141 Data Compliance jobs in South Africa
Paralegal - AI & Data Compliance
Posted today
Job Viewed
Job Description
We are seeking a highly analytical and detail-oriented Paralegal to join a pioneering UK-based company operating in the fast-evolving AI space. This role involves navigating the legal and regulatory complexities of data sharing and AI programming. You'll be responsible for reviewing AI-related code and processes to ensure they align with relevant data privacy and regulatory standards.
This is an exciting opportunity for South African legal professionals with an interest in tech and AI to work at the intersection of law, data, and innovation. Prior experience in UK or EU data regulation is highly beneficial but not essential.
Key Responsibilities:- Review and interpret AI programming practices and data-sharing protocols to ensure legal compliance.
- Assist in drafting and maintaining documentation related to AI system development and data governance.
- Monitor and assess regulatory developments (e.g., GDPR, UK Data Protection Act, AI Act) and advise on their implications for AI-based systems.
- Liaise with technical teams to ensure that data handling and usage practices comply with current legislation.
- Support the legal team in audits, compliance reviews, and risk assessments.
- Contribute to internal policies and training related to AI ethics, transparency, and data usage.
- Minimum of 2-3 years' experience as a paralegal, legal analyst, or in a similar legal compliance role.
- Understanding of data privacy laws such as GDPR, UK Data Protection Act, or similar.
- Familiarity with AI systems or ability to read and interpret AI-related technical documentation.
- Strong research and analytical skills, with a keen eye for detail.
- Excellent communication skills for collaborating with legal and technical teams.
- A proactive approach to learning emerging technologies and legal frameworks.
- Access to a reliable internet connection and a laptop or desktop computer.
Information Security Manager
Posted 5 days ago
Job Viewed
Job Description
Overview
We are seeking a dynamic and experienced Information Security Manager to lead our efforts in safeguarding sensitive information and maintaining robust security frameworks. The successful candidate will play a key role in managing information security risks, implementing policies, and ensuring compliance with industry standards to protect our organization against potential threats.
Responsibilities- Develop and maintain an information security strategy aligned with organizational goals and compliance requirements.
- Conduct risk assessments to identify vulnerabilities and recommend appropriate security measures.
- Oversee the implementation and management of security technologies and protocols.
- Ensure compliance with relevant regulations, frameworks, and standards (e.g., ISO 27001, GDPR, etc.).
- Lead the response to security incidents, ensuring timely resolution and mitigation of risks.
- Train and educate staff on information security awareness and best practices.
- Collaborate with IT teams and other departments to ensure security is integrated into all business processes.
- Report on security performance, incidents, and risks to senior management.
- Bachelor's degree in information technology, Cybersecurity, or a related field (master’s degree preferred).
- Professional certifications such as CISSP, CISM, or equivalent is highly desirable.
- Minimum of 8 years of experience in information security management or related roles.
- Strong understanding of security frameworks, risk management principles, and regulatory compliance.
- Proficiency in security tools, technologies, and practices.
- Excellent analytical, problem-solving, and decision-making skills.
- Strong interpersonal and communication skills, with the ability to explain technical concepts to non-technical stakeholders.
Information Security Officer
Posted 2 days ago
Job Viewed
Job Description
Role Overview
Information Security Officer
Maintain Operational Systems, Networks and Security
Responsibilities- Facilitate annual PCI audits and ensure ongoing compliance.
- Ensure Linux systems are patched promptly and securely, coordinating through the correct change control process if customer impact is anticipated.
- Maintain and monitor Elastic SIEM, respond to alerts, and perform in-depth investigations.
- Troubleshoot system issues across all technology stacks including production / QA environments, databases, networks, and integrations.
- Deploy and manage tooling to enhance operations, security, and efficiency.
- Research and implement new tools (open source or commercial) that improve system performance, monitoring, logging, security, or compliance.
- Develop Python scripts and tools to automate repetitive tasks.
- AWS Cloud Infrastructure: Securely architect and manage AWS services, including but not limited to: VPC, EC2, ECS / Fargate, ECR; GuardDuty, CloudWatch, CloudTrail.
