63 Security Testing jobs in South Africa

Security Testing

R900000 - R1200000 Y QualiBlaze Consulting (Pty)

Posted today

Job Viewed

Tap Again To Close

Job Description

***Security Testing & GRC Specialist***

(see below for the Strategic Implementation Specialist)

Role Overview:

We are seeking a versatile Security Specialist who can combine deep hands-on expertise in ethical hacking and security testing with a strong understanding of governance, risk, and compliance (GRC). This individual will ensure our systems are continuously tested for vulnerabilities while also aligning our practices with regulatory and organisational security requirements.

Key Responsibilities:

  • Conduct penetration testing, ethical hacking, and vulnerability assessments using industry-standard tools (e.g., BurpSuite, OWASP ZAP, Metasploit, etc.).
  • Identify, document, and report security vulnerabilities, providing remediation guidance to development and operations teams.
  • Develop and maintain GRC frameworks, policies, and procedures in line with industry standards (ISO 27001, NIST, GDPR, POPIA, etc.).
  • Support risk assessments, audits, and compliance initiatives.
  • Act as a bridge between technical security testing and compliance-driven governance activities.
  • Provide security awareness and compliance training as needed.

Key Skills & Experience:

  • Proven experience as a penetration tester, ethical hacker, or security engineer.
  • Familiarity with GRC frameworks, regulatory compliance, and audit processes.
  • Strong knowledge of application, cloud, and infrastructure security.
  • Excellent communication and reporting skills to both technical and non-technical stakeholders.
  • Relevant certifications desirable (e.g., OSCP, CEH, CISSP, CISM, ISO 27001 Lead Implementer/Auditor).

***Security Strategy Implementation Specialist***

Role Overview:

We are looking for a motivated Security Strategy Implementation Specialist to support the rollout and execution of the organisation's security strategy. This role will work closely with the Head of Security to translate strategic initiatives into actionable programs, ensure alignment across teams, and drive adoption of security practices across the enterprise.

Key Responsibilities:

  • Support the execution of the organisation's security strategy and roadmap.
  • Coordinate cross-functional initiatives across development, operations, and business teams.
  • Track progress of security programs, metrics, and KPIs.
  • Assist in building maturity across key areas such as DevSecOps, threat modelling, security testing, cloud security, and compliance.
  • Develop executive-ready reports, dashboards, and communications to highlight progress, risks, and achievements.
  • Provide operational support for security projects and tools adoption.

Key Skills & Experience:

  • Experience in cybersecurity program management, security operations, or related domains.
  • Understanding of modern security domains (DevSecOps, cloud security, security testing, GRC).
  • Strong organisational, communication, and stakeholder management skills.
  • Ability to translate strategy into operational tasks and follow through on execution.
  • Certifications such as CISSP, CISM, or project/program management certifications (e.g., PMP, Prince2, Agile/Scrum) are an advantage.
This advertiser has chosen not to accept applicants from your region.

IT Security Analyst (Penetration Testing/Red Teaming/Research & Development)

Johannesburg, Gauteng JABES CONSULTANTS

Posted 5 days ago

Job Viewed

Tap Again To Close

Job Description

Minimum 2-5 years of Penetration Testing experience required

- Including conducting different types of assessments, such as network, mobile, web, thick, wireless, social engineering, physical, etc.

The duties for this role are divided into three areas of responsibility, namely Penetration Testing, Red Teaming and Research and Development.

Penetration Testing Duties :

Work as part of a vulnerability assessment and /or penetration testing team, taking direction from line managers and executing directives in a thorough and timely fashion

Conduct vulnerability assessments on a wide variety of technologies and implementations utilising both automated tools and manual techniques

Conduct network penetration tests

Conduct application penetration tests (web and thick client)

Conduct wireless and mobile security assessments

Conduct social engineering assessments

Conduct physical security assessments

Effectively communicate successes and obstacles with fellow team members and line managers

Interface with client contact(s) and staff in a constructive and professional manner

Develop subject matter expertise in topics to include: network, database, wireless and application security assessments and adversarial network operations

Utilise common vulnerability assessment and penetration testing tools

Red Teaming Duties :

Working as part of a Red Team and assisting with the following duties (but not limited to):

Initial reconnaissance open-source intelligence (OSINT) for collecting information on the targets

Initial compromise gaining a foothold into the target environment through targeting weaknesses in people, process and / or technology.

Deploy command-and-control servers (C&C or C2) and custom payloads to establish communication / persistence in the targets network.

