269 Cissp jobs in South Africa

Overview

Job ID: | Amazon Web Services EMEA SARL (Irish Branch) - G50

The Global Services, Security (GSS) team, a part of Amazon Web Services, leverages the expertise and ingenuity of our builders to establish scalable security solutions for both internal and external customers that drive business outcomes. Our goal of securing the world’s workloads and building a brighter future for humanity requires us to focus on reliable delivery of bar raising security outcomes and investment in security mechanisms and automation on behalf of our customers.

At Amazon Web Services (AWS), Security is our highest priority. The Security Escalations team in GSS is responsible for the security of services offered by Sales, Marketing and Global Services (SMGS). We are looking for a passionate, innovative, results oriented technical program manager. Security Escalations is responsible for driving innovative enhancements that raise the bar for how AWS employees interact with resources, systems, and data. You are someone who loves managing programs and is committed to formulating and implementing wide-ranging process improvements. You are passionate about the security of the cloud and you want to solve real business problems. We have a team culture that encourages innovation and we expect team members and management alike to take a high degree of ownership for their program vision and execution of ideas. You possess strong verbal and written communication skills, can operate independently, and have a consistent track record of delivery. You have an understanding of technical concepts, and possess a broad understanding of AWS services. You are organized, detail-oriented, and drive towards improved performance while advocating for customer needs.

A Security Engineer must foster constructive dialogue and seek resolution when confronted with discordant views. Engineers in this role are expected to participate fully in the planning of the security team's work and constantly seek opportunities for process improvement. They should also have a deep understanding of at least one specialty for which they are a sought out resource (both within AWS and Partner Security, and by groups throughout Amazon), while having an understanding of the application of Information Security in a broad range of technical areas.

You will have the combination of troubleshooting, technical, and communication skills, as well as the ability to handle a mix of disparate tasks which may include project and software development work. This role will provide career growth opportunities as you gain new security skills in the course of your duties.

• Lead the triage and response to security incidents, assessing their potential impact on AWS systems and customers.
• Coordinate with service teams to implement rapid, effective remediation strategies.
• Develop and maintain incident response playbooks and procedures.
• Security Operations: monitor security alerts and logs to detect potential threats or anomalies; conduct thorough post-incident analyses and contribute to lessons-learned documentation; collaborate with other security teams to improve detection and response capabilities.
• Automation and Tool Development: design and implement automation tools to enhance incident response efficiency and effectiveness; continuously improve existing security tooling and processes; share innovations and best practices with the global AWS security community.
• Assist with recruiting activities and administrative work.
• Promote security throughout the Company and build good working relationships within the team and with others across Amazon.

• This role requires you to be a national of an EU member state
• 3+ years of any combination of the following: threat modeling experience, secure coding, identity management and authentication, software development, cryptography, system administration and network security experience
• Knowledge of commonly found software security vulnerabilities (like OWASP top 10) and remediation techniques
• 2+ years of programming in one of the following or similar: Python, Ruby, Go, Swift, Java, .Net, C++

• Experience with AWS products and services
• Experience with any combination of the following: threat modelling, secure coding, identity management and authentication, software development, cryptography, system administration and network security
• Experience with Security Engineering (building tools) and Assurance methodologies e.g. fuzzing, static and dynamic code analysis

Amazon is an equal opportunities employer. We believe passionately that employing a diverse workforce is central to our success. We make recruiting decisions based on your experience and skills. We value your passion to discover, invent, simplify and build. Protecting your privacy and the security of your data is a longstanding top priority for Amazon. Please consult our Privacy Notice ( to know more about how we collect, use and transfer the personal data of our candidates.

Amazon is an equal opportunity employer and does not discriminate on the basis of protected veteran status, disability, or other legally protected status.

Our inclusive culture empowers Amazonians to deliver the best results for our customers. If you have a disability and need a workplace accommodation or adjustment during the application and hiring process, including support for the interview or onboarding process, please visit for more information. If the country/region you’re applying in isn’t listed, please contact your Recruiting Partner.