- Load balancers, VPNs, and WAFs.
- Maintain robust connectivity between third parties, banking partners, and on-premises data centres.
- Implement and enforce best practices in system isolation, scope reduction, and security.
- Hardware Security Modules (HSM): Support field engineers and maintain internal HSMs (Futurex, Thales).
- Conduct key management ceremonies and maintain PCI compliance.
- Security Governance & Compliance: Assist with audits and regulatory requirements including PCI-DSS & PCI+PIN, ISO 27001 (Stretch goal), GDPR.
- Maintain accurate and current documentation of infrastructure, procedures, and security policies.
- Promote a security-aware culture within the company.
- Automation & Efficiency: Implement automation to enhance both infrastructure and security management; optimise costs while maintaining high security and performance standards.
- Security Monitoring & Reporting: Ensure weekly vulnerability scans are completed, tracked, and resolved within SLA; review and sign off on daily / weekly PCI business-as-usual activities; analyse data and report security metrics monthly; collaborate with 3rd parties to complete and pass PCI certification audits.
- Review and uphold The Companys security commitments to external partners.
- Bachelors degree in Computer Science, Information Security, or related field.
- At least 3 years relevant experience in security or infrastructure roles.
- Experience in the payments or banking sector preferred.
- Familiarity with PCI audits, DevOps practices, Linux, MySQL, and AWS.
- Strong understanding of PCI-DSS requirements and security standards.
- Hands-on experience with: Linux (security patching, system administration), MySQL, AWS services and virtual networking (VPC, ALB / NLB, WAF, VPNs, etc.).
- Automation tools: CloudFormation, Ansible, Puppet, Chef.
- CI / CD: Bitbucket Pipelines, Jenkins.
- Scripting: Bash, Python.
- Containers: Docker, Kubernetes, ECS.
- Monitoring: Zabbix, Nagios.
- Logging & SIEM: ELK Stack, CloudWatch, Elastic, Splunk.
Information Security Consultant
Posted 2 days ago
Job Viewed
Job Description
Our client, a leading financial services firm, is seeking an Information Security Consultant to join their team on a permanent basis.
Responsibilities- Security Auditing
- Responsible for Security tools monitoring
- Network experience (TCP/IP, Firewalls, IPS, NAC)
- Operating System management and Hardening
- Anti-Virus System management and Configuration
- Logical Access Management
- Vulnerability Management
- Matric and an Information Technology diploma or degree qualification
- 4+ years experience in the field
Salary: Market Related
#J-18808-LjbffrInformation Security Architect
Posted 10 days ago
Job Viewed
Job Description
Job title: Information Security Architect
Contract duration: Start with 6 months
First preference: EEE candidates
Location: JHB
The Head of Security Architecture for the organization is responsible for designing, implementing, and maintaining robust security architectures that protect sensitive data in compliance with regulations such as POPIA, GDPR. This role is critical in safeguarding the confidentiality, integrity, and availability of electronic health records (EHR), patient and employee information, medical devices, and cloud-based healthcare services. The role will focus on designing and developing security architecture that aligns business and corporate security strategy. The role will collaboratively direct Security Architects, IT, and Engineers to design and build security controls and solutions compliant with approved enterprise architecture frameworks and standards across business and digital.
Key Responsibilities:
- Design and develop complex and comprehensive security architectures for our systems, applications, and infrastructure, considering both current and future needs.
- Collaborates with stakeholders, including developers, engineers, and project managers, to integrate security requirements into the system design and development lifecycle.
- Provides guidance and expertise in secure coding practices, network security, identity and access management, data protection, and other security domains.
- Model threats and risks, designing the controls necessary to mitigate them, on both an organizational and technical level – thinking like an attacker, understanding and anticipating the moves and tactics that a hacker might use to attack systems.
- Follow the architecture analysis process, which consists of research, validation, and evaluation of all new initiatives, with phase gate reviews presented to all stakeholders during key forums, including current trends such as AI and LLMS.
- Evaluates and selects security technologies, tools, and frameworks to support the organization’s security.
- Define portfolio vision and reusable security patterns aligned with the EA strategy.