Develop tools, techniques and procedures to evade detection by blue team (including the development of custom payloads)

Escalate privileges and maintain persistence

Exfiltrate and / or complete objectives

Research and Development Duties :

Research new vulnerabilities with a focus on high-profile products

Understand the terminology and tactics employed by threat actors

- Research new attack methods

This advertiser has chosen not to accept applicants from your region.

Security Engineer

Pretoria, Gauteng Network Recruitment

Posted 1 day ago

Job Viewed

Tap Again To Close

Job Description

Cybersecurity Management
  • Establish and maintain cybersecurity standards, controls and compliance frameworks (SOC2, HiTrust, PCI DSS).
  • Monitor security operations, controls and regulatory alignment across the business.
  • Perform security design reviews, vulnerability scanning, penetration testing and remediation.
  • Own security tooling lifecycle (selection, implementation, maintenance).
  • Lead audit readiness and external engagements for cybersecurity certifications.
Infrastructure & Security Operations
  • Securely plan, deploy and maintain IT and cloud infrastructure with a cybersecurity focus.
  • Implement and mature processes for threat detection, prevention and incident response.
  • Define and enforce infrastructure and software security standards with Dev, IT and DevOps.
  • Lead disaster recovery and crisis communication processes.
  • Manage vendors and collaborate across teams to maintain secure environments.
Risk, Compliance & Governance
  • Identify, assess and mitigate cybersecurity and privacy risks across products and services.
  • Improve automation of security controls and secure SDLC processes.
  • Drive remediation of audit and risk findings, ensuring non-recurrence.
  • Manage internal/external security audits and maintain risk documentation.
Documentation & QMS
  • Own the cybersecurity roadmap, evidence packs, audit calendar and reporting.
  • Maintain centralised documentation of security assets, controls and test outcomes.
  • Approve and store penetration test and vulnerability scan outcomes with remediation tracking.
  • Ensure documentation meets certification and customer-audit requirements.
Job experience and Skills Required:
  • AWS Well Architected Framework
  • Trusted Advisor
  • GuardDuty / SCP / SSM / IAM / WAF
  • Container services such as ECS/EKS
  • Incident detection and response management.
  • Performing penetration tests and vulnerability scans against networks and infrastructure, applications and AWS environments.
  • Drafting and implementing security policies, security procedures, security design and implementation
Apply now!
This advertiser has chosen not to accept applicants from your region.

Security Engineer

Pretoria, Gauteng Rad Resources

Posted 17 days ago

Job Viewed

Tap Again To Close

Job Description

AWSMinimum education (essential):
Engineering degree (Computer, Software, Mechanical or Electronic
Minimum education (desirable):


  • OSCP (Offensive Security Certified Professional)
  • PNPT (Practical Network Penetration Tester)
  • CISSP (Certified Information Systems Security Professional)
  • CCSP (Certified Cloud Security Practitioner)
Minimum applicable experience (years):
AWS' ecosystem:


  • AWS Well Architected Framework
  • Trusted Advisor
  • GuardDuty / SCP / SSM / IAM / WAF
  • Container services such as ECS/EKS
  • Incident detection and response management.
  • Performing penetration tests and vulnerability scans against networks and infrastructure, applications and AWS environments.
  • Drafting and implementing security policies, security procedures, security design and implementation.
The following would be advantageous:
  • ISO 14971 (risk management) compliance
  • ISO 27032 (cybersecurity) compliance
  • SOC2 Type 2 (with HiTrust attestation) or HiTrust experience (or equivalent)
Skills and Knowledge (essential):
  • Deep understanding of automation, quality engineering, architectural methodologies, principles, and solution design.
  • Familiarity with operational observability, including log aggregation, application performance monitoring, etc.
  • Understanding of the following: Linux/Windows server and application administration and configuration, networking, scripting and automation, large scale distributed computing architecture.
  • Solid knowledge of IT security (firewalls, EDR, IDS/IPS, SOAR, vulnerability scanning forensic and Threat Hunting).
  • Understanding of AWS ECS & Kubernetes and Containerisation (Docker/Podman/Containerd) with implementation, support, and design.
  • Knowledge in security classification frameworks like MITRE or the cyber-attack kill chain.
Good knowledge and understanding of industry standards, memberships, and frameworks such as CIS and SOC 2
This advertiser has chosen not to accept applicants from your region.

Security Engineer

R600000 - R1200000 Y hearX

Posted today

Job Viewed

Tap Again To Close

Job Description

Responsible for company-wide cybersecurity and related documents, process and record management to ensure that systems and products are safe and effective. Ensures data integrity, and that information is kept accurate and consistent unless authorized changes are made (and documented), and that confidentiality is upheld by protecting information from unauthorized access. Responsible for cybersecurity compliance and training throughout the Company.

