory requirements and organizational changes
• Support the onboarding and upskilling of new privacy team members, especially in relation to internal tools and systems (e.g., OneTrust)
• Maintain documentation of training and awareness schedules, records, and compliance reporting
  
  
  

• 3-5 years in privacy and data protection that can be evidenced through work experience, preferably in a global law firm or other global or regulated environment.
• Strong understanding of the GDPR and other data protection laws, able to balance compliance with business enablement. Knowledge of global privacy frameworks or exposure to them preferable.
• Hands-on experience with OneTrust or equivalent privacy management platforms/tools
• Proven experience in the provision of privacy advice, guidance, data protection compliance processes, including vendor assessments, incident management, DPIAs, and cross-functional privacy support
• Exposure to privacy issues related to AI, data analytics, or other emerging technologies is a strong advantage
• Privacy certification (e.g. CIPP/E, CIPM, or other IAPP, GDPR or DPA 2018) preferred.
  
  
  

• Ability to deliver practical, pragmatic and creative privacy solutions
• Strong analytical skills and experience using metrics to drive improvement
• Excellent communication and stakeholder skills, both written and verbal, with an ability to explain complex privacy and data protection issues to lay audiences, to negotiate and to influence others
• Comfortable working with cross-functional teams across legal, tech, security, fee earners and operations, able to interact positively at all levels and a good team player
• High attention to detail, methodical approach to work with a strong focus on accuracy
• Proactive, well-organised and resilient under pressure
• Self-motivated and committed to continuous learning and development
  
  
  

• Experience supporting or leading ISO 27001/27701 alignment efforts
• Understanding of AI ethics and data governance frameworks
• Experient in privacy audit support and l compliance monitoring
• Familiarity with programme or project management in a compliance or legal setting
  
  
  

• Seniority level Mid-Senior level

• Employment type Full-time

• Job function Other
• Industries IT Services and IT Consulting

Referrals increase your chances of interviewing at Dentons by 2x

Get notified about new Data Protection Specialist jobs in South Africa .

We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.

A Security Engineer is a crucial member of an organization’s IT team, specializing in safeguarding digital assets and maintaining the security posture of the company. They work to design, implement, and manage security measures to protect against cyber threats, unauthorized access, and data breaches.

Key Responsibilities:

Security Infrastructure Design:

• Design and implement security infrastructure, including firewalls, intrusion detection systems, and encryption protocols.
• Evaluate and recommend security products and technologies to enhance the organization’s security posture.

Incident Response and Monitoring:

• Monitor network traffic for suspicious activity and potential security breaches.
• Develop and maintain incident response plans and procedures to mitigate security incidents.
• Investigate security incidents, determine the root cause, and implement corrective actions.

Vulnerability Assessment and Penetration Testing:

• Conduct regular security assessments to identify vulnerabilities in systems and applications.
• Perform penetration tests to simulate cyberattacks and assess the organization’s readiness.

Access Control and Authentication:

• Manage user access controls and authentication mechanisms.
• Implement and maintain multi-factor authentication (MFA) solutions.

Security Policies and Compliance:

• Develop and enforce security policies, standards, and procedures.
• Ensure compliance with industry regulations (e.g., GDPR, HIPAA, PCI DSS) and best practices.

Security Awareness and Training:

• Conduct security awareness programs and training for employees.
• Keep the organization informed about emerging threats and security best practices.

Security Patch Management:

• Manage and coordinate the timely installation of security patches and updates.
• Maintain an inventory of software and hardware assets.

Encryption and Data Protection:

• Implement encryption mechanisms to protect sensitive data at rest and in transit.
• Ensure the confidentiality and integrity of data through encryption and access controls.

Qualifications:

• Bachelor’s degree in computer science, information security, or a related field (or equivalent experience).
• Relevant industry certifications such as Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH), Certified Information Security Manager (CISM), or equivalent.
• Proven experience in information security roles, including network security, system security, or application security.
• Strong knowledge of security technologies, protocols, and tools.
• Understanding of risk management principles and methodologies.
• Proficiency in scripting and programming languages (e.g., Python, PowerShell) for automation and analysis.
• Familiarity with cloud security concepts (e.g., AWS, Azure, Google Cloud).
• Excellent problem-solving and analytical skills.
• Effective communication and teamwork abilities.

