38 Penetration Tester jobs in South Africa

• Country: South Africa
• Location: Cape Town or Gauteng
• Sector: Security Engineers / Consultants
• Salary: Rand Negotiable
• Job Type: Contract
• Technologies: Cyber Security, Penetration Testing, Ethical Hacker

Posted Thursday, 16 September 2021

Endeavour Recruitment has an excellent permanent opportunity for a Cyber Security Analyst / Penetration Tester to join a leading company in the Private Sector with offices based in both Cape Town and Johannesburg. Excellent career prospects!

The chosen candidate will join the Cyber Security team and will be responsible for evaluating and strengthening the security posture through continuous vulnerability and security assessments.

Responsibilities / Duties

• Perform penetration testing and security assessments across the technology landscape
• Be responsible for vulnerability management
• Review, configure and maintain EDR solution
• Actively engage with teams and providers to architect and implement solutions to enhance security
• Continuous proactive improvement of existing processes and security control systems
• Define threat models and organically grow the threat hunting capability
• IT security incident management and monitoring
• IT security risks management
• Provide well-written, concise, technical and non-technical reports
• Assist with the resolution of audit findings
• This role may require standby from time to time

Experience required

• A relevant certification/tertiary qualification in IT Security
• Minimum of 3 years of cyber security experience
• Experience in penetration testing tools
• Experience within mobile security assessments, vulnerability and/or malware analysis, security solutions and cloud technologies advantageous
• Understanding of security best practices in a mixed Windows/Linux environment, attack methodologies and OWASP

Required skills

• Strong analysis and problem-solving skills
• Strong work ethic and willingness to learn
• Good written and verbal communication skills
• Ability to manage and prioritize objectives with overlapping time constraints
• The ability to work independently and as a team member

Please get in touch for further details on this not to be missed permanent opportunity. We look forward to receiving your CV!

• Country: South Africa
• Location: Cape Town or Gauteng
• Sector: Security Engineers / Consultants
• Salary: Rand Negotiable
• Job Type: Contract
• Technologies: Cyber Security, Penetration Testing, Ethical Hacker

Posted Thursday, 16 September 2021

Endeavour Recruitment has an excellent permanent opportunity for a Cyber Security Analyst / Penetration Tester to join a leading company in the Private Sector with offices based in both Cape Town and Johannesburg. Excellent career prospects!

The chosen candidate will join the Cyber Security team and will be responsible for evaluating and strengthening the security posture through continuous vulnerability and security assessments.

Responsibilities / Duties

• Perform penetration testing and security assessments across the technology landscape
• Be responsible for vulnerability management
• Review, configure and maintain EDR solution
• Actively engage with teams and providers to architect and implement solutions to enhance security
• Continuous proactive improvement of existing processes and security control systems
• Define threat models and organically grow the threat hunting capability
• IT security incident management and monitoring
• IT security risks management
• Provide well-written, concise, technical and non-technical reports
• Assist with the resolution of audit findings
• This role may require standby from time to time

Experience required

• A relevant certification/tertiary qualification in IT Security
• Minimum of 3 years of cyber security experience
• Experience in penetration testing tools
• Experience within mobile security assessments, vulnerability and/or malware analysis, security solutions and cloud technologies advantageous
• Understanding of security best practices in a mixed Windows/Linux environment, attack methodologies and OWASP

Required skills

• Strong analysis and problem-solving skills
• Strong work ethic and willingness to learn
• Good written and verbal communication skills
• Ability to manage and prioritize objectives with overlapping time constraints
• The ability to work independently and as a team member

Please get in touch for further details on this not to be missed permanent opportunity. We look forward to receiving your CV!

• Matric Certificate with Maths
• B Com in Accountancy or equivalent
• JDE Common Foundation
• JDE Technical Foundation
• AllOut Security Certification
• CNC Certification (advantageous)
• AS/400 CL Programming
• PRINCE2 / Project Management Certification
• Business or Systems Analysis Certification
• ITIL or COBIT Framework knowledge.

• Ten (10) + years in IT, with at least 5 years in JD Edwards E1 and World (Functional and Technical)
• Experience with AllOut Security administration
• ERP System experience: JD Edwards (mandatory), SAP or Navision (advantageous)
• Deep knowledge of Active Directory, QlikView, and vulnerability management
• Experience managing security frameworks on AS/400 systems;
• CNC and JDE deployment management
• Business analysis, project implementation, and end-user training
• Knowledge of compliance standards (SOX, King IV);
• Process mapping and documentation (Visio, Lucidchart, etc.)
• Report development and analytics (QlikView, SQL, etc.).

