218 Security Engineer jobs in South Africa

A Security Engineer is a crucial member of an organization’s IT team, specializing in safeguarding digital assets and maintaining the security posture of the company. They work to design, implement, and manage security measures to protect against cyber threats, unauthorized access, and data breaches.

Key Responsibilities:

Security Infrastructure Design:

• Design and implement security infrastructure, including firewalls, intrusion detection systems, and encryption protocols.
• Evaluate and recommend security products and technologies to enhance the organization’s security posture.

Incident Response and Monitoring:

• Monitor network traffic for suspicious activity and potential security breaches.
• Develop and maintain incident response plans and procedures to mitigate security incidents.
• Investigate security incidents, determine the root cause, and implement corrective actions.

Vulnerability Assessment and Penetration Testing:

• Conduct regular security assessments to identify vulnerabilities in systems and applications.
• Perform penetration tests to simulate cyberattacks and assess the organization’s readiness.

Access Control and Authentication:

• Manage user access controls and authentication mechanisms.
• Implement and maintain multi-factor authentication (MFA) solutions.

Security Policies and Compliance:

• Develop and enforce security policies, standards, and procedures.
• Ensure compliance with industry regulations (e.g., GDPR, HIPAA, PCI DSS) and best practices.

Security Awareness and Training:

• Conduct security awareness programs and training for employees.
• Keep the organization informed about emerging threats and security best practices.

Security Patch Management:

• Manage and coordinate the timely installation of security patches and updates.
• Maintain an inventory of software and hardware assets.

Encryption and Data Protection:

• Implement encryption mechanisms to protect sensitive data at rest and in transit.
• Ensure the confidentiality and integrity of data through encryption and access controls.

Qualifications:

• Bachelor’s degree in computer science, information security, or a related field (or equivalent experience).
• Relevant industry certifications such as Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH), Certified Information Security Manager (CISM), or equivalent.
• Proven experience in information security roles, including network security, system security, or application security.
• Strong knowledge of security technologies, protocols, and tools.
• Understanding of risk management principles and methodologies.
• Proficiency in scripting and programming languages (e.g., Python, PowerShell) for automation and analysis.
• Familiarity with cloud security concepts (e.g., AWS, Azure, Google Cloud).
• Excellent problem-solving and analytical skills.
• Effective communication and teamwork abilities.

Preferred Skills:

• Experience with security information and event management (SIEM) systems.
• Knowledge of threat intelligence and threat hunting techniques.
• Experience with secure coding practices and application security assessments.
• Familiarity with network and web application firewalls.
• Understanding of security-related regulations and compliance standards.
• Security Engineers typically work in an office environment but may need to respond to security incidents outside regular business hours.
• The role may involve occasional travel to remote offices or data centers.

Security Engineers play a pivotal role in maintaining the confidentiality, integrity, and availability of an organization’s information assets. They are instrumental in protecting against cyber threats and ensuring compliance with industry regulations and security best practices.

Our client is searching for an Information Security Engineer to join their team.

Job Purpose:

• Responsible for protecting an organisation's valuable data, systems, and network from cyber threats and attacks.

Responsibilities:

• Analyze, research, and report possible threats and or weaknesses to IT systems.
• Implement best practices and assist in adherence to security standards for the organisation.
• Support company employees with cybersecurity, software, and hardware needs regarding their impact on information security.
• Investigate and react to security incidents and ongoing threats, ensuring the organisation is secure.
• Monitoring networking environments and responding, engaging with service providers.
• Monitor and track the performance of IT security measures
• Monitor, manage, configure, troubleshoot and maintain IT security hardware and software, including firewall administration.
• Ensure business alignment with information security policies and procedures.

Qualifications and Requirements:

• Matric/Grade 12.
• National certificate in information technology or a bachelor’s degree in information technology, or CompTIA certifications A+ and N+.
• CompTIA Security+ and Certified Ethical Hacking (CEH) certifications are desired.
• Excellent communication skills and ability to work in a team environment.
• Critical thinking skills and the ability to solve problems as they arise.
• Ability to prioritise ongoing security projects.
• Full understanding of the components making up the IT environment, and their corresponding security implications.
• Experience with SOC and SIEM solutions.
• An enthusiasm and passion for staying up to date with security threats, trends, and solutions protecting the organisation’s environment.