Preferred Skills:

• Experience with security information and event management (SIEM) systems.
• Knowledge of threat intelligence and threat hunting techniques.
• Experience with secure coding practices and application security assessments.
• Familiarity with network and web application firewalls.
• Understanding of security-related regulations and compliance standards.
• Security Engineers typically work in an office environment but may need to respond to security incidents outside regular business hours.
• The role may involve occasional travel to remote offices or data centers.

Security Engineers play a pivotal role in maintaining the confidentiality, integrity, and availability of an organization’s information assets. They are instrumental in protecting against cyber threats and ensuring compliance with industry regulations and security best practices.

A Security Engineer is a crucial member of an organization’s IT team, specializing in safeguarding digital assets and maintaining the security posture of the company. They work to design, implement, and manage security measures to protect against cyber threats, unauthorized access, and data breaches.

Key Responsibilities:

Security Infrastructure Design:

• Design and implement security infrastructure, including firewalls, intrusion detection systems, and encryption protocols.
• Evaluate and recommend security products and technologies to enhance the organization’s security posture.

Incident Response and Monitoring:

• Monitor network traffic for suspicious activity and potential security breaches.
• Develop and maintain incident response plans and procedures to mitigate security incidents.
• Investigate security incidents, determine the root cause, and implement corrective actions.

Vulnerability Assessment and Penetration Testing:

• Conduct regular security assessments to identify vulnerabilities in systems and applications.
• Perform penetration tests to simulate cyberattacks and assess the organization’s readiness.

Access Control and Authentication:

• Manage user access controls and authentication mechanisms.
• Implement and maintain multi-factor authentication (MFA) solutions.

Security Policies and Compliance:

• Develop and enforce security policies, standards, and procedures.
• Ensure compliance with industry regulations (e.g., GDPR, HIPAA, PCI DSS) and best practices.

Security Awareness and Training:

• Conduct security awareness programs and training for employees.
• Keep the organization informed about emerging threats and security best practices.

Security Patch Management:

• Manage and coordinate the timely installation of security patches and updates.
• Maintain an inventory of software and hardware assets.

Encryption and Data Protection:

• Implement encryption mechanisms to protect sensitive data at rest and in transit.
• Ensure the confidentiality and integrity of data through encryption and access controls.

Qualifications:

• Bachelor’s degree in computer science, information security, or a related field (or equivalent experience).
• Relevant industry certifications such as Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH), Certified Information Security Manager (CISM), or equivalent.
• Proven experience in information security roles, including network security, system security, or application security.
• Strong knowledge of security technologies, protocols, and tools.
• Understanding of risk management principles and methodologies.
• Proficiency in scripting and programming languages (e.g., Python, PowerShell) for automation and analysis.
• Familiarity with cloud security concepts (e.g., AWS, Azure, Google Cloud).
• Excellent problem-solving and analytical skills.
• Effective communication and teamwork abilities.

Preferred Skills:

• Experience with security information and event management (SIEM) systems.
• Knowledge of threat intelligence and threat hunting techniques.
• Experience with secure coding practices and application security assessments.
• Familiarity with network and web application firewalls.
• Understanding of security-related regulations and compliance standards.
• Security Engineers typically work in an office environment but may need to respond to security incidents outside regular business hours.
• The role may involve occasional travel to remote offices or data centers.

Security Engineers play a pivotal role in maintaining the confidentiality, integrity, and availability of an organization’s information assets. They are instrumental in protecting against cyber threats and ensuring compliance with industry regulations and security best practices.

Our client is searching for an Information Security Engineer to join their team.

Job Purpose:

• Responsible for protecting an organisation's valuable data, systems, and network from cyber threats and attacks.

Responsibilities:

• Analyze, research, and report possible threats and or weaknesses to IT systems.
• Implement best practices and assist in adherence to security standards for the organisation.
• Support company employees with cybersecurity, software, and hardware needs regarding their impact on information security.
• Investigate and react to security incidents and ongoing threats, ensuring the organisation is secure.
• Monitoring networking environments and responding, engaging with service providers.
• Monitor and track the performance of IT security measures
• Monitor, manage, configure, troubleshoot and maintain IT security hardware and software, including firewall administration.
• Ensure business alignment with information security policies and procedures.