As our IT Security Engineer, you'll support us by taking the lead on cybersecurity and working with the team to perform ongoing operations, administration, and development of security systems, as well as implementing fixes that would protect our systems. You will continuously work towards high confidence and high accuracy detection rules leveraging abnormal or suspicious events.

Cybersecurity Management 40%

  • Drive development standards and processes related to cybersecurity compliance.
  • Monitor all cybersecurity processes, operations and infrastructure, monitoring internal and external policy and regulatory compliance.
  • Review and evaluate development designs (for existing products and during design phase for new products) to identify gaps in cybersecurity controls, and drive updates to any cybersecurity or compliance documentation.
  • Liaise with internal and external stakeholders to prepare for SOC2 Type 2 and HiTrust).
  • Drive cybersecurity audit strategy and readiness from a dev, security and devops perspective.
  • Identify, implement and maintain all security tools and technology.
  • Schedule (and ideally automate) internal vulnerability scans, remediating findings and ensuring accurate & timely reporting to satisfy PCI DSS requirements.
  • Schedule annual Penetration Tests with external supplier(s) and ensure implementation of items identified in remediation plans.
  • Complete required cybersecurity applications and records for large customers and audits, including reporting as required.

Infrastructure Management 30%

  • Drive and action where required the planning, installation, monitoring and maintenance of IT systems and infrastructure focused on cyber security including any penetration testing that is required.
  • Design and execute short- and long-term initiatives to detect and prevent any security vulnerabilities in the IT infrastructure (cloud, security and devops) to meet current and future needs.
  • Develop, execute and oversee procedures, policies and related training plans for cybersecurity project management and infrastructure administration.
  • Conduct research and recommend changes in services, products, protocols, and standards to support development efforts and infrastructure procurement.
  • Define software and hardware security standards in collaboration with stakeholders and owners for the provisioning of the development and IT infrastructure.
  • Ensure appropriate security levels on network, infrastructure and servers are maintained, ensuring that
  • the IT team follows the requirements set in line with cybersecurity standards.
  • Implement cybersecurity continuous improvement programs.
  • Crisis management - keeping stakeholders informed and actively working with teams to return service in the shortest possible time frame. This would include documenting all disaster recovery procedures.
  • Effective management and optimisation of vendors (where applicable) as well as collaborating with the dev and IT teams as necessary.

Risk Management and Compliance 20%

  • Collaborate with divisional the RAQA team and Senior ManagersManagerst to define and centralize risks and put mitigation measures in place for new and existing products and services, from a cybersecurity and privacy perspective.
  • Improve the automation of security controls.
  • Work closely with the dev team on defining industry-standard processes and system requirements, identifying and proposing fixes to shortcomings in the development lifecycle, code reviews and scanning as well as infrastructure provisioning.
  • Work with the dev team to ensure that security standards and policies are being set up and configured correctly, ensuring adherence to certifications and best-practice.
  • Assist with remediations on risk items identified from security and preventative detection reviews to ensure compliance and ensure the security posture of the IT landscape is ensured at all times.
  • Remediate audit items by putting measures in place to prevent the recurrence of findings. For example, by making sure that audit findings are resolved by the relevant personnel and that the resolutions are such that they prevent the item from reoccurring in the future.
  • Manage internal and external audits as required with relation to cybersecurity.
  • Maintain documentation for cybersecurity-related risks, processes and findings.

QMS and Documentation 10%

  • Manage annual cybersecurity roadmap, IT audit (internal and external) plan and calendar.
  • Work closely with the Compliance team to gather and submit evidence for all security and IT audits.
  • Proactively keep stakeholders updated on status, progress, risks and problems.
  • Review and approve documented outcomes of Penetration Tests, Remediation Plans and required activities.
  • Review and approve documented outcomes of Vulnerability Scans, Remediation Plans and required activities.
  • Maintain cybersecurity documents and records in line with certification requirements.
  • Maintain document bank and matrix for the cybersecurity setup and external customer-audit matrix requests. For example, ensuring that all cybersecurity related information, such as architectural diagrams, asset lists, asset control lists and vulnerabilities, can be referenced from a single central source from which to direct the readers to the appropriate resources.

