420 Security Engineer jobs in South Africa

Role Description

Responsible for company-wide cybersecurity and related documents, process and record management to ensure that systems and products are safe and effective. Ensures data integrity, and that information is kept accurate and consistent unless authorized changes are made (and documented), and that confidentiality is upheld by protecting information from unauthorized access. Responsible for cybersecurity compliance and training throughout the Company.

As our IT Security Engineer, you'll support us by taking the lead on cybersecurity and working with the team to perform ongoing operations, administration, and development of security systems, as well as implementing fixes that would protect our systems. You will continuously work towards high confidence and high accuracy detection rules leveraging abnormal or suspicious events.

Cybersecurity Management 40%

• Drive development standards and processes related to cybersecurity compliance.
• Monitor all cybersecurity processes, operations and infrastructure, monitoring internal and external policy and regulatory compliance.
• Review and evaluate development designs (for existing products and during design phase for new products) to identify gaps in cybersecurity controls, and drive updates to any cybersecurity or compliance documentation.
• Liaise with internal and external stakeholders to prepare for SOC2 Type 2 and HiTrust).
• Drive cybersecurity audit strategy and readiness from a dev, security and devops perspective.
• Identify, implement and maintain all security tools and technology.
• Schedule (and ideally automate) internal vulnerability scans, remediating findings and ensuring accurate & timely reporting to satisfy PCI DSS requirements.
• Schedule annual Penetration Tests with external supplier(s) and ensure implementation of items identified in remediation plans.
• Complete required cybersecurity applications and records for large customers and audits, including reporting as required.

Infrastructure Management 30%

• Drive and action where required the planning, installation, monitoring and maintenance of IT systems and infrastructure focused on cyber security including any penetration testing that is required.
• Design and execute short- and long-term initiatives to detect and prevent any security vulnerabilities in the IT infrastructure (cloud, security and devops) to meet current and future needs.
• Develop, execute and oversee procedures, policies and related training plans for cybersecurity project management and infrastructure administration.
• Conduct research and recommend changes in services, products, protocols, and standards to support development efforts and infrastructure procurement.
• Define software and hardware security standards in collaboration with stakeholders and owners for the provisioning of the development and IT infrastructure.
• Ensure appropriate security levels on network, infrastructure and servers are maintained, ensuring that
• the IT team follows the requirements set in line with cybersecurity standards.
• Implement cybersecurity continuous improvement programs.
• Crisis management - keeping stakeholders informed and actively working with teams to return service in the shortest possible time frame. This would include documenting all disaster recovery procedures.
• Effective management and optimisation of vendors (where applicable) as well as collaborating with the dev and IT teams as necessary.

Risk Management and Compliance 20%

• Collaborate with divisional the RAQA team and Senior ManagersManagerst to define and centralize risks and put mitigation measures in place for new and existing products and services, from a cybersecurity and privacy perspective.
• Improve the automation of security controls.
• Work closely with the dev team on defining industry-standard processes and system requirements, identifying and proposing fixes to shortcomings in the development lifecycle, code reviews and scanning as well as infrastructure provisioning.
• Work with the dev team to ensure that security standards and policies are being set up and configured correctly, ensuring adherence to certifications and best-practice.
• Assist with remediations on risk items identified from security and preventative detection reviews to ensure compliance and ensure the security posture of the IT landscape is ensured at all times.
• Remediate audit items by putting measures in place to prevent the recurrence of findings. For example, by making sure that audit findings are resolved by the relevant personnel and that the resolutions are such that they prevent the item from reoccurring in the future.
• Manage internal and external audits as required with relation to cybersecurity.
• Maintain documentation for cybersecurity-related risks, processes and findings.

QMS and Documentation 10%

• Manage annual cybersecurity roadmap, IT audit (internal and external) plan and calendar.
• Work closely with the Compliance team to gather and submit evidence for all security and IT audits.
• Proactively keep stakeholders updated on status, progress, risks and problems.
• Review and approve documented outcomes of Penetration Tests, Remediation Plans and required activities.
• Review and approve documented outcomes of Vulnerability Scans, Remediation Plans and required activities.
• Maintain cybersecurity documents and records in line with certification requirements.
• Maintain document bank and matrix for the cybersecurity setup and external customer-audit matrix requests. For example, ensuring that all cybersecurity related information, such as architectural diagrams, asset lists, asset control lists and vulnerabilities, can be referenced from a single central source from which to direct the readers to the appropriate resources.