Qualifications and Requirements:

• Matric/Grade 12.
• National certificate in information technology or a bachelor’s degree in information technology, or CompTIA certifications A+ and N+.
• CompTIA Security+ and Certified Ethical Hacking (CEH) certifications are desired.
• Excellent communication skills and ability to work in a team environment.
• Critical thinking skills and the ability to solve problems as they arise.
• Ability to prioritise ongoing security projects.
• Full understanding of the components making up the IT environment, and their corresponding security implications.
• Experience with SOC and SIEM solutions.
• An enthusiasm and passion for staying up to date with security threats, trends, and solutions protecting the organisation’s environment.

Experience:

• A minimum of 4 years of experience in information and cybersecurity.
• Practical experience with networks and firewalls, administering firewalls and investigating network issues.
• Practical security experience with endpoint security, email protection, email flow, Office 365, Azure, AWS and other cloud-based solutions.
• Knowledge and experience of various security systems encompassing antivirus, content filtering, firewalls, authentication, intrusion detection, and others.
• Practical full experience with a variety of operating systems, including but not limited to Windows Server, Windows Desktop and Linux operating systems, is required.
• Previous experience and driving the governance of information security policies into the business.
• Experience with Kali Linux and other penetration and/or vulnerability scanning solutions.
• Ability to critically analyse requirements/issues and solve complex problems.

We're looking for a hands-on IT Security Engineer to lead our cybersecurity efforts across the business. You'll manage security systems, ensure data integrity, protect sensitive information, and drive company-wide compliance and training. From developing smart detection rules to implementing system fixes, you’ll play a key role in keeping our systems safe, secure, and one step ahead of threats.

POSITION INFO :

Engineering degree (Computer, Software, Mechanical or Electronic

• OSCP (Offensive Security Certified Professional)
• PNPT (Practical Network Penetration Tester)
• CISSP(Certified Information Systems Security Professional)
• CCSP (Certified Cloud Security Practitioner)

Minimum applicable experience (years) :

AWS' ecosystem :

• AWS Well Architected Framework
• GuardDuty / SCP / SSM / IAM / WAF
• Container services such as ECS / EKS
• Incident detection and response management.
• Performing penetration tests and vulnerability scans against networks and infrastructure, applications and AWS environments.
• Drafting and implementing security policies, security procedures, security design and implementation.

The following would be advantageous :

• ISO 27032 (cybersecurity) compliance
• SOC2 Type 2 (with HiTrust attestation) or HiTrust experience (or equivalent)

Skills and Knowledge(essential) :

• Deep understanding of automation, quality engineering, architectural methodologies, principles, and solution design.
• Familiarity with operational observability, including log aggregation, application performance monitoring, etc.
• Understanding of the following : Linux / Windows server and application administration and configuration, networking, scripting and automation, large scale distributed computing architecture.
• Solid knowledge of IT security (firewalls, EDR, IDS / IPS, SOAR, vulnerability scanning forensic and Threat Hunting).
• Understanding of AWS ECS & Kubernetes and Containerisation (Docker / Podman / Containerd) with implementation, support, and design.
• Knowledge in security classification frameworks like MITRE or the cyber-attack kill chain.

Good knowledge and understanding of industry standards, memberships, and frameworks such as CIS and SOC 2

Security Engineer • Pretoria, South Africa

Join to apply for the Security Engineer role at hearX .

1 day ago Be among the first 25 applicants

Pretoria - 2 days work-from-home in line with Company Policy (only applicable after probation is successfully passed).

Responsible for company-wide cybersecurity and related documents, process and record management to ensure that systems and products are safe and effective. Ensures data integrity, and that information is kept accurate and consistent unless authorized changes are made (and documented), and that confidentiality is upheld by protecting information from unauthorized access. Responsible for cybersecurity compliance and training throughout the Company.

As our IT Security Engineer, you'll support us by taking the lead on cybersecurity and working with the team to perform ongoing operations, administration, and development of security systems, as well as implementing fixes that would protect our systems. You will continuously work towards high confidence and high accuracy detection rules leveraging abnormal or suspicious events.