Experience:

• A minimum of 4 years of experience in information and cybersecurity.
• Practical experience with networks and firewalls, administering firewalls and investigating network issues.
• Practical security experience with endpoint security, email protection, email flow, Office 365, Azure, AWS and other cloud-based solutions.
• Knowledge and experience of various security systems encompassing antivirus, content filtering, firewalls, authentication, intrusion detection, and others.
• Practical full experience with a variety of operating systems, including but not limited to Windows Server, Windows Desktop and Linux operating systems, is required.
• Previous experience and driving the governance of information security policies into the business.
• Experience with Kali Linux and other penetration and/or vulnerability scanning solutions.
• Ability to critically analyse requirements/issues and solve complex problems.

Press Tab to Move to Skip to Content Link

Select how often (in days) to receive an alert:

Posting Date: 26 Apr 2025

Location:

Alexandra (City Area), SG, 119954

Company: United Overseas Bank Ltd

United Overseas Bank Limited (UOB) is a leading bank in Asia with a global network of more than 500 branches and offices in 19 countries and territories in Asia Pacific, Europe and North America. x Our history spans more than 80 years. Over this time, we have been guided by our values – Honorable, Enterprising, United and Committed. This means we always strive to do what is right, build for the future, work as one team and pursue long-term success. It is how we work, consistently, be it towards the company, our colleagues or our customers.

Group Technology and Operations (GTO) provides software and system development, information technology support services and banking operations.

We have centralized and standardized the technology components into Singapore, creating a global footprint which can be utilized for supporting our regional subsidiaries and the branches around the world. We operate and support 19 countries with this architecture to provide a secure and flexible banking infrastructure.

Our Operations divisions provide transactional customer services for our businesses while also focusing on cost efficiency through process improvements, automation and straight through processing.

The Senior Security Engineer will lead and support the day-to-day operations and development of the bank security suite of products with key objective in designing, developing, deploying, maintaining and enhancing the Bank’s Data Security capabilities, which includes but is not limited to Data Loss Prevention (DLP), E-Mail Encryption and Cryptographic Key Management and Operations
Key Responsibilities:

• Support execution of DLP strategies and initiatives, including to deploy and maintain data security solution and infrastructure deployed within the Bank
• Transform business requirements to effective data security rules with consideration to operational impact
• Product research and define requirements for new projects, perform product evaluation and technical Proof of Concept.
• Drive upgrades and migration to ensure Data Security solutions and or related platforms are maintained in tip-top working conditions with proper documentation and RCA.
• Manage and coordinate change process engagement with regards to current Data Security solutions.
• Continuously assess and understand the Bank’s attack surface and exposure in relation to leakage of Bank’s sensitive information
• Drive a culture of continuous improvement; Identify, recommend and implement robust measures, process enhancements or new capabilities.
• Provide support for all Audit and Regulatory requests

Others:

• Communicate effectively with a variety of internal teams and third party service providers/vendors for the delivery of Data Security services/solutionsCapable of managing a variety of priorities and deliverables in an operational, interrupt driven environment with minimal guidance or supervision.
• Manage incidents and work within established practices and guidelines for prompt response times and effective resolution.
• Work with internal technical teams and engineers in technical troubleshooting and forums.
• Resolve standard/routine issues with no guidance and complex/unusual issues with minimal guidance.
• Stay updated with emerging trends in cybersecurity technologies and integrate innovative approaches into the bank's overall security strategy;

Education

• Diploma/Degree in engineering/Computer Science / IT/Cyber Security from a recognized education institution
• Professional qualification in information security, such as CISSP / CISM / CEH, or data Security product certifications will be advantageous.