Minimum education
 
(essential):

Engineering degree (Computer, Software, Mechanical or Electronic)

Minimum education (desirable):

• OSCP (Offensive Security Certified Professional)
• PNPT (Practical Network Penetration Tester)
• CISSP (Certified Information Systems Security Professional)
• CCSP (Certified Cloud Security Practitioner)

Minimum applicable experience (years):

AWS' ecosystem:

• AWS Well Architected Framework
• Trusted Advisor
• GuardDuty / SCP / SSM / IAM / WAF
• Container services such as ECS/EKS
• Incident detection and response management.
• Performing penetration tests and vulnerability scans against networks and infrastructure, applications and AWS environments.
• Drafting and implementing security policies, security procedures, security design and implementation.

The following would be advantageous:

• ISO risk management) compliance
• ISO cybersecurity) compliance
• SOC2 Type 2 (with HiTrust attestation) or HiTrust experience (or equivalent)

Skills and Knowledge
 
(essential):

• Deep understanding of automation, quality engineering, architectural methodologies, principles, and solution design.
• Familiarity with operational observability, including log aggregation, application performance monitoring, etc.
• Understanding of the following: Linux/Windows server and application administration and configuration, networking, scripting and automation, large scale distributed computing architecture.
• Solid knowledge of IT security (firewalls, EDR, IDS/IPS, SOAR, vulnerability scanning forensic and Threat Hunting).
• Understanding of AWS ECS & Kubernetes and Containerisation (Docker/Podman/Containerd) with implementation, support, and design.
• Knowledge in security classification frameworks like MITRE or the cyber-attack kill chain.
• Good knowledge and understanding of industry standards, memberships, and frameworks such as CIS and SOC 2.

This job description is not a definitive or exhaustive list of responsibilities and is subject to change depending on changing business requirements. Employees will be consulted on any changes. Employee's performance will be reviewed based on the agreed upon objectives
.

Company Overview

StraTech is a fintech solutions company, forming strategic partnerships with our clients, offering end-to-end infrastructure to enable a comprehensive suite of integrated payments, commerce, and financial services. Our platform helps clients seamlessly embed financial capabilities into their applications and business processes - driving growth, agility, and long-term value.

Role Overview

The Security Engineer is a hands-on technical role within the DevOps department, responsible for implementing and maintaining security best practices across infrastructure, CI/CD pipelines, and runtime environments.

Reporting to the Security Engineering Team Leader, this role contributes directly to the execution of the security architecture strategy by developing, integrating, and supporting secure engineering practices throughout the software development lifecycle.

Key Responsibilities

Security Engineering & DevSecOps Integration:

• Implement and maintain security tooling across CI/CD pipelines, infrastructure-as-code, and cloud-native environments.
• Assist in hardening cloud infrastructure, container clusters, and containerized workloads.
• Support the adoption and upkeep of vulnerability management, secrets management, and access control systems.

Monitoring, Detection & Incident Response Support:

• Contribute to the setup and improvement of logging, alerting, and monitoring systems to ensure visibility of security controls.
• Assist in incident investigations and remediation efforts in collaboration with Operations and Support teams.
• Participate in routine threat modelling sessions, risk assessments, and security validation exercises.

Collaboration & Documentation:

• Work with Product Engineering, Operations and other DevOps teams to implement security requirements and remediation plans.
• Maintain technical documentation related to security tools, system configurations, and response procedures.
• Support compliance efforts through evidence gathering, control implementation, and audit readiness activities.

Requirements

Qualifications:

• Bachelor's degree in computer science, information security, engineering, or related field (or equivalent practical experience).
• 3–5 years of experience in a security engineering, DevSecOps, or infrastructure security role.

Skills and Experience:

• Solid understanding of security in cloud environments, containers, and infrastructure-as-code tools.
• Hands-on experience with at least some application security or cloud security tools.
• Familiarity with security frameworks and compliance standards (e.g. PCI-DSS, ISO
• Working knowledge of Linux system security, identity and access management (IAM), and networking basics.
• Strong communication and collaboration skills with a proactive and detail-oriented mindset.