Engineering degree (Computer, Software, Mechanical or Electronic)

• OSCP (Offensive Security Certified Professional)
• PNPT (Practical Network Penetration Tester)
• CISSP (Certified Information Systems Security Professional)
• CCSP (Certified Cloud Security Practitioner)

AWS' Ecosystem

• AWS Well Architected Framework
• Trusted Advisor
• GuardDuty / SCP / SSM / IAM / WAF
• Container services such as ECS/EKS
• Incident detection and response management
• Performing penetration tests and vulnerability scans against networks and infrastructure, applications and AWS environments
• Drafting and implementing security policies, security procedures, security design and implementation

• ISO 14971 (risk management) compliance
• ISO 27032 (cybersecurity) compliance
• SOC2 Type 2 (with HiTrust attestation) or HiTrust experience (or equivalent)

• Deep understanding of automation, quality engineering, architectural methodologies, principles, and solution design
• Familiarity with operational observability, including log aggregation, application performance monitoring, etc.
• Understanding of Linux/Windows server and application administration and configuration, networking, scripting and automation, large scale distributed computing architecture
• Solid knowledge of IT security (firewalls, EDR, IDS/IPS, SOAR, vulnerability scanning forensic and Threat Hunting)
• Understanding of AWS ECS & Kubernetes and Containerisation (Docker/Podman/Containerd) with implementation, support, and design
• Knowledge in security classification frameworks like MITRE or the cyber-attack kill chain
• Good knowledge and understanding of industry standards, memberships, and frameworks such as CIS and SOC 2

• Drive development standards and processes related to cybersecurity compliance
• Monitor all cybersecurity processes, operations and infrastructure, monitoring internal and external policy and regulatory compliance
• Review and evaluate development designs (for existing products and during design phase for new products) to identify gaps in cybersecurity controls, and drive updates to any cybersecurity or compliance documentation
• Liaise with internal and external stakeholders to prepare for SOC2 Type 2 and HiTrust
• Drive cybersecurity audit strategy and readiness from a dev, security and devops perspective
• Identify, implement and maintain all security tools and technology
• Schedule (and ideally automate) internal vulnerability scans, remediating findings and ensuring accurate & timely reporting to satisfy PCI DSS requirements
• Schedule annual Penetration Tests with external supplier(s) and ensure implementation of items identified in remediation plans
• Complete required cybersecurity applications and records for large customers and audits, including reporting as required

• Drive and action where required the planning, installation, monitoring and maintenance of IT systems and infrastructure focused on cyber security including any penetration testing that is required
• Design and execute short- and long-term initiatives to detect and prevent any security vulnerabilities in the IT infrastructure (cloud, security and devops) to meet current and future needs
• Develop, execute and oversee procedures, policies and related training plans for cybersecurity project management and infrastructure administration
• Conduct research and recommend changes in services, products, protocols, and standards to support development efforts and infrastructure procurement
• Define software and hardware security standards in collaboration with stakeholders and owners for the provisioning of the development and IT infrastructure
• Ensure appropriate security levels on network, infrastructure and servers are maintained, ensuring that the IT team follows the requirements set in line with cybersecurity standards
• Implement cybersecurity continuous improvement programs
• Crisis management - keeping stakeholders informed and actively working with teams to return service in the shortest possible time frame. This would include documenting all disaster recovery procedures
• Effective management and optimisation of vendors (where applicable) as well as collaborating with the dev and IT teams as necessary

• Collaborate with divisional the RAQA team and Senior Managers to define and centralize risks and put mitigation measures in place for new and existing products and services, from a cybersecurity and privacy perspective
• Improve the automation of security controls
• Work closely with the dev team on defining industry-standard processes and system requirements, identifying and proposing fixes to shortcomings in the development lifecycle, code reviews and scanning as well as infrastructure provisioning
• Work with the dev team to ensure that security standards and policies are being set up and configured correctly, ensuring adherence to certifications and best-practice
• Assist with remediations on risk items identified from security and preventative detection reviews to ensure compliance and ensure the security posture of the IT landscape is ensured at all times
• Remediate audit items by putting measures in place to prevent the recurrence of findings. For example, by making sure that audit findings are resolved by the relevant personnel and that the resolutions are such that they prevent the item from reoccurring in the future
• Manage internal and external audits as required with relation to cybersecurity
• Maintain documentation for cybersecurity-related risks, processes and findings

• Manage annual cybersecurity roadmap, IT audit (internal and external) plan and calendar
• Work closely with the Compliance team to gather and submit evidence for all security and IT audits
• Proactively keep stakeholders updated on status, progress, risks and problems
• Review and approve documented outcomes of Penetration Tests, Remediation Plans and required activities
• Review and approve documented outcomes of Vulnerability Scans, Remediation Plans and required activities
• Maintain cybersecurity documents and records in line with certification requirements
• Maintain document bank and matrix for the cybersecurity setup and external customer-audit matrix requests. For example, ensuring that all cybersecurity related information, such as architectural diagrams, asset lists, asset control lists and vulnerabilities, can be referenced from a single central source from which to direct the readers to the appropriate resources

This job description is not a definitive or exhaustive list of responsibilities and is subject to change depending on changing business requirements. Employees will be consulted on any changes. Employee’s performance will be reviewed based on the agreed upon objectives .