• Design and maintain system security protocols (JDE E1 and World)
• Administer and configure AllOut Security, ensuring segregation of duties and audit readiness
• Monitor and maintain integrations and support for various systems connected to JD Edwards
• Perform system analysis, vulnerability assessments, and conduct internal audits in alignment with King III/IV and SOX
• Lead and support audits, risk assessments, and disaster recovery processes
• Manage user roles, responsibilities, and access rights across systems
• Support CNC, AS/400 system management, and I-series server operations
• Write, update, and maintain technical documentation and user procedures
• Lead incident responses, forensic analysis, and investigations of breaches
• Train and support end-users and teams across departments;
• Provide help desk support and develop end-user documentation
• Drive and support security awareness campaigns
• Proactively identify areas of process and security improvement
• Attend to audit queries as and when required
• Perform ad hoc duties as and when required within reasonable job scope.

InfyStrat is seeking a motivated Cyber Security Analyst to join our team and contribute to our mission of safeguarding our digital assets and infrastructure. In this role, you will monitor, detect, and respond to security threats, vulnerabilities, and incidents across our systems. You'll perform risk assessments, analyze security breaches, and provide remediation recommendations while collaborating with various teams to enhance our security posture. This is a fantastic opportunity to grow your skills in a fast-paced environment while playing a critical role in protecting our organization from cyber threats.

• Monitor security alerts and events from various sources, including SIEM tools, to identify and respond to security threats.
• Conduct thorough investigations of security incidents, documenting findings and coordinating response actions.
• Assist in the development and implementation of security policies, procedures, and guidelines to protect sensitive information.
• Perform vulnerability assessments and penetration testing to identify security weaknesses.
• Analyze trends and patterns in security incidents and provide recommendations for improving defense mechanisms.
• Stay updated on the latest cybersecurity threats, vulnerabilities, and best practices.
• Work with IT and development teams to ensure secure configurations and practices across all systems.

• Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field.
• 2+ years of experience in cybersecurity, information security, or a related role.
• Strong understanding of security principles, concepts, and technologies.
• Experience with security monitoring tools, SIEM platforms, and incident response procedures.
• Familiarity with network security, firewalls, intrusion detection/prevention systems, and secure coding practices.
• Knowledge of security frameworks and regulatory standards (e.g., NIST, ISO 27001, GDPR).
• Strong analytical and problem-solving skills, with attention to detail.
• Excellent communication skills to effectively collaborate with cross-functional teams.
• CERT, CISSP, CISM, or equivalent security certifications are a plus.

• Manage and resolve firewall-related tickets efficiently.
• Add, modify, and optimize firewall rules in line with security best practices.
• Configure Palo Alto firewalls confidently and effectively.
• Implement secure changes without disrupting business operations.
• Monitor and analyze security systems to proactively prevent breaches.
  
  
  

• Palo Alto Certification (essential).
• Proven experience managing and configuring Palo Alto firewalls.
• Strong understanding of firewall rule creation and security change management.
• Familiarity with common security protocols and network monitoring tools.
• Excellent troubleshooting and analytical skills.
  
  
  

• Experience working with Checkpoint firewalls.
• Exposure to other enterprise security solutions.
  
  
  

• 100% remote work operate from anywhere in South Africa.
• Competitive salary aligned with experience.
• Join a dynamic, security-focused team with cutting-edge tools and projects.
  

Job Title: Technical Security Analyst
Reports To: Associate Director, Security
Employment Type: Full-Time, Permanent, remote position in South Africa only

As a Technical Security Analyst at Netstock, you will be at the frontline of defending our digital environment by identifying, analyzing, and responding to cyber threats with precision and context. You’ll leverage your expertise in forensic analysis, vulnerability assessment, and threat intelligence to investigate incidents, interpret complex server logs, and assess the true business impact of vulnerabilities. This role is ideal for a technically skilled professional who understands risk and thrives in high stakes scenarios.

You’ll work closely with cross-functional teams, including engineering, compliance, and IT to ensure that security incidents are swiftly contained, vulnerabilities are correctly prioritized, and risks are well-communicated. Your ability to see the bigger picture while navigating the technical details will directly strengthen our security posture.