Our Recruitment Process

We aim to make the recruitment process as efficient as possible, keeping you informed every step of the way:

• The first step is an initial conversation with our talent team. During the conversation you will learn more about StraTech and our talent team will hear more about your aspirations and experience.
• The next step will be a 30min online interview with our Dev Manager, which will be a general interview and we will be testing technical experience.
• A technical assignment will be shared for completion and discussion.
• If you go through, you will participate in a 60min technical interview with management members, we prefer an in-person technical interview at our office in Stellenbosch, where you will meet some of our leadership team.
• Finally, if we are both aligned, we wrap up the process with salary discussions and present you with an offer of employment.
• You are welcome to have an explorative conversation with our talent team by proceeding with the application – we will always make time for interested individuals.

Our Company Ethos:

• Continuous improvement and mastery: Emphasising lifelong learning, pursuit of excellence, and constant up-skilling to stay relevant in a fast-evolving industry.
• Self-care and wellbeing: Advocating for a sustainable balance between work intensity and personal well-being.
• Trust and communication: Valuing open, honest communication, and encouraging trust through transparent dialogue and constructive feedback.
• Ownership and accountability: Promoting taking initiative, taking responsibility for outcomes, and striving for excellence in all endeavours.
• Knowledge sharing and generosity: Encouraging sharing knowledge within the company and externally, fostering growth and empowerment through collaboration.
• Team support and collaboration: Valuing teamwork, mutual support, and a collective commitment to leaving a positive impact on projects and relationships.
• Long-term vision and impact: Focusing on building for the future, ensuring that actions and decisions contribute to long-term success and positive impact.

We look forward to engage with you on this opportunity

The Apex Group was established in Bermuda in 2003 and is now one of the world's largest fund administration and middle office solutions providers.

Our business is unique in its ability to reach globally, service locally and provide cross-jurisdictional services. With our clients at the heart of everything we do, our hard-working team has successfully delivered on an unprecedented growth and transformation journey, and we are now represented by over circa 13,000 employees across 112 offices worldwide.Your career with us should reflect your energy and passion.

That's why, at Apex Group, we will do more than simply 'empower' you. We will work to supercharge your unique skills and experience.

Take the lead and we'll give you the support you need to be at the top of your game. And we offer you the freedom to be a positive disrupter and turn big ideas into bold, industry-changing realities.

For our business, for clients, and for you

The Role
As a Cloud and Infrastructure Security Engineer, you'll work across multiple security domains, with emphasis on building, maintaining, and improving security controls that protect Apex's global technology environment

Key Responsibilities

• Deploy, configure, and manage security solutions across cloud (AWS, Azure, OCI) and on-premises infrastructure.
• Implement and maintain controls for network security, IAM, endpoint protection, and cloud governance.
• Support the secure design and integration of hybrid and multi-cloud environments.
• Conduct security assessments, vulnerability analysis, and remediation of cloud and infrastructure assets.
• Collaborate with platform, infrastructure, and application teams to embed security into solutions from design to operation.
• Monitor for and respond to security incidents affecting cloud and infrastructure services.
• Maintain documentation including architecture diagrams, security control mappings, and operational procedures.
• Research and recommend new technologies, tools, and practices to enhance security posture.
• Ensure compliance with relevant frameworks and internal security standards (e.g., NIST, ISO 27001, CSA CCM).

Areas of Focus

• Deploy, configure, and manage security controls for AWS, Azure, and OCI environments.
• Implement cloud-native security controls including Security Groups, IAM policies, KMS, and encryption.
• Integrate and manage CSPM and CWPP tools to monitor and enforce cloud security posture.
• Enforce least privilege and Zero Trust principles across cloud accounts and subscriptions.
• Secure cloud and infrastructure environments supporting mergers and acquisitions.
• Implement and manage Microsoft 365 security baselines, Conditional Access, and Intune compliance.
• Harden operating systems, containers, and virtual machines following best practices.
• Design and maintain secure network architectures for hybrid and multi-cloud connectivity.
• Configure firewalls, WAFs, VPN gateways, and implement network segmentation.
• Deploy intrusion prevention/detection (IPS/IDS) and network monitoring solutions.
• Support DDoS protection strategies and integrate with cloud provider capabilities.
• Conduct patching, vulnerability scanning, and secure configuration audits.
• Manage identity federation, SSO, MFA, and enforce strong authentication policies.
• Investigate and respond to incidents affecting cloud workloads, networks, or infrastructure.
• Map cloud and infrastructure security controls to frameworks such as NIST CSF, ISO 27001, and CSA CCM.
• Maintain asset inventory and ensure continuous compliance with corporate security standards.
• Research and recommend new security tools, services, and best practices to strengthen defenses.

