110 Security Testing jobs in South Africa

Our client is looking for a talented Security Analyst who is ready to take on a variety of security assessments and grow their career in a high-energy, cutting-edge environment.

Responsibilities:

Penetration Testing:

• Collaborate within a team of experts to conduct vulnerability assessments and penetration tests across a wide range of technologies.
• Assess network, application (web and thick client), mobile, wireless, social engineering, and physical security, using both automated and manual techniques.
• Engage with clients professionally to deliver insights and constructive feedback, ensuring their security needs are met.
• Dive deep into security topics like network, database, and application security, developing your expertise along the way.
• Leverage your skills with penetration testing tools to uncover vulnerabilities and improve security measures.

Red Teaming:

• Become part of an elite Red Team, focusing on reconnaissance using open-source intelligence (OSINT) to gather actionable data.
• Take the lead in compromising systems by identifying vulnerabilities in people, processes, and technology.
• Develop and deploy command-and-control servers and custom payloads, establishing persistence within target environments.
• Evolve your craft by creating new tools, techniques, and procedures to avoid detection by defenders.
• Work on escalation, maintaining long-term access to compromised networks, and exfiltrating critical data.

Research and Development:

• Stay ahead of the curve by researching and identifying new vulnerabilities, focusing on high-profile products and systems.
• Understand and analyze the latest tactics used by threat actors to craft innovative security strategies.
• Develop and refine attack methodologies that will be used to strengthen future defensive efforts.

Requirements:

Experience:

• 2-5 years' hands-on Penetration Testing, including a strong background in network, mobile, web, and wireless security assessments.
• Strong understanding of common vulnerability assessment and penetration testing tools.
• Ability to think critically and creatively to solve complex security challenges.
• Strong communication skills for both internal collaboration and client-facing interactions.
• Passion for continuous learning and staying updated on the latest in cybersecurity.

Restream is looking for a talented Security Engineer to join us to solve complex challenges and build world-class products. In this role, you will conduct architecture security reviews, application testing, penetration testing, and work with the engineering team, security researchers, and third-party vendors to ensure the security of our systems as we rapidly scale our product and organization. You understand the importance of simplicity and reliability, and you calculate the impact of every decision on each. We believe in small teams where each member contributes significant value.

What You’ll Do

• Perform application and penetration testing.
• Work with engineers to analyze systems, threat model new features, and create responsive controls to ensure end-to-end customer protection.
• Work with third-party vendors to perform annual application and penetration testing reports.
• Maintain, and grow our private bug bounty program; lead the transition to a public bug bounty program.
• Give and receive code review feedback from the team.
• Maintain a pulse on emerging technologies and discover hidden opportunities in our environment.
• Ensure security and resilience of Restream production infrastructure.

What We Look For

• A scrappy, entrepreneurial attitude that gets high-quality projects done quickly.
• Solid knowledge of web applications vulnerabilities and attack vectors.
• Experience manually testing web applications, performing penetration testing, and using automated tools for reconnaissance and discovery.
• Experience with scripting languages and at least one general-purpose programming language. Node.JS (TypeScript) or Rust would be a plus but are not a requirement.
• Strong written and verbal communication skills.
• Self-directed, analytical, and work well in a team environment.
• Passionate about keeping Restream customers and employees safe online.

Restream is the #1 solution for creating professional live videos and streaming them to all social networks at once. Millions of people around the world use Restream to reach, engage, and monetize their audiences. We’re a small and diverse group of dreamers who make technology work for the world. We believe that a small but highly driven and focused team can make a lasting impact in any area.

What We Offer

• Startup environment and a flat company structure.
• Work closely with founders and team to build and grow the product.
• Direct influence and impact on the direction of the product and development.
• The ability to create something that influences people’s lives.
• Competitive pay and equity packages for you to truly be a part of the Restream journey.
• Flexible paid time off.
• The tech you need to get your job done.

Pretoria - 2 days work-from-home in line with Company Policy (only applicable after probation is successfully passed).