Zenzero City of Cape Town, Western Cape, South Africa

Zenzero City of Cape Town, Western Cape, South Africa

• Develop and carry out information security plans and policies
• Develop strategies to respond to and recover from a security breach
• Develop or implement tools to assist in detection, prevention and analysis of security threats
• Awareness training on information security standards, policies and best practices
• Conduct periodic network scans to find any vulnerability
• Assist in penetration testing, simulating an attack on the system to find exploitable weaknesses
• Monitor networks and systems for security breaches
• Investigate security breaches
• Lead incident response, including steps to minimise the impact and then conducting technical investigations into how the breach happened and the extent of the damage
• You will be required to work closely with the Cyber Security Manager to create proposals with fully costed solutions for client security projects
• You will be required to deliver client IT security projects as defined by the Cyber Security Manager and the wider business
• You will need to ensure the security projects are completed within the agreed time, budget, are fit for purpose and are high in quality as agreed with the client. This will include researching products and solutions to achieve the project delivery objectives
• You will be required to keep documentation up to date relating to security including project tasks, information for end users, technical documentation and support documents.
• When necessary, you will need to handover completed security projects to the Support and Service Desk teams to enable them to support the client in BAU
• You will need to attend internal and client meetings relating to the projects you are responsible for
• You may be required to work on multiple projects at any given time

• Comprehensive knowledge of IT infrastructure and solutions (Microsoft Server OS, Office 365, Active Directory, Azure, AWS, VMware, Backup, Storage Solutions, Networking, etc.)
• Knowledge of anti-virus software, intrusion detection and firewalls
• Experience of endpoint security solutions (EDR/XDR), including file integrity monitoring and data loss prevention

• Previous experience of working within an IT security or project delivery role.
• Understanding of risk management tools, technologies and methods
• Good problem solving and decision making.

• Able to maintain professional behaviour despite working under pressure
• Able to work to tight deadlines
• Able to work under own initiative but also able to work as part of a wider team
• Able to work on multiple projects

• Associate

• Full-time

• Information Technology

Restream is looking for a talented Security Engineer to join us to solve complex challenges and build world-class products. In this role, you will conduct architecture security reviews, application testing, penetration testing, and work with the engineering team, security researchers, and third-party vendors to ensure the security of our systems as we rapidly scale our product and organization. You understand the importance of simplicity and reliability, and you calculate the impact of every decision on each. We believe in small teams where each member contributes significant value.

What You’ll Do

• Perform application and penetration testing.
• Work with engineers to analyze systems, threat model new features, and create responsive controls to ensure end-to-end customer protection.
• Work with third-party vendors to perform annual application and penetration testing reports.
• Maintain, and grow our private bug bounty program; lead the transition to a public bug bounty program.
• Give and receive code review feedback from the team.
• Maintain a pulse on emerging technologies and discover hidden opportunities in our environment.
• Ensure security and resilience of Restream production infrastructure.

What We Look For

• A scrappy, entrepreneurial attitude that gets high-quality projects done quickly.
• Solid knowledge of web applications vulnerabilities and attack vectors.
• Experience manually testing web applications, performing penetration testing, and using automated tools for reconnaissance and discovery.
• Experience with scripting languages and at least one general-purpose programming language. Node.JS (TypeScript) or Rust would be a plus but are not a requirement.
• Strong written and verbal communication skills.
• Self-directed, analytical, and work well in a team environment.
• Passionate about keeping Restream customers and employees safe online.

Restream is the #1 solution for creating professional live videos and streaming them to all social networks at once. Millions of people around the world use Restream to reach, engage, and monetize their audiences. We’re a small and diverse group of dreamers who make technology work for the world. We believe that a small but highly driven and focused team can make a lasting impact in any area.

What We Offer

• Startup environment and a flat company structure.
• Work closely with founders and team to build and grow the product.
• Direct influence and impact on the direction of the product and development.
• The ability to create something that influences people’s lives.
• Competitive pay and equity packages for you to truly be a part of the Restream journey.
• Flexible paid time off.
• The tech you need to get your job done.

About Nintex:

At Nintex, we are transforming the way people work, everywhere.

As the global standard for process intelligence and automation, we're trusted by over 10,000 public and private sector organizations across 90 countries. Our customers, from industry giants like Amazon, Coca-Cola, and Microsoft, rely on the Nintex Platform to accelerate their digital transformation journeys by managing, automating, and optimizing business processes quickly and efficiently. We improve their lives through the technology we build.