Technical Skills

• Overall experience 8 to 12 years of experience
• 6 to 8 years of relevant experience in managing and deploying Data Security technologies, specializing in DLP solution
• Hands-on experience in implementing and operationalizing data protection solutions (e.g. data classification, labelling, encryption, DLP)
• Proven track record in leading successful DLP projects and implementing data security technologies.
• Working experience with other cybersecurity products such as SIEM, threat intelligence, security incident response and forensic investigation, network and endpoint protection would be advantageous.
• Strong understanding of cybersecurity principles and frameworks including ISO 27001 & NIST Cybersecurity Framework;
• Knowledgeable with the variety of Data Security technologies and familiar with the industry trends and best practices
• Proficiency with open systems (eg. Windows, Unix,Linux), networking technologies (routers/firewalls), end user technologies (Windows, iOS, Android), endpoint management platforms (e.g. MDM) and cloud technologies (eg. AWS, Azure, M365, GCP) in relation to Data Security
• Knowledgeable with cryptographic standards and secure data transmission methodologies

Soft Skills

• Good written and verbal communication skills
• Process aware mindset
• Strong analytical and problem solving skills
• Effective time management and organizational skills.
• Team player, including ability to establish and maintain effective working relationships within and across the organisation

Other Requirements

• Willingness to perform on-call duties as and when required

UOB is an equal opportunity employer. UOB does not discriminate on the basis of a candidate's age, race, gender, color, religion, sexual orientation, physical or mental disability, or other non-merit factors. All employment decisions at UOB are based on business needs, job requirements and qualifications. If you require any assistance or accommodations to be made for the recruitment process, please inform us when you submit your online application.

Press Tab to Move to Skip to Content Link

Select how often (in days) to receive an alert:

Posting Date: 26 Apr 2025

Location:

Alexandra (City Area), SG, 119954

Company: United Overseas Bank Ltd

United Overseas Bank Limited (UOB) is a leading bank in Asia with a global network of more than 500 branches and offices in 19 countries and territories in Asia Pacific, Europe and North America. x Our history spans more than 80 years. Over this time, we have been guided by our values – Honorable, Enterprising, United and Committed. This means we always strive to do what is right, build for the future, work as one team and pursue long-term success. It is how we work, consistently, be it towards the company, our colleagues or our customers.

Group Technology and Operations (GTO) provides software and system development, information technology support services and banking operations.

We have centralized and standardized the technology components into Singapore, creating a global footprint which can be utilized for supporting our regional subsidiaries and the branches around the world. We operate and support 19 countries with this architecture to provide a secure and flexible banking infrastructure.

Our Operations divisions provide transactional customer services for our businesses while also focusing on cost efficiency through process improvements, automation and straight through processing.

The Senior Security Engineer will lead and support the day-to-day operations and development of the bank security suite of products with key objective in designing, developing, deploying, maintaining and enhancing the Bank’s Data Security capabilities, which includes but is not limited to Data Loss Prevention (DLP), E-Mail Encryption and Cryptographic Key Management and Operations
Key Responsibilities:

• Support execution of DLP strategies and initiatives, including to deploy and maintain data security solution and infrastructure deployed within the Bank
• Transform business requirements to effective data security rules with consideration to operational impact
• Product research and define requirements for new projects, perform product evaluation and technical Proof of Concept.
• Drive upgrades and migration to ensure Data Security solutions and or related platforms are maintained in tip-top working conditions with proper documentation and RCA.
• Manage and coordinate change process engagement with regards to current Data Security solutions.
• Continuously assess and understand the Bank’s attack surface and exposure in relation to leakage of Bank’s sensitive information
• Drive a culture of continuous improvement; Identify, recommend and implement robust measures, process enhancements or new capabilities.
• Provide support for all Audit and Regulatory requests

Others:

• Communicate effectively with a variety of internal teams and third party service providers/vendors for the delivery of Data Security services/solutionsCapable of managing a variety of priorities and deliverables in an operational, interrupt driven environment with minimal guidance or supervision.
• Manage incidents and work within established practices and guidelines for prompt response times and effective resolution.
• Work with internal technical teams and engineers in technical troubleshooting and forums.
• Resolve standard/routine issues with no guidance and complex/unusual issues with minimal guidance.
• Stay updated with emerging trends in cybersecurity technologies and integrate innovative approaches into the bank's overall security strategy;

Education

• Diploma/Degree in engineering/Computer Science / IT/Cyber Security from a recognized education institution
• Professional qualification in information security, such as CISSP / CISM / CEH, or data Security product certifications will be advantageous.