Job Purpose:

Responsible for company-wide cybersecurity and related documents, process and record management to ensure that systems and products are safe and effective. Ensures data integrity, and that information is kept accurate and consistent unless authorized changes are made (and documented), and that confidentiality is upheld by protecting information from unauthorized access. Responsible for cybersecurity compliance and training throughout the Company.

As our IT Security Engineer, you'll support us by taking the lead on cybersecurity and working with the team to perform ongoing operations, administration, and development of security systems, as well as implementing fixes that would protect our systems. You will continuously work towards high confidence and high accuracy detection rules leveraging abnormal or suspicious events.

Minimum education (essential):
Engineering degree (Computer, Software, Mechanical or Electronic

• OSCP (Offensive Security Certified Professional)
• PNPT (Practical Network Penetration Tester)
• CISSP (Certified Information Systems Security Professional)
• CCSP (Certified Cloud Security Practitioner)

• AWS Well Architected Framework
• Trusted Advisor
• GuardDuty / SCP / SSM / IAM / WAF
• Container services such as ECS/EKS
• Incident detection and response management.
• Performing penetration tests and vulnerability scans against networks and infrastructure, applications and AWS environments.
• Drafting and implementing security policies, security procedures, security design and implementation.

The following would be advantageous:

• ISO 14971 (risk management) compliance
• ISO 27032 (cybersecurity) compliance
• SOC2 Type 2 (with HiTrust attestation) or HiTrust experience (or equivalent)

Skills and Knowledge (essential):

• Deep understanding of automation, quality engineering, architectural methodologies, principles, and solution design.
• Familiarity with operational observability, including log aggregation, application performance monitoring, etc.
• Understanding of the following: Linux/Windows server and application administration and configuration, networking, scripting and automation, large scale distributed computing architecture.
• Solid knowledge of IT security (firewalls, EDR, IDS/IPS, SOAR, vulnerability scanning forensic and Threat Hunting).
• Understanding of AWS ECS & Kubernetes and Containerisation (Docker/Podman/Containerd) with implementation, support, and design.
• Knowledge in security classification frameworks like MITRE or the cyber-attack kill chain.
• Good knowledge and understanding of industry standards, memberships, and frameworks such as CIS and SOC 2.

• Drive development standards and processes related to cybersecurity compliance.
• Monitor all cybersecurity processes, operations and infrastructure, monitoring internal and external policy and regulatory compliance.
• Review and evaluate development designs (for existing products and during design phase for new products) to identify gaps in cybersecurity controls, and drive updates to any cybersecurity or compliance documentation.
• Liaise with internal and external stakeholders to prepare for SOC2 Type 2 and HiTrust).
• Drive cybersecurity audit strategy and readiness from a dev, security and devops perspective.
• Identify, implement and maintain all security tools and technology.
• Schedule (and ideally automate) internal vulnerability scans, remediating findings and ensuring accurate & timely reporting to satisfy PCI DSS requirements.
• Schedule annual Penetration Tests with external supplier(s) and ensure implementation of items identified in remediation plans.
• Complete required cybersecurity applications and records for large customers and audits, including reporting as required.

• Drive and action where required the planning, installation, monitoring and maintenance of IT systems and infrastructure focused on cyber security including any penetration testing that is required.
• Design and execute short- and long-term initiatives to detect and prevent any security vulnerabilities in the IT infrastructure (cloud, security and devops) to meet current and future needs.
• Develop, execute and oversee procedures, policies and related training plans for cybersecurity project management and infrastructure administration.
• Conduct research and recommend changes in services, products, protocols, and standards to support development efforts and infrastructure procurement.
• Define software and hardware security standards in collaboration with stakeholders and owners for the provisioning of the development and IT infrastructure.
• Ensure appropriate security levels on network, infrastructure and servers are maintained, ensuring that
• the IT team follows the requirements set in line with cybersecurity standards.
• Implement cybersecurity continuous improvement programs.
• Crisis management - keeping stakeholders informed and actively working with teams to return service in the shortest possible time frame. This would include documenting all disaster recovery procedures.
• Effective management and optimisation of vendors (where applicable) as well as collaborating with the dev and IT teams as necessary.