- Lead architecture reviews for high-risk projects, driving recommendations to resolution.
- Advise on security controls for hybrid and cloud platforms, balancing usability, cost, and compliance.
- Defines and applies security policies, standards, and procedures to ensure compliance with industry regulations and best practices.
- Leads incident response activities, including identification, containment, eradication, and recovery, in coordination with the incident response team.
- Experience with Cloud Security platform vendors and technologies such as Azure and AWS.
- Manage security architects and mentor engineers, developers, and vendors.
What will you bring?
- Risk-based decision-making - expert in ISO 27001 / NIST / CIS controls, able to quantify and articulate risk, then select proportionate, cost-effective controls.
- Pen-testing & threat-modelling - scoping, overseeing, and translating results into enforceable patterns and backlog items.
- Influential communication - proven ability to engage C-suite and delivery stakeholders alike, adapting style to gain agreement and drive secure-by-design culture.
- Teamwork and Energy – work across different functional and business teams with effective collaboration.
- Technical depth - hands-on knowledge of cloud security, IAM, container & API security, network segmentation, encryption, and DevSecOps toolchains; capable of explaining the exploitability of complex vulnerabilities. Zero trust design thinking.
- Mentoring & governance - experience in line-managing or coaching security architects/engineers and running architecture assurance or design-review boards.
- Secure-system design leadership - demonstrable track record creating or validating architectures for large-scale, high-risk services using recognised frameworks (SABSA, TOGAF).
Requirements / Skills and Competence
- Tertiary qualification in Computer Science, Engineering, or related field (preferred)
- Minimum of 5-10 years of experience in Security Architecture.
- CISSP, CISA, CISM, or other relevant security-related designation(s) preferred.
- Certifications in CISSP-ISSAP, TOGAF, or SABSA, cloud architecture (Microsoft, AWS, GCP)
- Experience in identifying gaps in existing architectures.
- Understanding of security infrastructure in Public and Private Cloud, e.g., virtual network infrastructure, hybrid IaaS/PaaS/SaaS solutions.
- Experience in designing security architectures to mitigate threats and sound knowledge of security strategies and technologies.
- Direct the Project and Security teams with the guidance to build policies, standards, risks, and controls frameworks supporting operational requirements for the business.
- Good experience in security architecture design in Cloud and on-prem.
- Design and implementation of IOT, endpoint protection, and secure IAM.
- Understanding of authentication and authorisation technologies (SAML, LDAP, PKI, etc.) and other IAM technologies
- Understanding of the implementation, operation, and maintenance of SIEM, boundary protection technologies (firewalls, mail gateways), Antivirus, and AD security products
- Knowledge of web application architectures and threat modelling.
Information Security Specialist
Posted 16 days ago
Job Viewed
Job Description
The KPMG Africa Information Security Specialist is responsible for ensuring the confidentiality, integrity, and availability of all systems across KPMG Africa offices (South Africa, Botswana, Mauritius, Mozambique, Namibia, Zambia, Zimbabwe, Nigeria, Ghana, Kenya, Uganda, Tanzania, and Rwanda). The role involves actively managing and monitoring information security systems to detect, respond to, and remediate security risks and threats across the infrastructure.
4. Position Specifications
Educational Requirements (minimum necessary to perform the job):
- Professional / Tertiary qualification
Other Requirements:
Experience (minimum necessary):
Desired Qualifications and Experience:
- 3-5 years' experience in Information Technology Support or Information Security, including Microsoft Azure
- Industry-recognized certifications such as A+, N+, Security+, CySA+, and Cloud Security certifications like:
o Microsoft Certified: Security Operations Analyst Associate
o Microsoft Certified: Information Protection and Compliance Administrator Associate
o Microsoft Certified: Security, Compliance, and Identity Fundamentals
o Microsoft Certified: Identity & Access Management
o Microsoft Certified: Azure Security Engineer
- Professional certifications such as CISM, CISSP, ECIH are preferred but not required
- Strong knowledge of information security and cloud security concepts
- Experience in identifying, analyzing, and reporting on security risks and incidents
- Experience with security tools such as Qualys, Microsoft Defender Endpoint, Microsoft Sentinel, etc.