Role Requirements

Minimum education
 
(essential):

Engineering degree (Computer, Software, Mechanical or Electronic)

Minimum education (desirable):

  • OSCP (Offensive Security Certified Professional)
  • PNPT (Practical Network Penetration Tester)
  • CISSP (Certified Information Systems Security Professional)
  • CCSP (Certified Cloud Security Practitioner)

Minimum applicable experience (years):

AWS' ecosystem:

  • AWS Well Architected Framework
  • Trusted Advisor
  • GuardDuty / SCP / SSM / IAM / WAF
  • Container services such as ECS/EKS
  • Incident detection and response management.
  • Performing penetration tests and vulnerability scans against networks and infrastructure, applications and AWS environments.
  • Drafting and implementing security policies, security procedures, security design and implementation.

The following would be advantageous:

  • ISO risk management) compliance
  • ISO cybersecurity) compliance
  • SOC2 Type 2 (with HiTrust attestation) or HiTrust experience (or equivalent)

Skills and Knowledge
 
(essential):

  • Deep understanding of automation, quality engineering, architectural methodologies, principles, and solution design.
  • Familiarity with operational observability, including log aggregation, application performance monitoring, etc.
  • Understanding of the following: Linux/Windows server and application administration and configuration, networking, scripting and automation, large scale distributed computing architecture.
  • Solid knowledge of IT security (firewalls, EDR, IDS/IPS, SOAR, vulnerability scanning forensic and Threat Hunting).
  • Understanding of AWS ECS & Kubernetes and Containerisation (Docker/Podman/Containerd) with implementation, support, and design.
  • Knowledge in security classification frameworks like MITRE or the cyber-attack kill chain.
  • Good knowledge and understanding of industry standards, memberships, and frameworks such as CIS and SOC 2.

This job description is not a definitive or exhaustive list of responsibilities and is subject to change depending on changing business requirements. Employees will be consulted on any changes. Employee's performance will be reviewed based on the agreed upon objectives
.

This advertiser has chosen not to accept applicants from your region.

Security Engineer

Sandton, Gauteng R600000 - R1200000 Y Discovery Ltd.

Posted today

Job Viewed

Tap Again To Close

Job Description

Business Unit: Discovery Bank

Function: Banking

Date: 17 Oct 2025

Security Engineer

About Discovery

Discovery's core purpose is to make people healthier and to enhance and protect their lives. We seek out and invest in exceptional individuals who understand and support our core purpose, and whose own values align with those of Discovery. Our fast-paced and dynamic environment enables smart, self-driven people to be their best. As global thought leaders, Discovery is passionate about innovating in order to not only achieve financial success, but to ignite positive and meaningful change within our society.

About Discovery Bank

We're the world's first behavioural bank, designed with our clients in mind. We haven't changed just one thing, we've changed everything. Our main goal is to improve the financial health of our clients by helping change how they work with their money. Through Vitality Money, our clients will learn more about what it means to be financially healthy and get rewarded for managing their money well. If you are a problem solver, always questioning the way things are done, passionate about doing what is right, have the ability to change direction quickly when needed and / or love to dazzle your clients, Discovery Bank, has a job where you can be yourself and your best in an environment that is safe and nurturing.

Job Purpose

The Security Engineer is responsible for designing and building security solutions for Discovery Bank. The incumbent will develop and integrate security solutions for application systems, projects and applied technologies, also solving for technical problems and challenges that arise. The Security Engineer is also responsible for overseeing and conducting penetration tests within the Discovery Bank environment.

Areas of responsibility may include but not limited to

  • Acquiring a detailed understanding of business processes and applications.
  • Translating technology and environmental conditions (business, legal and regulatory requirements) into the security design for applications and business processes.
  • Proactively engaging in all stages of the development lifecycle to ensure that solutions are securely designed, built, verified, deployed and maintained.
  • Create and implement penetration testing methods, scripts and tools.
  • Check for gaps in security that could occur and advise on best practice to minimise risk
  • Perform risk and threat modelling as part of security assessments and solution design
  • Participate in resolution of incidents in order to engineer requisite solutions.
  • Deliver report, papers and track issues to resolution.
  • Define, implement and maintain security policy and security standards.
  • Evaluate new technologies and processes that enhance security capabilities for the bank.
  • Collaborate with colleagues on and provide thought leadership on security topics e.g. authorisation, authentication, encryption, integration solutions, etc.

Personal Attributes and Skills

  • Values driven.
  • Facilitation and conflict resolution capabilities, and builds working relationships.
  • Problem solving and analytical capabilities.
  • Excellent written and verbal communication skills, with the ability to convey technical detail in clear and concise manner.
  • Ability to work under time constraints with minimal supervision in an agile environment.
  • Looks for ways to optimise and automate solutions and testing in continuous integration/development and deployment environments.
  • Willingness to both issue and accept challenges to analytical problems.
  • Knowledge of Banking products, processes and systems is an advantage.