• Collaborate with divisional the RAQA team and Senior ManagersManagerst to define and centralize risks and put mitigation measures in place for new and existing products and services, from a cybersecurity and privacy perspective.
  
• Improve the automation of security controls.
• Work closely with the dev team on defining industry-standard processes and system requirements, identifying and proposing fixes to shortcomings in the development lifecycle, code reviews and scanning as well as infrastructure provisioning.
• Work with the dev team to ensure that security standards and policies are being set up and configured correctly, ensuring adherence to certifications and best-practice.
• Assist with remediations on risk items identified from security and preventative detection reviews to ensure compliance and ensure the security posture of the IT landscape is ensured at all times.
• Remediate audit items by putting measures in place to prevent the recurrence of findings. For example, by making sure that audit findings are resolved by the relevant personnel and that the resolutions are such that they prevent the item from reoccurring in the future.
• Manage internal and external audits as required with relation to cybersecurity.
• Maintain documentation for cybersecurity-related risks, processes and findings.

• Manage annual cybersecurity roadmap, IT audit (internal and external) plan and calendar.
• Work closely with the Compliance team to gather and submit evidence for all security and IT audits.
• Proactively keep stakeholders updated on status, progress, risks and problems.
• Review and approve documented outcomes of Penetration Tests, Remediation Plans and required activities.
• Review and approve documented outcomes of Vulnerability Scans, Remediation Plans and required activities.
• Maintain cybersecurity documents and records in line with certification requirements.
• Maintain document bank and matrix for the cybersecurity setup and external customer-audit matrix requests. For example, ensuring that all cybersecurity related information, such as architectural diagrams, asset lists, asset control lists and vulnerabilities, can be referencedfrom a single central source from which to direct the readers to the appropriate resources.

Job Purpose:

Responsible for company-wide cybersecurity and related documents, process and record management to ensure that systems and products are safe and effective. Ensures data integrity, and that information is kept accurate and consistent unless authorized changes are made (and documented), and that confidentiality is upheld by protecting information from unauthorized access. Responsible for cybersecurity compliance and training throughout the Company.

As the IT Security Engineer, you'll support the company by taking the lead on cybersecurity and working with the team to perform ongoing operations, administration, and development of security systems, as well as implementing fixes that would protect their systems. You will continuously work towards high confidence and high accuracy detection rules leveraging abnormal or suspicious events.

Minimum education (essential):
Engineering degree (Computer, Software, Mechanical or Electronic

Minimum education (desirable):

• OSCP (Offensive Security Certified Professional)
• PNPT (Practical Network Penetration Tester)
• CISSP (Certified Information Systems Security Professional)
• CCSP (Certified Cloud Security Practitioner)

• AWS Well Architected Framework
• Trusted Advisor
• GuardDuty / SCP / SSM / IAM / WAF
• Container services such as ECS/EKS
• Incident detection and response management.
• Performing penetration tests and vulnerability scans against networks and infrastructure, applications and AWS environments.
• Drafting and implementing security policies, security procedures, security design and implementation.

• ISO 14971 (risk management) compliance
• ISO 27032 (cybersecurity) compliance
• SOC2 Type 2 (with HiTrust attestation) or HiTrust experience (or equivalent)

• Deep understanding of automation, quality engineering, architectural methodologies, principles, and solution design.
• Familiarity with operational observability, including log aggregation, application performance monitoring, etc.
• Understanding of the following: Linux/Windows server and application administration and configuration, networking, scripting and automation, large scale distributed computing architecture.
• Solid knowledge of IT security (firewalls, EDR, IDS/IPS, SOAR, vulnerability scanning forensic and Threat Hunting).
• Understanding of AWS ECS & Kubernetes and Containerisation (Docker/Podman/Containerd) with implementation, support, and design.
• Knowledge in security classification frameworks like MITRE or the cyber-attack kill chain.
• Good knowledge and understanding of industry standards, memberships, and frameworks such as CIS and SOC 2.