Required Experience & Skills

• 5–8 years of experience in cybersecurity, cloud, or infrastructure roles, with a focus on security engineering.
• Proven hands-on experience with AWS, Azure
• Strong knowledge of network security, IAM, endpoint protection, and vulnerability management.
• Familiarity with Kubernetes, CI/CD security, and cloud automation (Terraform, Ansible, etc.).
• Understanding of security frameworks (NIST, ISO 27001, CSA CCM, MITRE ATT&CK).
• Ability to troubleshoot and resolve security incidents in complex environments.
• Strong communication skills to work effectively with both technical and non-technical stakeholders.
• Relevant certifications such as CCSP, CISSP, AWS/Azure Security Engineer, or equivalent are advantageous.

What will you get in return:

• Opportunity to work with senior security professionals across multiple global teams.
• Exposure to cutting-edge cloud and infrastructure technologies.
• Flexible work options and a strong focus on collaboration and growth.
• A role where you can directly influence Apex's global security posture.

Additional information:
We are an equal opportunity employer and ensure that no applicant is subject to less favourable treatment on the grounds of gender, gender identity, marital status, race, colour, nationality, ethnicity, age, sexual orientation, socio-economic, responsibilities for dependents, physical or mental disability. Any hiring decision are made on the basis of skills, qualifications and experiences. We measure our success as a business, not only by delivering great products and services and continually increasing our assets under administration and market share, but also by how we positively impact people, society and the planet. For more information on our commitment to Corporate Social Responsibility (CSR) please visit If you are looking to take that next step in your career and are ready to work for a high performing organization, alongside talented people who take pride in delivering great results, please submit your application (with your CV, cover letter and salary's expectations).

Disclaimer: Unsolicited CVs sent to Apex (Talent Acquisition Team or Hiring Managers) by recruitment agencies will not be accepted for this position. Apex operates a direct sourcing model and where agency assistance is required, the Talent Acquisition team will engage directly with our exclusive recruitment partners.

Responsible for company-wide cybersecurity and related documents, process and record management to ensure that systems and products are safe and effective. Ensures data integrity, and that information is kept accurate and consistent unless authorized changes are made (and documented), and that confidentiality is upheld by protecting information from unauthorized access. Responsible for cybersecurity compliance and training throughout the Company.

As our IT Security Engineer, you'll support us by taking the lead on cybersecurity and working with the team to perform ongoing operations, administration, and development of security systems, as well as implementing fixes that would protect our systems. You will continuously work towards high confidence and high accuracy detection rules leveraging abnormal or suspicious events.

Cybersecurity Management 40%

• Drive development standards and processes related to cybersecurity compliance.
• Monitor all cybersecurity processes, operations and infrastructure, monitoring internal and external policy and regulatory compliance.
• Review and evaluate development designs (for existing products and during design phase for new products) to identify gaps in cybersecurity controls, and drive updates to any cybersecurity or compliance documentation.
• Liaise with internal and external stakeholders to prepare for SOC2 Type 2 and HiTrust).
• Drive cybersecurity audit strategy and readiness from a dev, security and devops perspective.
• Identify, implement and maintain all security tools and technology.
• Schedule (and ideally automate) internal vulnerability scans, remediating findings and ensuring accurate & timely reporting to satisfy PCI DSS requirements.
• Schedule annual Penetration Tests with external supplier(s) and ensure implementation of items identified in remediation plans.
• Complete required cybersecurity applications and records for large customers and audits, including reporting as required.