From interpreting CVEs to leading incident reviews, your input will shape how we protect our infrastructure and our customers. If you’re passionate about forensics, threat response, and building resilient systems in a modern, cloud-based environment, we’d love to hear from you!

Responsible for conducting forensic evidence gathering during security incidents, interpreting system and application logs, and identifying indicators of compromise. This role requires a strong foundation in cybersecurity principles, familiarity with server environments, and hands-on experience with vulnerability and threat analysis.

Responsibilities

• Collect and preserve forensic evidence from servers, endpoints, and cloud environments in a forensically sound manner
• Access, read, and interpret server logs, audit trails, and system data to support investigations
• Analyze logs for suspicious activity, privilege escalations, lateral movement, and known attack signatures
• Support segregation of duties analysis and remediation
• Analyze the technical and business impact of identified vulnerabilities or attack vectors using threat intelligence and risk management principles
• Evaluate the likelihood and potential consequence of exploitation, and provide context-based risk ratings and mitigation recommendations
• Collaborate with DevOps, Dev, IT and Security teams during incident response, ensuring proper containment and root cause analysis
• Maintain awareness of emerging vulnerabilities, actively working with CVEs and threat intelligence to assess risk
• Provide post-incident reporting with detailed timelines, evidence, and mitigation recommendations
• Ensure forensic/investigation activities align with legal, regulatory, and organizational standards (e.g., ISO 27001, NIST, GDPR)
• Vulnerability Management - Track patching and configuration compliance across systems
• Proactively search for signs of compromise using hypothesis-based techniques
• Use threat intelligence feeds and TTPs (Tactics, Techniques, and Procedures) to identify abnormal patterns
• Build and refine detection logic based on observed environment behavior
• Create custom log correlation rules and detection use cases
• Review server, database, and application configurations for security misconfigurations
• Assist with internal or third-party penetration testing exercises
• Validate reported vulnerabilities and test exploitability in controlled environments
• Help develop realistic tabletop scenarios and user training content

Required Skills and Qualifications

• Proficiency in forensic tools and techniques
• Generalist understanding of server infrastructure, system privileges, and core security concepts
• Ability to parse and correlate various log formats (syslog, Windows Event Logs, cloud audit logs, etc.)
• Proficient in reviewing and interpreting log data across different platforms (Windows, Linux, cloud, network appliances)
• Experience with CVE tracking, vulnerability scanners, and mitigation workflows
• Familiarity with standards such as ISO 27001 and common infosec frameworks
• Solid grasp of risk management principles (likelihood vs. impact, asset value, threat actor profiling, etc.)
• Experience assessing the business relevance of technical vulnerabilities and translating findings for stakeholders

Preferred Skills and Qualifications

• Hands-on incident response or blue team roles
• Exposure to SIEM platforms
• Understanding of chain-of-custody and legal considerations in evidence handling
• Experience in environments with regulatory requirements
• Familiarity with common services: SSH, DNS, HTTP(S), SMB, RDP
• IDS/IPS knowledge
• Ability to track vulnerabilities through to remediation
• Exposure to ISO 27001, NIST CSF, CIS Controls, MITRE ATT&CK
• Ability to perform hypothesis-driven hunts and pivot off findings
• Knowledge of cloud platforms: AWS, Linode, Hetzner
• Understanding of the CIA triad (Confidentiality, Integrity, Availability)

This position is subject to pre-employment screening, however candidates will not be unfairly discriminated against.

We receive a high number of applications per role and therefore ONLY successful applicants will be contacted.

This role is open to residents of the Republic of South Africa. Although we may consider candidates with permanent residency, preference will be given to citizens of the Republic of South Africa.

Working with us

Netstock was founded with a clear vision: To give the hungry up-and-comers the capability to level the playing field and compete with the industry giants. Working here means embracing that “challenger” mentality: We are smart, scrappy fighters, building our edge with the agility to move faster than the big guys — pioneering smarter ways to work and innovating new ways to deliver powerfully easy to use technologies for our customers.

About us

Netstock is the driving force accelerating the growth of organizations worldwide. Over the last 15 years, we’ve built out a regional presence that gives us deep insights into supply chain planning factors in each industry. We continue to enhance our supply chain planning solutions, making our predictive engine smarter, accelerating automation, and adding sophisticated new capabilities such as AI and machine learning.

You can read more about Netstock’s history and our product offering at Netstock