• Mid-Senior level

• Full-time

• Information Technology

• Wellness and Fitness Services

Referrals increase your chances of interviewing at hearX by 2x

Get notified about new Security Engineer jobs in Pretoria, Gauteng, South Africa .

Pretoria - 2 days work-from-home in line with Company Policy (only applicable after probation is successfully passed).

Job Purpose:

Responsible for company-wide cybersecurity and related documents, process and record management to ensure that systems and products are safe and effective. Ensures data integrity, and that information is kept accurate and consistent unless authorized changes are made (and documented), and that confidentiality is upheld by protecting information from unauthorized access. Responsible for cybersecurity compliance and training throughout the Company.

As our IT Security Engineer, you'll support us by taking the lead on cybersecurity and working with the team to perform ongoing operations, administration, and development of security systems, as well as implementing fixes that would protect our systems. You will continuously work towards high confidence and high accuracy detection rules leveraging abnormal or suspicious events.

Minimum education (essential):
Engineering degree (Computer, Software, Mechanical or Electronic

• OSCP (Offensive Security Certified Professional)
• PNPT (Practical Network Penetration Tester)
• CISSP (Certified Information Systems Security Professional)
• CCSP (Certified Cloud Security Practitioner)

• AWS Well Architected Framework
• Trusted Advisor
• GuardDuty / SCP / SSM / IAM / WAF
• Container services such as ECS/EKS
• Incident detection and response management.
• Performing penetration tests and vulnerability scans against networks and infrastructure, applications and AWS environments.
• Drafting and implementing security policies, security procedures, security design and implementation.

The following would be advantageous:

• ISO 14971 (risk management) compliance
• ISO 27032 (cybersecurity) compliance
• SOC2 Type 2 (with HiTrust attestation) or HiTrust experience (or equivalent)

Skills and Knowledge (essential):

• Deep understanding of automation, quality engineering, architectural methodologies, principles, and solution design.
• Familiarity with operational observability, including log aggregation, application performance monitoring, etc.
• Understanding of the following: Linux/Windows server and application administration and configuration, networking, scripting and automation, large scale distributed computing architecture.
• Solid knowledge of IT security (firewalls, EDR, IDS/IPS, SOAR, vulnerability scanning forensic and Threat Hunting).
• Understanding of AWS ECS & Kubernetes and Containerisation (Docker/Podman/Containerd) with implementation, support, and design.
• Knowledge in security classification frameworks like MITRE or the cyber-attack kill chain.
• Good knowledge and understanding of industry standards, memberships, and frameworks such as CIS and SOC 2.

• Drive development standards and processes related to cybersecurity compliance.
• Monitor all cybersecurity processes, operations and infrastructure, monitoring internal and external policy and regulatory compliance.
• Review and evaluate development designs (for existing products and during design phase for new products) to identify gaps in cybersecurity controls, and drive updates to any cybersecurity or compliance documentation.
• Liaise with internal and external stakeholders to prepare for SOC2 Type 2 and HiTrust).
• Drive cybersecurity audit strategy and readiness from a dev, security and devops perspective.
• Identify, implement and maintain all security tools and technology.
• Schedule (and ideally automate) internal vulnerability scans, remediating findings and ensuring accurate & timely reporting to satisfy PCI DSS requirements.
• Schedule annual Penetration Tests with external supplier(s) and ensure implementation of items identified in remediation plans.
• Complete required cybersecurity applications and records for large customers and audits, including reporting as required.