• Drive development standards and processes related to cybersecurity compliance.
• Monitor all cybersecurity processes, operations and infrastructure, monitoring internal and external policy and regulatory compliance.
• Review and evaluate development designs (for existing products and during design phase for new products) to identify gaps in cybersecurity controls, and drive updates to any cybersecurity or compliance documentation.
• Liaise with internal and external stakeholders to prepare for SOC2 Type 2 and HiTrust).
• Drive cybersecurity audit strategy and readiness from a dev, security and devops perspective.
• Identify, implement and maintain all security tools and technology.
• Schedule (and ideally automate) internal vulnerability scans, remediating findings and ensuring accurate & timely reporting to satisfy PCI DSS requirements.
• Schedule annual Penetration Tests with external supplier(s) and ensure implementation of items identified in remediation plans.
• Complete required cybersecurity applications and records for large customers and audits, including reporting as required.

• Drive and action where required the planning, installation, monitoring and maintenance of IT systems and infrastructure focused on cyber security including any penetration testing that is required.
• Design and execute short- and long-term initiatives to detect and prevent any security vulnerabilities in the IT infrastructure (cloud, security and devops) to meet current and future needs.
• Develop, execute and oversee procedures, policies and related training plans for cybersecurity project management and infrastructure administration.
• Conduct research and recommend changes in services, products, protocols, and standards to support development efforts and infrastructure procurement.
• Define software and hardware security standards in collaboration with stakeholders and owners for the provisioning of the development and IT infrastructure.
• Ensure appropriate security levels on network, infrastructure and servers are maintained, ensuring that the IT team follows the requirements set in line with cybersecurity standards.
• Implement cybersecurity continuous improvement programs.
• Crisis management - keeping stakeholders informed and actively working with teams to return service in the shortest possible time frame. This would include documenting all disaster recovery procedures.
• Effective management and optimisation of vendors (where applicable) as well as collaborating with the dev and IT teams as necessary.

• Collaborate with divisional the RAQA team and Senior ManagersManagerst to define and centralize risks and put mitigation measures in place for new and existing products and services, from a cybersecurity and privacy perspective.
• Improve the automation of security controls.
• Work closely with the dev team on defining industry-standard processes and system requirements, identifying and proposing fixes to shortcomings in the development lifecycle, code reviews and scanning as well as infrastructure provisioning.
• Work with the dev team to ensure that security standards and policies are being set up and configured correctly, ensuring adherence to certifications and best-practice.
• Assist with remediations on risk items identified from security and preventative detection reviews to ensure compliance and ensure the security posture of the IT landscape is ensured at all times.
• Remediate audit items by putting measures in place to prevent the recurrence of findings. For example, by making sure that audit findings are resolved by the relevant personnel and that the resolutions are such that they prevent the item from reoccurring in the future.
• Manage internal and external audits as required with relation to cybersecurity.
• Maintain documentation for cybersecurity-related risks, processes and findings.

• Manage annual cybersecurity roadmap, IT audit (internal and external) plan and calendar.
• Work closely with the Compliance team to gather and submit evidence for all security and IT audits.
• Proactively keep stakeholders updated on status, progress, risks and problems.
• Review and approve documented outcomes of Penetration Tests, Remediation Plans and required activities.
• Review and approve documented outcomes of Vulnerability Scans, Remediation Plans and required activities.
• Maintain cybersecurity documents and records in line with certification requirements.
• Maintain document bank and matrix for the cybersecurity setup and external customer-audit matrix requests. For example, ensuring that all cybersecurity related information, such as architectural diagrams, asset lists, asset control lists and vulnerabilities, can be referenced from a single central source from which to direct the readers to the appropriate resources.