We are committed to fostering a workplace that supports amazing people in doing their very best work every day. Collaboration is constant, our workplace is fun, the environment is fast-paced, and we value our people’s curiosity, ideas, and enthusiasm. Driven by passion and accountability, we take initiative, measure progress, and deliver results. Our culture fosters innovation and problem-solving, fueled by curiosity and a commitment to thinking big. Together, we move with agility, prioritize customer needs, and build unity through empathy, leaving a positive impact wherever we go.

About the role:

The Security Engineer will implement the organization's security policies, procedures, and standards. This role requires an in-depth understanding of current and emerging threats and technology to drive innovation and improvement in all technical areas of security.

This role requires a proven background in Cloud Application Security Operations on Azure or AWS.

This role is hybrid in JHB.

Your contribution will be:

• Manage and support vulnerability scanning tools (e.g., Tenable, Qualys, Rapid7) including scheduling, result analysis, and report generation.
• Support and enhance SIEM platforms (e.g., Splunk, QRadar) including data ingestion, parsing, correlation rules, dashboards, and alerts.
• Collaborate with DevOps, IT, and development teams to ensure proper tool integration and secure configurations across environments.
• Troubleshoot and resolve issues related to security tool performance, configurations, and updates.
• Maintain and document tool configurations, SOPs, and knowledge base articles.
• Contribute to tool selection and evaluation processes by providing technical input and performing proof-of-concepts.
• Oversee security tooling and strategic automation as it relates to managing remediations at scale
• Assist in incident response and remediation of identified security-related events

To be successful , we think you need:

• 3+ years’ experience in software security / penetration testing role, or equivalent experience
• Experience with SIEM platforms like Splunk/QRadar etc
• Experience supporting API security tools (e.g., AWS WAF, Cloudflare, F5, Imperva)
• Blue team experience would be highly beneficial
• Some cloud experience i.e. AWS/GCP/Azure

What’s in it for you?

Nintex has a hybrid working model, enabling us to build culture, learn, and grow together. We intentionally connect and collaborate, while emphasizing flexibility with a blend of at-home and in-office work. This role is a hybrid role in our local Nintex office.

While our offerings differ from country to country, we offer our entire global workforce an array of exciting perks and benefits, including

• Global Gratitude and Recharge Days
• Flexible, paid time off policy
• Employee wellness programs and counseling resources
• Meaningful peer recognition and awards
• Paid parental leave
• Invention/patenting assistance
• Community impact, paid volunteer time, and opportunities
• Intercultural learning and celebration
• Multiple tools through which to learn and grow, and an incredible global community

View more about our benefits here: .

Equity Statement : Preference will be given to People Living with Disability who are members of the designated groups in line with the Employment Equity Plan and Targets of the Company.

Job Purpose:

Responsible for company-wide cybersecurity and related documents, process and record management to ensure that systems and products are safe and effective. Ensures data integrity, and that information is kept accurate and consistent unless authorized changes are made (and documented), and that confidentiality is upheld by protecting information from unauthorized access. Responsible for cybersecurity compliance and training throughout the Company.

As the IT Security Engineer, you'll support the company by taking the lead on cybersecurity and working with the team to perform ongoing operations, administration, and development of security systems, as well as implementing fixes that would protect their systems. You will continuously work towards high confidence and high accuracy detection rules leveraging abnormal or suspicious events.

Minimum education (essential):
Engineering degree (Computer, Software, Mechanical or Electronic

Minimum education (desirable):

• OSCP (Offensive Security Certified Professional)
• PNPT (Practical Network Penetration Tester)
• CISSP (Certified Information Systems Security Professional)
• CCSP (Certified Cloud Security Practitioner)

• AWS Well Architected Framework
• Trusted Advisor
• GuardDuty / SCP / SSM / IAM / WAF
• Container services such as ECS/EKS
• Incident detection and response management.
• Performing penetration tests and vulnerability scans against networks and infrastructure, applications and AWS environments.
• Drafting and implementing security policies, security procedures, security design and implementation.