Technical Skills

• Overall experience 8 to 12 years of experience
• 6 to 8 years of relevant experience in managing and deploying Data Security technologies, specializing in DLP solution
• Hands-on experience in implementing and operationalizing data protection solutions (e.g. data classification, labelling, encryption, DLP)
• Proven track record in leading successful DLP projects and implementing data security technologies.
• Working experience with other cybersecurity products such as SIEM, threat intelligence, security incident response and forensic investigation, network and endpoint protection would be advantageous.
• Strong understanding of cybersecurity principles and frameworks including ISO 27001 & NIST Cybersecurity Framework;
• Knowledgeable with the variety of Data Security technologies and familiar with the industry trends and best practices
• Proficiency with open systems (eg. Windows, Unix,Linux), networking technologies (routers/firewalls), end user technologies (Windows, iOS, Android), endpoint management platforms (e.g. MDM) and cloud technologies (eg. AWS, Azure, M365, GCP) in relation to Data Security
• Knowledgeable with cryptographic standards and secure data transmission methodologies

Soft Skills

• Good written and verbal communication skills
• Process aware mindset
• Strong analytical and problem solving skills
• Effective time management and organizational skills.
• Team player, including ability to establish and maintain effective working relationships within and across the organisation

Other Requirements

• Willingness to perform on-call duties as and when required

UOB is an equal opportunity employer. UOB does not discriminate on the basis of a candidate's age, race, gender, color, religion, sexual orientation, physical or mental disability, or other non-merit factors. All employment decisions at UOB are based on business needs, job requirements and qualifications. If you require any assistance or accommodations to be made for the recruitment process, please inform us when you submit your online application.

• Network Security Design & Implementation:
  
  

• Firewall & Intrusion Detection:
  
  

• Threat Monitoring & Incident Response:
  
  

• Security Audits & Risk Assessments:
  
  

• Security Tools & Automation:
  
  

• Strong understanding of network protocols, including TCP/IP, DNS, DHCP, and HTTP.
• Hands-on experience with firewalls (Palo Alto, Cisco ASA, Fortinet, etc.), VPN technologies, and IDS/IPS.
• Experience with network security tools such as SIEM, vulnerability scanners (Nessus, Qualys), and penetration testing tools.
• Familiarity with cloud security architectures and hybrid environments (AWS, Azure).
• Knowledge of industry standards and best practices (NIST, ISO 27001, PCI DSS).

Bachelors degree /Diploma or equivalent experience 3+ years of IT experience 1+ years of hands-on web application penetration testing / ethical hacking experience The Purpose of Your Role Lead testing efforts on web and mobile applications and supporting systems. Replicate the actual techniques and tools used by malicious attackers in an effort to model potential external threats. Upon completion of the assessment, you will prepare reports and present the results to application owners, developers, and business unit information security teams. Analyse test results, draw conclusions from results, and develop targeted exploit examples. Consult with operations and software - development teams to ensure potential weaknesses are addressed. Contribute to the research or development of tools to assist in the vulnerability discovery process. Identify threats to improve the overall security of applications and infrastructure. Recommend solutions to help migitate risks and protect entire network i.e. Architect security solution Skills: Ability to demonstrate manual testing experience including all of OWASP Working knowledge of application security mechanisms such as authentication and authorization techniques, data validation, and the proper use of encryption Technical knowledge of, and the ability to recognize, various types of application security vulnerabilities Demonstrated experience with common penetration testing and vulnerability assessment tools such as nmap, Wireshark, Nessus, NeXpose, Kali, Metasploit, AppScan, WebInspect, Burp Suite Professional, Acunetix, Arachni, w3af, NTOSpider Knowledge of a programming or scripting language such a C, C#, Python, Objective C, Java, Javascript, SQL, Knowledge of Web Services technologies such as XML, JSON, SOAP, REST, and AJAX Knowledge of web frameworks, including XML, SOAP, J2EE, JSON and Ajax Experience with Enterprise Java or .NET web application frameworks, including Struts and Spring Proven analytical and problem solving skills, as well as the desire to assist others in solving issues Excellent interpersonal skills with a strong interest in the application security domain Excellent communication and presentation skills and a proven ability to communicate threats and facilitate progress towards long-term remediation Highly motivated with the willingness to take ownership / responsibility for their work and the ability to work alone or as part of a team. Ability to produce high level reports Preferred Skills and competencies: A+, N+, S+, CCNA Vulnerability Scanning Vulnerability Assessment Valid Certified Ethical Hacker Certificate Certified Penetration Testing Professional/ OR CISA/CISM/SISSP AND CISSP certification. NB! CV FORMAT MUST BE PDF

We're looking for a hands-on IT Security Engineer to lead our cybersecurity efforts across the business. You'll manage security systems, ensure data integrity, protect sensitive information, and drive company-wide compliance and training. From developing smart detection rules to implementing system fixes, you’ll play a key role in keeping our systems safe, secure, and one step ahead of threats.