Education and Experience

  • Bachelor of Science degree in computer/electronic engineering or software programming.
  • At least 3-5 years' experience software development/engineering within banking or financial institutions.
  • Experience with popular programming languages and frameworks e.g. Javascript, Node, Java, Spring, .Net, etc.
  • Experience with integration protocols and technologies e.g. SOAP, REST, JSON, XML, etc.
  • Solid understanding of cloud, virtualisation and containerisation security.
  • Solid understanding of modern federated authentication and authorization frameworks e.g. SAML, OIDC, ADFS, OAuth2, etc.
  • Working experience with network security and mainstream operating systems e.g. Linux, Windows, etc.
  • Working knowledge of data protection best practices (at rest, in flight and in use).
  • Experience with encryption protocols, technologies and techniques.
  • Experience working with product teams specifying secure application requirements.
  • Certifications advantages CISSP, CEH, ISACA CRISC/CISM, CISSP-ISSAP, CISSP-CSSLP, CSK, CCSP, etc.
  • Working knowledge of security penetration methods and tools
  • Knowledge of SAP security, micro-services & API security is considered an advantage.
  • Working knowledge of tools such as log management and log analytics tools e.g. splunk is advantageous.
  • Experience building monitoring dashboards and management reporting is considered advantageous.

EMPLOYMENT EQUITY

The Company's approved Employment Equity Plan and Targets will be considered as part of the recruitment process. As an Equal Opportunities employer, we actively encourage and welcome people with various disabilities to apply.

This advertiser has chosen not to accept applicants from your region.

Security Engineer

R600000 - R1200000 Y Discovery Limited

Posted today

Job Viewed

Tap Again To Close

Job Description

About Discovery
Discovery's core purpose is to make people healthier and to enhance and protect their lives. We seek out and invest in exceptional individuals who understand and support our core purpose, and whose own values align with those of Discovery. Our fast-paced and dynamic environment enables smart, self-driven people to be their best. As global thought leaders, Discovery is passionate about innovating in order to not only achieve financial success, but to ignite positive and meaningful change within our society.

About Discovery Bank
We're the world's first behavioural bank, designed with our clients in mind. We haven't changed just one thing, we've changed everything. Our main goal is to improve the financial health of our clients by helping change how they work with their money. Through Vitality Money, our clients will learn more about what it means to be financially healthy and get rewarded for managing their money well. If you are a problem solver, always questioning the way things are done, passionate about doing what is right, have the ability to change direction quickly when needed and / or love to dazzle your clients, Discovery Bank, has a job where you can be yourself and your best in an environment that is safe and nurturing.

Job Purpose
The Security Engineer is responsible for designing and building security solutions for Discovery Bank. The incumbent will develop and integrate security solutions for application systems, projects and applied technologies, also solving for technical problems and challenges that arise. The Security Engineer is also responsible for overseeing and conducting penetration tests within the Discovery Bank environment.

Areas of responsibility may include but not limited to

  • Acquiring a detailed understanding of business processes and applications.
  • Translating technology and environmental conditions (business, legal and regulatory requirements) into the security design for applications and business processes.
  • Proactively engaging in all stages of the development lifecycle to ensure that solutions are securely designed, built, verified, deployed and maintained.
  • Create and implement penetration testing methods, scripts and tools.
  • Check for gaps in security that could occur and advise on best practice to minimise risk
  • Perform risk and threat modelling as part of security assessments and solution design
  • Participate in resolution of incidents in order to engineer requisite solutions.
  • Deliver report, papers and track issues to resolution.
  • Define, implement and maintain security policy and security standards.
  • Evaluate new technologies and processes that enhance security capabilities for the bank.
  • Collaborate with colleagues on and provide thought leadership on security topics e.g. authorisation, authentication, encryption, integration solutions, etc.

Personal Attributes And Skills

  • Values driven.
  • Facilitation and conflict resolution capabilities, and builds working relationships.
  • Problem solving and analytical capabilities.
  • Excellent written and verbal communication skills, with the ability to convey technical detail in clear and concise manner.
  • Ability to work under time constraints with minimal supervision in an agile environment.
  • Looks for ways to optimise and automate solutions and testing in continuous integration/development and deployment environments.
  • Willingness to both issue and accept challenges to analytical problems.
  • Knowledge of Banking products, processes and systems is an advantage.