- Ability to evaluate vulnerabilities, develop mitigation strategies, and implement remediation
- Strong knowledge of operating systems, Microsoft Servers, Active Directory, and network protocols and technologies
5. Core Competencies:
- Attention to detail and accurate documentation
- Analytical skills to interpret information
- Ability to work independently and in a team
- Organizational and prioritization skills under pressure
6. Key Responsibilities & KPIs
Main Responsibilities:
- Monitoring incident response channels
- Executing the Information Security Incident Management Process and escalating high-priority issues
- Tracking and escalating open incidents
- Producing weekly and quarterly reports for the CISO on incident status and trends
Security Systems Configuration and Management:
- Daily monitoring of security systems to ensure proper functioning
- Configuration and management of security tools such as vulnerability, privileged access, and log management systems
- Reconciliation of assets to ensure coverage of security systems
- Reporting and issue resolution support for operational teams
Patch Management Monitoring:
- Monitoring patch management performance and identifying risks
- Addressing challenges to compliance
Threat and Event Monitoring:
- Detecting and escalating security threats and events
Vulnerability Management:
- Monitoring vulnerabilities daily
- Monthly asset reconciliation
- Managing vulnerability remediation with owners
- Supporting penetration testing activities
Supporting NITSO projects and other initiatives as required.
#J-18808-LjbffrInformation Security Specialist
Posted 21 days ago
Job Viewed
Job Description
ROLE DESCRIPTION: Information security specialists focus on keeping an organisation’s data and IT infrastructure secure, which requires a diverse set of skills and responsibilities.
TASK AND RESPONSIBILITIES:
- Conduct threat and risk analysis and analyse the business impact of new and existing systems and technologies to eliminate risk, performance, and capacity issues. Implement vulnerability assessments and configure audits of operating systems, web servers, databases, and detect patterns, insecure features, and malicious activities in the infrastructure.
- Perform research, testing, evaluating, and deployment of security technology and procedures.
- Run diagnostics on any changes to data to verify any undetected breaches.
- Develop custom systems for specialized security features and procedures for software systems, networks, data centres, and hardware.
- Develop and implement information security standards, guidelines, and procedures.
- Keep current with new intrusion methods and develop protection plans. Have an in-depth understanding of vulnerabilities, management systems, and common security applications.
- Conduct counteractive protocols and report incidents. Offer customized risk ratings for vulnerabilities based on company policies and maintain IT security controls documentation.
- Provide customized security assessments, implement security policies, design security training materials, organize training sessions, provide technical support, and communicate security policies and procedures.
FUNCTIONAL KNOWLEDGE:
Contribute to strategy formulation & execution; business requirement analysis; Incident Management and Response; Business Threat Identification and Communication; Information Risk Assessment and Management; Regulatory and Legal Frameworks; Change Management and Change Risk; GRC and Security Standards, Policies and Practices; Information Risks within Systems and IT Architecture; Information Risks within people and processes; Infrastructure Risks to business delivery; Enterprise and Security Architecture; Operational Security Practices and Management; Information Security Awareness.
MINIMUM REQUIREMENTS• NQF 7 Bachelor's degree in Cybersecurity or a related area, such as computer science or related fields.
EXPERIENCE• 5 - 6 years or more practical experience in IT and Information Security Governance, of which must include at least 3 years in an active Information Risk management role.
#J-18808-LjbffrBe The First To Know
About the latest Data compliance Jobs in South Africa !
Information Security Manager
Posted today
Job Viewed
Job Description
Designation:
Information Security Manager | Waterfall, Midrand, Gauteng | Permanent
Category:
Information Technology
Job Level:
Professionally qualified and experienced specialists and mid-management
Posted by:
PSG Financial Services
Posted on:
03 Oct 2025
Reference Number:
POS08450
Closing date:
30-Oct-2025
Position Type:
Permanent
Location:
Waterfall Magwa Crescent
Overview:
VACANCY | INFORMATION SECURITY MANAGER | WATERFALL, MIDRAND, GAUTENG | PERMANENT
PSGs commitment to transform and embrace diversity is what drives us to achieve a diverse workplace with employment equity as a key goal to create an inclusive workforce. In achieving our employment equity goals, we give preference to applicants from designated groups, and we encourage people with disability to apply.