• Drive and action where required the planning, installation, monitoring and maintenance of IT systems and infrastructure focused on cyber security including any penetration testing that is required.
• Design and execute short- and long-term initiatives to detect and prevent any security vulnerabilities in the IT infrastructure (cloud, security and devops) to meet current and future needs.
• Develop, execute and oversee procedures, policies and related training plans for cybersecurity project management and infrastructure administration.
• Conduct research and recommend changes in services, products, protocols, and standards to support development efforts and infrastructure procurement.
• Define software and hardware security standards in collaboration with stakeholders and owners for the provisioning of the development and IT infrastructure.
• Ensure appropriate security levels on network, infrastructure and servers are maintained, ensuring that
• the IT team follows the requirements set in line with cybersecurity standards.
• Implement cybersecurity continuous improvement programs.
• Crisis management - keeping stakeholders informed and actively working with teams to return service in the shortest possible time frame. This would include documenting all disaster recovery procedures.
• Effective management and optimisation of vendors (where applicable) as well as collaborating with the dev and IT teams as necessary.

• Collaborate with divisional the RAQA team and Senior ManagersManagerst to define and centralize risks and put mitigation measures in place for new and existing products and services, from a cybersecurity and privacy perspective.
  
• Improve the automation of security controls.
• Work closely with the dev team on defining industry-standard processes and system requirements, identifying and proposing fixes to shortcomings in the development lifecycle, code reviews and scanning as well as infrastructure provisioning.
• Work with the dev team to ensure that security standards and policies are being set up and configured correctly, ensuring adherence to certifications and best-practice.
• Assist with remediations on risk items identified from security and preventative detection reviews to ensure compliance and ensure the security posture of the IT landscape is ensured at all times.
• Remediate audit items by putting measures in place to prevent the recurrence of findings. For example, by making sure that audit findings are resolved by the relevant personnel and that the resolutions are such that they prevent the item from reoccurring in the future.
• Manage internal and external audits as required with relation to cybersecurity.
• Maintain documentation for cybersecurity-related risks, processes and findings.

• Manage annual cybersecurity roadmap, IT audit (internal and external) plan and calendar.
• Work closely with the Compliance team to gather and submit evidence for all security and IT audits.
• Proactively keep stakeholders updated on status, progress, risks and problems.
• Review and approve documented outcomes of Penetration Tests, Remediation Plans and required activities.
• Review and approve documented outcomes of Vulnerability Scans, Remediation Plans and required activities.
• Maintain cybersecurity documents and records in line with certification requirements.
• Maintain document bank and matrix for the cybersecurity setup and external customer-audit matrix requests. For example, ensuring that all cybersecurity related information, such as architectural diagrams, asset lists, asset control lists and vulnerabilities, can be referencedfrom a single central source from which to direct the readers to the appropriate resources.

Tenable is the Exposure Management company. 44,000 organizations around the globe rely on Tenable to understand and reduce cyber risk. Our global employees support 65 percent of the Fortune 500, 45 percent of the Global 2000, and large government agencies. Come be part of our journey!

What makes Tenable such a great place to work?

Ask a member of our team and they’ll answer, “Our people!” We work together to build and innovate best-in-class cybersecurity solutions for our customers; all while creating a culture of belonging, respect, and excellence where we can be our best selves. When you’re part of our #OneTenable team, you can expect to partner with some of the most talented and passionate people in the industry, and have the support and resources you need to do work that truly matters. We deliver results that exceed expectations and we win together!

Your Role:

Responsible for supporting and enabling channel partners as well as identifying and matching technology opportunities with the customer’s business issues and objectives. Assist in developing business value propositions around Tenable’s products and solutions. Drives sales with technical expertise, account management skills, sales ability and a superior customer focus. Participates as part of a sales team to achieve or exceed revenue targets. Technical advisor and trusted cybersecurity expert for Tenable customers.

Deliver technical presentations and demos of Tenable Enterprise products

Manage enterprise software trials and "Proof of Value" evaluations

Answer technical questions and provide consultative security & compliance expertise

Use technical skills to demonstrate to potential customers how and why to use Tenable products

Maintain and grow a network of Tenable Guardians (technical experts) to support business growth

Maintain current customer relationship and develop new ones

Potentially help identify and develop new product concepts

Provide status reports including trends in territory, upcoming events, follow-up and adherence to goals

What You'll Need:

Solid understanding of Exposure Management

Solid understanding of Risk Based Vulnerability Management

Strong knowledge in Cloud Security and Identity Security

Existing relationships with local channel partners and distributors.