Education And Experience

  • Bachelor of Science degree in computer/electronic engineering or software programming.
  • At least 3-5 years' experience software development/engineering within banking or financial institutions.
  • Experience with popular programming languages and frameworks e.g. Javascript, Node, Java, Spring, .Net, etc.
  • Experience with integration protocols and technologies e.g. SOAP, REST, JSON, XML, etc.
  • Solid understanding of cloud, virtualisation and containerisation security.
  • Solid understanding of modern federated authentication and authorization frameworks e.g. SAML, OIDC, ADFS, OAuth2, etc.
  • Working experience with network security and mainstream operating systems e.g. Linux, Windows, etc.
  • Working knowledge of data protection best practices (at rest, in flight and in use).
  • Experience with encryption protocols, technologies and techniques.
  • Experience working with product teams specifying secure application requirements.
  • Certifications advantages CISSP, CEH, ISACA CRISC/CISM, CISSP-ISSAP, CISSP-CSSLP, CSK, CCSP, etc.
  • Working knowledge of security penetration methods and tools
  • Knowledge of SAP security, micro-services & API security is considered an advantage.
  • Working knowledge of tools such as log management and log analytics tools e.g. splunk is advantageous.
  • Experience building monitoring dashboards and management reporting is considered advantageous.

EMPLOYMENT EQUITY

The Company's approved Employment Equity Plan and Targets will be considered as part of the recruitment process. As an Equal Opportunities employer, we actively encourage and welcome people with various disabilities to apply.

This advertiser has chosen not to accept applicants from your region.
Be The First To Know

About the latest Security testing Jobs in South Africa !

Security Engineer

R600000 - R1200000 Y wePlace

Posted today

Job Viewed

Tap Again To Close

Job Description

Our client, an award-winning MedTech is looking for a Security Engineer to join their team.

Job Purpose:

Responsible for company-wide cybersecurity and related documents, process and record management to ensure that systems and products are safe and effective. Ensures data integrity, and that information is kept accurate and consistent unless authorized changes are made (and documented), and that confidentiality is upheld by protecting information from unauthorized access. Responsible for cybersecurity compliance and training throughout the Company.

As the IT Security Engineer, you'll support the company by taking the lead on cybersecurity and working with the team to perform ongoing operations, administration, and development of security systems, as well as implementing fixes that would protect their systems. You will continuously work towards high confidence and high accuracy detection rules leveraging abnormal or suspicious events.

Minimum education
(essential):

Engineering degree (Computer, Software, Mechanical or Electronic

Minimum education (desirable):

  • OSCP (Offensive Security Certified Professional)
  • PNPT (Practical Network Penetration Tester)
  • CISSP
    (Certified Information Systems Security Professional)
  • CCSP (Certified Cloud Security Practitioner)

Minimum applicable experience (years):

AWS' ecosystem:

  • AWS Well Architected Framework
  • Trusted Advisor
  • GuardDuty / SCP / SSM / IAM / WAF
  • Container services such as ECS/EKS
  • Incident detection and response management.
  • Performing penetration tests and vulnerability scans against networks and infrastructure, applications and AWS environments.
  • Drafting and implementing security policies, security procedures, security design and implementation.

The following would be advantageous:

  • ISO risk management) compliance
  • ISO cybersecurity) compliance
  • SOC2 Type 2 (with HiTrust attestation) or HiTrust experience (or equivalent)

Skills and Knowledge (essential):

  • Deep understanding of automation, quality engineering, architectural methodologies, principles, and solution design.
  • Familiarity with operational observability, including log aggregation, application performance monitoring, etc.
  • Understanding of the following: Linux/Windows server and application administration and configuration, networking, scripting and automation, large scale distributed computing architecture.
  • Solid knowledge of IT security (firewalls, EDR, IDS/IPS, SOAR, vulnerability scanning forensic and Threat Hunting).
  • Understanding of AWS ECS & Kubernetes and Containerisation (Docker/Podman/Containerd) with implementation, support, and design.
  • Knowledge in security classification frameworks like MITRE or the cyber-attack kill chain.
  • Good knowledge and understanding of industry standards, memberships, and frameworks such as CIS and SOC 2.