POSITION INFO :

Engineering degree (Computer, Software, Mechanical or Electronic

• OSCP (Offensive Security Certified Professional)
• PNPT (Practical Network Penetration Tester)
• CISSP(Certified Information Systems Security Professional)
• CCSP (Certified Cloud Security Practitioner)

Minimum applicable experience (years) :

AWS' ecosystem :

• AWS Well Architected Framework
• GuardDuty / SCP / SSM / IAM / WAF
• Container services such as ECS / EKS
• Incident detection and response management.
• Performing penetration tests and vulnerability scans against networks and infrastructure, applications and AWS environments.
• Drafting and implementing security policies, security procedures, security design and implementation.

The following would be advantageous :

• ISO 27032 (cybersecurity) compliance
• SOC2 Type 2 (with HiTrust attestation) or HiTrust experience (or equivalent)

Skills and Knowledge(essential) :

• Deep understanding of automation, quality engineering, architectural methodologies, principles, and solution design.
• Familiarity with operational observability, including log aggregation, application performance monitoring, etc.
• Understanding of the following : Linux / Windows server and application administration and configuration, networking, scripting and automation, large scale distributed computing architecture.
• Solid knowledge of IT security (firewalls, EDR, IDS / IPS, SOAR, vulnerability scanning forensic and Threat Hunting).
• Understanding of AWS ECS & Kubernetes and Containerisation (Docker / Podman / Containerd) with implementation, support, and design.
• Knowledge in security classification frameworks like MITRE or the cyber-attack kill chain.

Good knowledge and understanding of industry standards, memberships, and frameworks such as CIS and SOC 2

Security Engineer • Pretoria, South Africa

Join to apply for the Security Engineer role at hearX .

1 day ago Be among the first 25 applicants

Pretoria - 2 days work-from-home in line with Company Policy (only applicable after probation is successfully passed).

Responsible for company-wide cybersecurity and related documents, process and record management to ensure that systems and products are safe and effective. Ensures data integrity, and that information is kept accurate and consistent unless authorized changes are made (and documented), and that confidentiality is upheld by protecting information from unauthorized access. Responsible for cybersecurity compliance and training throughout the Company.

As our IT Security Engineer, you'll support us by taking the lead on cybersecurity and working with the team to perform ongoing operations, administration, and development of security systems, as well as implementing fixes that would protect our systems. You will continuously work towards high confidence and high accuracy detection rules leveraging abnormal or suspicious events.

Engineering degree (Computer, Software, Mechanical or Electronic)

• OSCP (Offensive Security Certified Professional)
• PNPT (Practical Network Penetration Tester)
• CISSP (Certified Information Systems Security Professional)
• CCSP (Certified Cloud Security Practitioner)

AWS' Ecosystem

• AWS Well Architected Framework
• Trusted Advisor
• GuardDuty / SCP / SSM / IAM / WAF
• Container services such as ECS/EKS
• Incident detection and response management
• Performing penetration tests and vulnerability scans against networks and infrastructure, applications and AWS environments
• Drafting and implementing security policies, security procedures, security design and implementation

• ISO 14971 (risk management) compliance
• ISO 27032 (cybersecurity) compliance
• SOC2 Type 2 (with HiTrust attestation) or HiTrust experience (or equivalent)

• Deep understanding of automation, quality engineering, architectural methodologies, principles, and solution design
• Familiarity with operational observability, including log aggregation, application performance monitoring, etc.
• Understanding of Linux/Windows server and application administration and configuration, networking, scripting and automation, large scale distributed computing architecture
• Solid knowledge of IT security (firewalls, EDR, IDS/IPS, SOAR, vulnerability scanning forensic and Threat Hunting)
• Understanding of AWS ECS & Kubernetes and Containerisation (Docker/Podman/Containerd) with implementation, support, and design
• Knowledge in security classification frameworks like MITRE or the cyber-attack kill chain
• Good knowledge and understanding of industry standards, memberships, and frameworks such as CIS and SOC 2