Job description:The Information Security Manager will lead PSG's cybersecurity strategy, governance, and operations across a hybrid cloud infrastructure. This includes managing Microsoft security capabilities, integrating firewall technologies, overseeing the Cyber Security Operations Center (SOC), and ensuring compliance with regulatory and industry standards. The role also includes managing BYOD risks, securing branch networks, and aligning with globally recognized frameworks such as the NIST Cybersecurity Framework and Joint Security Standards (JSS).
Responsibilities:Strategic Leadership & Governance
- Develop and maintain PSG's enterprise-wide cybersecurity strategy aligned with business objectives and regulatory requirements.
- Establish and enforce security governance frameworks, policies, and standards.
- Ensure alignment with the NIST Cybersecurity Framework (Identify, Protect, Detect, Respond, Recover) and Joint Security Standards.
- Lead the implementation of relevant security compliance initiatives.
- Collaborate with divisional CIOs and executive leadership to align security posture across business units.
- Monitor emerging threats, regulatory changes, and industry trends to inform strategic decisions.
- Design secure solutions for hybrid environments (on-prem + Azure).
- Integrate security into infrastructure and application projects.
- Manage identity and access controls, including Azure AD, MFA, and privileged access management.
- Manage day-to-day security monitoring, incident handling, and threat intelligence.
- Administer Microsoft 365 security features: Defender for Endpoint, Purview, Sentinel, Conditional Access, etc.
- Ensure endpoint, network, and cloud security controls are effectively implemented and monitored.
- Implement and enforce BYOD policies, including mobile device management (MDM), data loss prevention (DLP), and secure access controls.
- Secure branch office networks, including firewalls, VPNs, segmentation, and remote access protocols.
- Develop and manage the annual cybersecurity budget, including licensing, tools, training, and consulting services.
- Track and report on security-related expenditures, ROI, and risk mitigation outcomes.
- Support procurement and vendor management for security solutions.
- Oversee 24/7 SOC operations, ensuring effective threat detection, incident response, and escalation.
- Define SOC roles, workflows, and incident response playbooks.
- Integrate SIEM, SOAR, and threat intelligence platforms for proactive defense.
- Monitor and improve KPIs such as MTTD (Mean Time to Detect) and MTTR (Mean Time to Respond).
- Coordinate with external threat intelligence providers and law enforcement when necessary.
- Oversee the deployment, maintenance, and upgrade of security technologies including Microsoft 365 E3/E5 and Hailstone platforms.
- Ensure timely patching, configuration updates, and feature adoption.
- Maintain compatibility and integration of security tools with PSG's hybrid infrastructure.
- Document system configurations and update operational procedures regularly.
- Conduct regular risk assessments, vulnerability scans, and penetration tests.
- Ensure compliance with POPIA, GDPR, NIST CSF, JSS, and other relevant regulations and frameworks.
- Maintain a risk register and track mitigation actions.
- Coordinate internal and external audits and ensure timely remediation of findings.
- Lead organization-wide cybersecurity awareness programs.
- Deliver targeted training for IT, business, and executive teams.
- Promote secure behaviour and incident reporting culture.
- Build and lead a high-performing cybersecurity team, leveraging SOC analysts, engineers, and compliance specialists.
- Define clear roles, responsibilities, and performance expectations.
- Conduct regular coaching, performance reviews, and career development planning.
- Foster a culture of accountability, innovation, and continuous improvement.
- Promote cybersecurity awareness and ownership across all departments.
- Prepare operational, executive-level reports on security posture, risk exposure, and compliance status.
- Bachelor's degree in Computer Science, Information Technology, or related field.
- 8+ years of IT Security experience, with 5+ years in a leadership role.