Experience with Nessus or other network scanning technologies

Solid foundational knowledge of TCP/IP and network security concepts

Knowledge of compliance standards (e.g., ISO, CIS, PCI, FISMA, SOX, NERC)

Outstanding communication skills and ability to take on a consultative style when presenting ideas and products

Knowledge of specific customer service standards and procedures

Detailed Knowledge of Tenable Products

Ability to plan, organize and implement a range of sales programs

Must be detail oriented and capable of accurate work with minimal supervision

Bachelor’s Degree, 5-7 years of direct SE experience

Great to have: CISSP, cloud security and architecture certifications.

We’re committed to promoting Equal Employment Opportunity (EEO) at Tenable - through all equal employment opportunity laws and regulations at the international, federal, state and local levels. If you need a reasonable accommodation due to a disability during the application or recruiting process, please contact for further assistance.

Tenable Data Consent Statement

Tenable is committed to protecting the privacy and security of your personal data. This Notice describes how we collect and use your personal data during and after your working relationship with us, in accordance with the General Data Protection Regulation (“GDPR”). Please click here to review.

For California Residents: The California Consumer Privacy Act (CCPA) requires that Tenable advise you of certain rights related to the collection of your private information. Please click here to review.

Create a Job Alert

Interested in building your career at Tenable, Inc? Get future opportunities sent straight to your email.

*

indicates a required field

First Name *

Last Name *

Email *

Phone *

Resume/CV *

Enter manually

Accepted file types: pdf, doc, docx, txt, rtf

Enter manually

Accepted file types: pdf, doc, docx, txt, rtf

Address Line 1 *

Address Line 2

Address Line 3

City *

Region (State/County/Province) *

(Please enter N/A if not applicable)

(Please enter N/A if not applicable)

Country * Select.

LinkedIn Profile

Website

Have you ever previously worked for Tenable? * Select.

Do you agree to Tenable's Background and Reference Check Disclosure, which will be carried out only when necessary and as permitted by law? Background checks will not be performed immediately upon your application submission. * Select.

For more details about the process:
US applicants, clickhere
All other applicants, click here

Do you have the legal right to work in the country within which you are applying? * Select.

Do you now, or will you in the future, require sponsorship? * Select.

Do you have a non-compete, non-disclosure or non-solicitation agreement, or any other post-employment restrictive covenants? * Select.

If yes, please provide additional details or upload supporting documents when given the opportunity to add attachments.

Restream is looking for a talented Security Engineer to join us to solve complex challenges and build world-class products. In this role, you will conduct architecture security reviews, application testing, penetration testing, and work with the engineering team, security researchers, and third-party vendors to ensure the security of our systems as we rapidly scale our product and organization. You understand the importance of simplicity and reliability, and you calculate the impact of every decision on each. We believe in small teams where each member contributes significant value.

What You’ll Do

• Perform application and penetration testing.
• Work with engineers to analyze systems, threat model new features, and create responsive controls to ensure end-to-end customer protection.
• Work with third-party vendors to perform annual application and penetration testing reports.
• Maintain, and grow our private bug bounty program; lead the transition to a public bug bounty program.
• Give and receive code review feedback from the team.
• Maintain a pulse on emerging technologies and discover hidden opportunities in our environment.
• Ensure security and resilience of Restream production infrastructure.

What We Look For

• A scrappy, entrepreneurial attitude that gets high-quality projects done quickly.
• Solid knowledge of web applications vulnerabilities and attack vectors.
• Experience manually testing web applications, performing penetration testing, and using automated tools for reconnaissance and discovery.
• Experience with scripting languages and at least one general-purpose programming language. Node.JS (TypeScript) or Rust would be a plus but are not a requirement.
• Strong written and verbal communication skills.
• Self-directed, analytical, and work well in a team environment.
• Passionate about keeping Restream customers and employees safe online.

Restream is the #1 solution for creating professional live videos and streaming them to all social networks at once. Millions of people around the world use Restream to reach, engage, and monetize their audiences. We’re a small and diverse group of dreamers who make technology work for the world. We believe that a small but highly driven and focused team can make a lasting impact in any area.

What We Offer

• Startup environment and a flat company structure.
• Work closely with founders and team to build and grow the product.
• Direct influence and impact on the direction of the product and development.
• The ability to create something that influences people’s lives.
• Competitive pay and equity packages for you to truly be a part of the Restream journey.
• Flexible paid time off.
• The tech you need to get your job done.