• Drive development standards and processes related to cybersecurity compliance
• Monitor all cybersecurity processes, operations and infrastructure, monitoring internal and external policy and regulatory compliance
• Review and evaluate development designs (for existing products and during design phase for new products) to identify gaps in cybersecurity controls, and drive updates to any cybersecurity or compliance documentation
• Liaise with internal and external stakeholders to prepare for SOC2 Type 2 and HiTrust
• Drive cybersecurity audit strategy and readiness from a dev, security and devops perspective
• Identify, implement and maintain all security tools and technology
• Schedule (and ideally automate) internal vulnerability scans, remediating findings and ensuring accurate & timely reporting to satisfy PCI DSS requirements
• Schedule annual Penetration Tests with external supplier(s) and ensure implementation of items identified in remediation plans
• Complete required cybersecurity applications and records for large customers and audits, including reporting as required

• Drive and action where required the planning, installation, monitoring and maintenance of IT systems and infrastructure focused on cyber security including any penetration testing that is required
• Design and execute short- and long-term initiatives to detect and prevent any security vulnerabilities in the IT infrastructure (cloud, security and devops) to meet current and future needs
• Develop, execute and oversee procedures, policies and related training plans for cybersecurity project management and infrastructure administration
• Conduct research and recommend changes in services, products, protocols, and standards to support development efforts and infrastructure procurement
• Define software and hardware security standards in collaboration with stakeholders and owners for the provisioning of the development and IT infrastructure
• Ensure appropriate security levels on network, infrastructure and servers are maintained, ensuring that the IT team follows the requirements set in line with cybersecurity standards
• Implement cybersecurity continuous improvement programs
• Crisis management - keeping stakeholders informed and actively working with teams to return service in the shortest possible time frame. This would include documenting all disaster recovery procedures
• Effective management and optimisation of vendors (where applicable) as well as collaborating with the dev and IT teams as necessary

• Collaborate with divisional the RAQA team and Senior Managers to define and centralize risks and put mitigation measures in place for new and existing products and services, from a cybersecurity and privacy perspective
• Improve the automation of security controls
• Work closely with the dev team on defining industry-standard processes and system requirements, identifying and proposing fixes to shortcomings in the development lifecycle, code reviews and scanning as well as infrastructure provisioning
• Work with the dev team to ensure that security standards and policies are being set up and configured correctly, ensuring adherence to certifications and best-practice
• Assist with remediations on risk items identified from security and preventative detection reviews to ensure compliance and ensure the security posture of the IT landscape is ensured at all times
• Remediate audit items by putting measures in place to prevent the recurrence of findings. For example, by making sure that audit findings are resolved by the relevant personnel and that the resolutions are such that they prevent the item from reoccurring in the future
• Manage internal and external audits as required with relation to cybersecurity
• Maintain documentation for cybersecurity-related risks, processes and findings

• Manage annual cybersecurity roadmap, IT audit (internal and external) plan and calendar
• Work closely with the Compliance team to gather and submit evidence for all security and IT audits
• Proactively keep stakeholders updated on status, progress, risks and problems
• Review and approve documented outcomes of Penetration Tests, Remediation Plans and required activities
• Review and approve documented outcomes of Vulnerability Scans, Remediation Plans and required activities
• Maintain cybersecurity documents and records in line with certification requirements
• Maintain document bank and matrix for the cybersecurity setup and external customer-audit matrix requests. For example, ensuring that all cybersecurity related information, such as architectural diagrams, asset lists, asset control lists and vulnerabilities, can be referenced from a single central source from which to direct the readers to the appropriate resources

This job description is not a definitive or exhaustive list of responsibilities and is subject to change depending on changing business requirements. Employees will be consulted on any changes. Employee’s performance will be reviewed based on the agreed upon objectives .

• Mid-Senior level

• Full-time

• Information Technology

• Wellness and Fitness Services

Referrals increase your chances of interviewing at hearX by 2x

Get notified about new Security Engineer jobs in Pretoria, Gauteng, South Africa .