- CISSP, CISM, or equivalent
- Microsoft Certified: Cybersecurity Architect Expert
- GIAC Security Operations (GSOM) or equivalent SOC certification
- Familiarity with scripting (PowerShell, Bash) and automation tools.
- Microsoft 365 and SharePoint Online
- Proven experience in cybersecurity leadership within hybrid cloud environments.
- Deep knowledge of Microsoft 365 E3/E5 security stack and Hailstone technologies.
- Strong understanding of SIEM, SOAR, threat intelligence, and SOC operations.
- Experience managing BYOD environments and securing distributed branch networks.
- Familiarity with ISO/IEC 27001, ISO/IEC 2000, NIST, and CIS controls.
- Excellent communication, stakeholder engagement, and team leadership skills.
- Technical documentation
- Strong leadership and problem-solving skills.
- Attention to detail
- Decision making
- Leadership
- Attention to detail
- Resilience
- Good verbal and written communication skills
- Time management skills
- Deadline driven
Candidates interested must apply here by no later than 30 October 2025 OR browse available PSG Careers vacancies
By submitting your application, you are giving PSG Financial Services implicit consent to the storage and processing of your personal information. If you are not contacted within 4 weeks of your application, please accept that your application was not successful. For more information about careers at PSG, visit
Information Security Administrator
Posted today
Job Viewed
Job Description
Job Description
Hello Future Information Security Administrator
Welcome to FNB, the home of the #changeables. We design for the shapeshifters and deliver products and services that make us incredibly proud of people that make it happen.
As part of our talented team, you will be surrounded by unique talents, diverse minds, and an adaptable environment that lives up to the promise of staying curious. Now's the time to imagine your potential in a team where experts come together and ignite effective change. .
To assist in identifying, defining and maintaining the information security policy and baseline standards
Are you someone who can:
- Deliver exceptional service that exceeds customers' expectations through proactive, innovative and appropriate solutions.
- Cultivate and manage objective working relationships with a variety of stakeholders, including end-users, SME's, project managers and senior staff members by providing expert advice and consulting on all aspects of IT security.
- Support IT Security leaders to participate in the FirstRand Bank Information Risk awareness program and to ensure that staff is aware of information security risks.
- Ensure that operating objectives and standards of performance are not only understood but owned by management and employees and to ensure that appropriate standards of conduct are established and complied with.
- Comply, understand and implement all steps for the IT Information Security Processes and Procedures and meet governance in terms of legislative and audit requirements.
- Assist in identifying, defining and maintaining the information security policy and base line standards.
- Assist and administer the implementation of control mechanisms, which enables Information Security Services to have a view of the status of information security.
- Ensure all Information Security analysis and research are captured, recorded and reported on to ensure correct actions are implementation are executed.
- Ensure that operating objectives and standards of performance are not only understood but owned by management and employees and to ensure that appropriate standards of conduct are established and complied with.
- Manage own development to increase own competencies.
- Maintain current knowledge of the Information Systems security industry's emerging technologies.
Dare to imagine the change with us if you are:
- An adaptable problem solver who does not fear change but thrives from it.
- A disruptor in your field of IT expertise
- An initiative taker who identifies opportunity and improves
- Known for your delivery track record.
- Wanting to be in a career that makes meaningful contribution to your and other people's lives.
We'll make a good match if you're:
- Curious - you're driven by always wanting to know more and learn more.
- Obsessed with mastery - you know what it takes to become good at what you do and are constantly pushing yourself to do it.
- Courageous - you're brave enough to think and do things differently and are always ready to put your hand up and take ownership.
- A team player - you believe in the power of teams so you're always part of one, building and leveraging your networks.
- Emotionally intelligent - you have a high EQ that enables you to truly connect with people, no matter how technical or specialist your role is.
You'll benefit from our changeable benefits like:
- Opportunities to network and collaborate.
- Inspiring work environment
- Work that is challenging
- Space to make a difference.
- Opportunities to innovate.
- Conditions that are flexible
- Focus on health and wellbeing (onsite wellness center, gym and crèche at our main campus to innovative employee wellbeing and financial fitness programmes)
- Resources to help you with your professional development.