Cybersecurity Management 40%

  • Drive development standards and processes related to cybersecurity compliance.
  • Monitor all cybersecurity processes, operations and infrastructure, monitoring internal and external policy and regulatory compliance.
  • Review and evaluate development designs (for existing products and during design phase for new products) to identify gaps in cybersecurity controls, and drive updates to any cybersecurity or compliance documentation.
  • Liaise with internal and external stakeholders to prepare for SOC2 Type 2 and HiTrust).
  • Drive cybersecurity audit strategy and readiness from a dev, security and devops perspective.
  • Identify, implement and maintain all security tools and technology.
  • Schedule (and ideally automate) internal vulnerability scans, remediating findings and ensuring accurate & timely reporting to satisfy PCI DSS requirements.
  • Schedule annual Penetration Tests with external supplier(s) and ensure implementation of items identified in remediation plans.
  • Complete required cybersecurity applications and records for large customers and audits, including reporting as required.

Infrastructure Management 30%

  • Drive and action where required the planning, installation, monitoring and maintenance of IT systems and infrastructure focused on cyber security including any penetration testing that is required.
  • Design and execute short- and long-term initiatives to detect and prevent any security vulnerabilities in the IT infrastructure (cloud, security and devops) to meet current and future needs.
  • Develop, execute and oversee procedures, policies and related training plans for cybersecurity project management and infrastructure administration.
  • Conduct research and recommend changes in services, products, protocols, and standards to support development efforts and infrastructure procurement.
  • Define software and hardware security standards in collaboration with stakeholders and owners for the provisioning of the development and IT infrastructure.
  • Ensure appropriate security levels on network, infrastructure and servers are maintained, ensuring that the IT team follows the requirements set in line with cybersecurity standards.
  • Implement cybersecurity continuous improvement programs.
  • Crisis management - keeping stakeholders informed and actively working with teams to return service in the shortest possible time frame. This would include documenting all disaster recovery procedures.
  • Effective management and optimisation of vendors (where applicable) as well as collaborating with the dev and IT teams as necessary.

Risk Management and Compliance 20%

  • Collaborate with divisional the RAQA team and Senior Managers
  • Managers to define and centralize risks and put mitigation measures in place for new and existing products and services, from a cybersecurity and privacy perspective.
  • Improve the automation of security controls.
  • Work closely with the dev team on defining industry-standard processes and system requirements, identifying and proposing fixes to shortcomings in the development lifecycle, code reviews and scanning as well as infrastructure provisioning.
  • Work with the dev team to ensure that security standards and policies are being set up and configured correctly, ensuring adherence to certifications and best-practice.
  • Assist with remediations on risk items identified from security and preventative detection reviews to ensure compliance and ensure the security posture of the IT landscape is ensured at all times.
  • Remediate audit items by putting measures in place to prevent the recurrence of findings. For example, by making sure that audit findings are resolved by the relevant personnel and that the resolutions are such that they prevent the item from reoccurring in the future.
  • Manage internal and external audits as required with relation to cybersecurity.
  • Maintain documentation for cybersecurity-related risks, processes and findings.

QMS and Documentation 10%

  • Manage annual cybersecurity roadmap, IT audit (internal and external) plan and calendar.
  • Work closely with the Compliance team to gather and submit evidence for all security and IT audits.
  • Proactively keep stakeholders updated on status, progress, risks and problems.
  • Review and approve documented outcomes of Penetration Tests, Remediation Plans and required activities.
  • Review and approve documented outcomes of Vulnerability Scans, Remediation Plans and required activities.
  • Maintain cybersecurity documents and records in line with certification requirements.
  • Maintain document bank and matrix for the cybersecurity setup and external customer-audit matrix requests. For example, ensuring that all cybersecurity related information, such as architectural diagrams, asset lists, asset control lists and vulnerabilities, can be referenced from a single central source from which to direct the readers to the appropriate resources.

2 days' work-from-home in line with Company Policy (only applicable after probation is successfully passed).

Should you not receive a response from us within one week of your application, your application has unfortunately not been successful.

This advertiser has chosen not to accept applicants from your region.

Security Engineer

R600000 - R1200000 Y hearX

Posted today

Job Viewed

Tap Again To Close

Job Description

Role Description

Responsible for company-wide cybersecurity and related documents, process and record management to ensure that systems and products are safe and effective. Ensures data integrity, and that information is kept accurate and consistent unless authorized changes are made (and documented), and that confidentiality is upheld by protecting information from unauthorized access. Responsible for cybersecurity compliance and training throughout the Company.

As our IT Security Engineer, you'll support us by taking the lead on cybersecurity and working with the team to perform ongoing operations, administration, and development of security systems, as well as implementing fixes that would protect our systems. You will continuously work towards high confidence and high accuracy detection rules leveraging abnormal or suspicious events.