• ISO 14971 (risk management) compliance
• ISO 27032 (cybersecurity) compliance
• SOC2 Type 2 (with HiTrust attestation) or HiTrust experience (or equivalent)

• Deep understanding of automation, quality engineering, architectural methodologies, principles, and solution design.
• Familiarity with operational observability, including log aggregation, application performance monitoring, etc.
• Understanding of the following: Linux/Windows server and application administration and configuration, networking, scripting and automation, large scale distributed computing architecture.
• Solid knowledge of IT security (firewalls, EDR, IDS/IPS, SOAR, vulnerability scanning forensic and Threat Hunting).
• Understanding of AWS ECS & Kubernetes and Containerisation (Docker/Podman/Containerd) with implementation, support, and design.
• Knowledge in security classification frameworks like MITRE or the cyber-attack kill chain.
• Good knowledge and understanding of industry standards, memberships, and frameworks such as CIS and SOC 2.

• Drive development standards and processes related to cybersecurity compliance.
• Monitor all cybersecurity processes, operations and infrastructure, monitoring internal and external policy and regulatory compliance.
• Review and evaluate development designs (for existing products and during design phase for new products) to identify gaps in cybersecurity controls, and drive updates to any cybersecurity or compliance documentation.
• Liaise with internal and external stakeholders to prepare for SOC2 Type 2 and HiTrust).
• Drive cybersecurity audit strategy and readiness from a dev, security and devops perspective.
• Identify, implement and maintain all security tools and technology.
• Schedule (and ideally automate) internal vulnerability scans, remediating findings and ensuring accurate & timely reporting to satisfy PCI DSS requirements.
• Schedule annual Penetration Tests with external supplier(s) and ensure implementation of items identified in remediation plans.
• Complete required cybersecurity applications and records for large customers and audits, including reporting as required.

• Drive and action where required the planning, installation, monitoring and maintenance of IT systems and infrastructure focused on cyber security including any penetration testing that is required.
• Design and execute short- and long-term initiatives to detect and prevent any security vulnerabilities in the IT infrastructure (cloud, security and devops) to meet current and future needs.
• Develop, execute and oversee procedures, policies and related training plans for cybersecurity project management and infrastructure administration.
• Conduct research and recommend changes in services, products, protocols, and standards to support development efforts and infrastructure procurement.
• Define software and hardware security standards in collaboration with stakeholders and owners for the provisioning of the development and IT infrastructure.
• Ensure appropriate security levels on network, infrastructure and servers are maintained, ensuring that the IT team follows the requirements set in line with cybersecurity standards.
• Implement cybersecurity continuous improvement programs.
• Crisis management - keeping stakeholders informed and actively working with teams to return service in the shortest possible time frame. This would include documenting all disaster recovery procedures.
• Effective management and optimisation of vendors (where applicable) as well as collaborating with the dev and IT teams as necessary.

• Collaborate with divisional the RAQA team and Senior ManagersManagerst to define and centralize risks and put mitigation measures in place for new and existing products and services, from a cybersecurity and privacy perspective.
• Improve the automation of security controls.
• Work closely with the dev team on defining industry-standard processes and system requirements, identifying and proposing fixes to shortcomings in the development lifecycle, code reviews and scanning as well as infrastructure provisioning.
• Work with the dev team to ensure that security standards and policies are being set up and configured correctly, ensuring adherence to certifications and best-practice.
• Assist with remediations on risk items identified from security and preventative detection reviews to ensure compliance and ensure the security posture of the IT landscape is ensured at all times.
• Remediate audit items by putting measures in place to prevent the recurrence of findings. For example, by making sure that audit findings are resolved by the relevant personnel and that the resolutions are such that they prevent the item from reoccurring in the future.
• Manage internal and external audits as required with relation to cybersecurity.
• Maintain documentation for cybersecurity-related risks, processes and findings.

• Manage annual cybersecurity roadmap, IT audit (internal and external) plan and calendar.
• Work closely with the Compliance team to gather and submit evidence for all security and IT audits.
• Proactively keep stakeholders updated on status, progress, risks and problems.
• Review and approve documented outcomes of Penetration Tests, Remediation Plans and required activities.
• Review and approve documented outcomes of Vulnerability Scans, Remediation Plans and required activities.
• Maintain cybersecurity documents and records in line with certification requirements.
• Maintain document bank and matrix for the cybersecurity setup and external customer-audit matrix requests. For example, ensuring that all cybersecurity related information, such as architectural diagrams, asset lists, asset control lists and vulnerabilities, can be referenced from a single central source from which to direct the readers to the appropriate resources.