- Generous leave policy
- Preferential employee banking rates
- When it comes to learning and development, we encourage our changeable to expand their knowledge, on their own, with others, in person or online.
- As for our workspace, it is immersive, collaborative, and energetic because at FNB, innovation is our lifeblood and change in our DNA.
Are you interested to take the step? We look forward to engaging with you further. Apply now
POSTFNB
FAIRLANDS
LI-DG2
Job Details
Take note that applications will not be accepted on the below date and onwards, kindly submit applications ahead of the closing date indicated below.
06/09/25
All appointments will be made in line with FirstRand Group's Employment Equity plan. The Bank supports the recruitment and advancement of individuals with disabilities. In order for us to fulfill this purpose, candidates can disclose their disability information on a voluntary basis. The Bank will keep this information confidential unless we are required by law to disclose this information to other parties.
Information Security Analyst
Posted today
Job Viewed
Job Description
Introduction
Through our client-facing brands Metropolitan and Momentum, with Multiply (wellness and rewards program), and our other specialist brands, including Guardrisk and Eris Property Group, the group enables business and people from all walks of life to achieve their financial goals and life aspirations.We help people grow their savings, protect what matters to them and invest for the future. We help companies and organization's care for and reward their employees and members. Through our own network of advisers or via independent brokers and utilising new platforms Momentum Metropolitan provides practical financial solutions for people, communities, and businesses. Visit us at
Disclaimer
As an applicant, please verify the legitimacy of this job advert on our company career page.
Role Purpose
This position is responsible for performing various tasks. This role is also required to conduct ongoing research in the IT security arena and regularly assist in the sales process.The ideal candidate will be responsible for conducting comprehensive penetration tests, identifying vulnerabilities, and providing recommendations to improve security posture. The ideal candidate must have experience in all forms of complex technical security assessments of clients' information technology systems (including the Internet, Intranet, applications, hosts, firewalls, mobile applications, etc.) and related policies and procedures. They must be highly motivated and have a good command of industry best practices.
Requirements
5+ years of experience in penetration testing, vulnerability assessment, or a related field.
Deep knowledge of security testing methodologies and frameworks (OWASP, NIST, etc.).
Proficiency with advanced penetration testing tools such as Metasploit, Burp Suite, Nessus, Nmap, etc.
Strong scripting skills (Python, Bash, PowerShell, etc.) for automating security tasks.
In-depth understanding of network protocols, operating systems, web technologies, and cloud environments.
CISSP and CEH certification preferred.
OSCP, OSEP, CCSP, CRTE, CRTP, or CRTO certification or equivalent is an advantage.
Duties & Responsibilities
Lead and conduct comprehensive penetration tests on networks, applications, and systems to identify security weaknesses.
Develop and implement advanced security test plans, scenarios, and scripts.
Perform in-depth vulnerability assessments and security analysis using both automated tools and manual techniques.
Document and report security findings, providing actionable insights to clients and detailed recommendations for remediation.
Collaborate with cross-functional teams to prioritize and resolve security vulnerabilities.
Research and stay current with emerging security threats, vulnerabilities, and technology trends.
Participate in security incident response activities when required.
Assist in the development and refinement of security policies, procedures, and standards.
Provide training, guidance, and mentorship to junior penetration testers and other security staff.
Perform security assessments, including application scans (using tools such as Nessus, Burp Suite) and code reviews, to ensure compliance with Momentum Group's SDLC policies.
Participate in a variety of other internal security projects and information security activities as required.
Competencies
Strong knowledge of OWASP Top 10 vulnerabilities and how to exploit/mitigate them.
Excellent technical writing skills for creating detailed assessment reports.
Self-driven, motivated, independent yet communicative and collaborative.
Ability to work unsupervised in a remote capacity and deliver results.
Good organizational skills and time management; ability to resolve conflicts, prioritize tasks, and follow quality benchmarks.
Strong verbal communication skills for presenting findings to technical and non-technical stakeholders.
Demonstrate a strong ability to engage with various stakeholders, have a team-based approach, and work towards shared goals and outcomes.
Ability to think outside the box and a passion to improve your skills and drive innovation.