Infrastructure Management 30%

• Drive and action where required the planning, installation, monitoring and maintenance of IT systems and infrastructure focused on cyber security including any penetration testing that is required.
• Design and execute short- and long-term initiatives to detect and prevent any security vulnerabilities in the IT infrastructure (cloud, security and devops) to meet current and future needs.
• Develop, execute and oversee procedures, policies and related training plans for cybersecurity project management and infrastructure administration.
• Conduct research and recommend changes in services, products, protocols, and standards to support development efforts and infrastructure procurement.
• Define software and hardware security standards in collaboration with stakeholders and owners for the provisioning of the development and IT infrastructure.
• Ensure appropriate security levels on network, infrastructure and servers are maintained, ensuring that
• the IT team follows the requirements set in line with cybersecurity standards.
• Implement cybersecurity continuous improvement programs.
• Crisis management - keeping stakeholders informed and actively working with teams to return service in the shortest possible time frame. This would include documenting all disaster recovery procedures.
• Effective management and optimisation of vendors (where applicable) as well as collaborating with the dev and IT teams as necessary.

Risk Management and Compliance 20%

• Collaborate with divisional the RAQA team and Senior ManagersManagerst to define and centralize risks and put mitigation measures in place for new and existing products and services, from a cybersecurity and privacy perspective.
• Improve the automation of security controls.
• Work closely with the dev team on defining industry-standard processes and system requirements, identifying and proposing fixes to shortcomings in the development lifecycle, code reviews and scanning as well as infrastructure provisioning.
• Work with the dev team to ensure that security standards and policies are being set up and configured correctly, ensuring adherence to certifications and best-practice.
• Assist with remediations on risk items identified from security and preventative detection reviews to ensure compliance and ensure the security posture of the IT landscape is ensured at all times.
• Remediate audit items by putting measures in place to prevent the recurrence of findings. For example, by making sure that audit findings are resolved by the relevant personnel and that the resolutions are such that they prevent the item from reoccurring in the future.
• Manage internal and external audits as required with relation to cybersecurity.
• Maintain documentation for cybersecurity-related risks, processes and findings.

QMS and Documentation 10%

• Manage annual cybersecurity roadmap, IT audit (internal and external) plan and calendar.
• Work closely with the Compliance team to gather and submit evidence for all security and IT audits.
• Proactively keep stakeholders updated on status, progress, risks and problems.
• Review and approve documented outcomes of Penetration Tests, Remediation Plans and required activities.
• Review and approve documented outcomes of Vulnerability Scans, Remediation Plans and required activities.
• Maintain cybersecurity documents and records in line with certification requirements.
• Maintain document bank and matrix for the cybersecurity setup and external customer-audit matrix requests. For example, ensuring that all cybersecurity related information, such as architectural diagrams, asset lists, asset control lists and vulnerabilities, can be referenced from a single central source from which to direct the readers to the appropriate resources.

Role Requirements

Minimum education
 
(essential):

Engineering degree (Computer, Software, Mechanical or Electronic)

Minimum education (desirable):

• OSCP (Offensive Security Certified Professional)
• PNPT (Practical Network Penetration Tester)
• CISSP (Certified Information Systems Security Professional)
• CCSP (Certified Cloud Security Practitioner)

Minimum applicable experience (years):

AWS' ecosystem:

• AWS Well Architected Framework
• Trusted Advisor
• GuardDuty / SCP / SSM / IAM / WAF
• Container services such as ECS/EKS
• Incident detection and response management.
• Performing penetration tests and vulnerability scans against networks and infrastructure, applications and AWS environments.
• Drafting and implementing security policies, security procedures, security design and implementation.

The following would be advantageous:

• ISO risk management) compliance
• ISO cybersecurity) compliance
• SOC2 Type 2 (with HiTrust attestation) or HiTrust experience (or equivalent)

Skills and Knowledge
 
(essential):

• Deep understanding of automation, quality engineering, architectural methodologies, principles, and solution design.
• Familiarity with operational observability, including log aggregation, application performance monitoring, etc.
• Understanding of the following: Linux/Windows server and application administration and configuration, networking, scripting and automation, large scale distributed computing architecture.
• Solid knowledge of IT security (firewalls, EDR, IDS/IPS, SOAR, vulnerability scanning forensic and Threat Hunting).
• Understanding of AWS ECS & Kubernetes and Containerisation (Docker/Podman/Containerd) with implementation, support, and design.
• Knowledge in security classification frameworks like MITRE or the cyber-attack kill chain.
• Good knowledge and understanding of industry standards, memberships, and frameworks such as CIS and SOC 2.

This job description is not a definitive or exhaustive list of responsibilities and is subject to change depending on changing business requirements. Employees will be consulted on any changes. Employee's performance will be reviewed based on the agreed upon objectives
.