Cybersecurity Management 40%

  • Drive development standards and processes related to cybersecurity compliance.
  • Monitor all cybersecurity processes, operations and infrastructure, monitoring internal and external policy and regulatory compliance.
  • Review and evaluate development designs (for existing products and during design phase for new products) to identify gaps in cybersecurity controls, and drive updates to any cybersecurity or compliance documentation.
  • Liaise with internal and external stakeholders to prepare for SOC2 Type 2 and HiTrust).
  • Drive cybersecurity audit strategy and readiness from a dev, security and devops perspective.
  • Identify, implement and maintain all security tools and technology.
  • Schedule (and ideally automate) internal vulnerability scans, remediating findings and ensuring accurate & timely reporting to satisfy PCI DSS requirements.
  • Schedule annual Penetration Tests with external supplier(s) and ensure implementation of items identified in remediation plans.
  • Complete required cybersecurity applications and records for large customers and audits, including reporting as required.

Infrastructure Management 30%

  • Drive and action where required the planning, installation, monitoring and maintenance of IT systems and infrastructure focused on cyber security including any penetration testing that is required.
  • Design and execute short- and long-term initiatives to detect and prevent any security vulnerabilities in the IT infrastructure (cloud, security and devops) to meet current and future needs.
  • Develop, execute and oversee procedures, policies and related training plans for cybersecurity project management and infrastructure administration.
  • Conduct research and recommend changes in services, products, protocols, and standards to support development efforts and infrastructure procurement.
  • Define software and hardware security standards in collaboration with stakeholders and owners for the provisioning of the development and IT infrastructure.
  • Ensure appropriate security levels on network, infrastructure and servers are maintained, ensuring that
  • the IT team follows the requirements set in line with cybersecurity standards.
  • Implement cybersecurity continuous improvement programs.
  • Crisis management - keeping stakeholders informed and actively working with teams to return service in the shortest possible time frame. This would include documenting all disaster recovery procedures.
  • Effective management and optimisation of vendors (where applicable) as well as collaborating with the dev and IT teams as necessary.

Risk Management and Compliance 20%

  • Collaborate with divisional the RAQA team and Senior ManagersManagerst to define and centralize risks and put mitigation measures in place for new and existing products and services, from a cybersecurity and privacy perspective.
  • Improve the automation of security controls.
  • Work closely with the dev team on defining industry-standard processes and system requirements, identifying and proposing fixes to shortcomings in the development lifecycle, code reviews and scanning as well as infrastructure provisioning.
  • Work with the dev team to ensure that security standards and policies are being set up and configured correctly, ensuring adherence to certifications and best-practice.
  • Assist with remediations on risk items identified from security and preventative detection reviews to ensure compliance and ensure the security posture of the IT landscape is ensured at all times.
  • Remediate audit items by putting measures in place to prevent the recurrence of findings. For example, by making sure that audit findings are resolved by the relevant personnel and that the resolutions are such that they prevent the item from reoccurring in the future.
  • Manage internal and external audits as required with relation to cybersecurity.
  • Maintain documentation for cybersecurity-related risks, processes and findings.

QMS and Documentation 10%

  • Manage annual cybersecurity roadmap, IT audit (internal and external) plan and calendar.
  • Work closely with the Compliance team to gather and submit evidence for all security and IT audits.
  • Proactively keep stakeholders updated on status, progress, risks and problems.
  • Review and approve documented outcomes of Penetration Tests, Remediation Plans and required activities.
  • Review and approve documented outcomes of Vulnerability Scans, Remediation Plans and required activities.
  • Maintain cybersecurity documents and records in line with certification requirements.
  • Maintain document bank and matrix for the cybersecurity setup and external customer-audit matrix requests. For example, ensuring that all cybersecurity related information, such as architectural diagrams, asset lists, asset control lists and vulnerabilities, can be referenced from a single central source from which to direct the readers to the appropriate resources.

Minimum education
 
(essential):

Engineering degree (Computer, Software, Mechanical or Electronic)

Minimum education (desirable):

  • OSCP (Offensive Security Certified Professional)
  • PNPT (Practical Network Penetration Tester)
  • CISSP (Certified Information Systems Security Professional)
  • CCSP (Certified Cloud Security Practitioner)

Minimum applicable experience (years):

AWS' ecosystem:

  • AWS Well Architected Framework
  • Trusted Advisor
  • GuardDuty / SCP / SSM / IAM / WAF
  • Container services such as ECS/EKS
  • Incident detection and response management.
  • Performing penetration tests and vulnerability scans against networks and infrastructure, applications and AWS environments.
  • Drafting and implementing security policies, security procedures, security design and implementation.

The following would be advantageous:

  • ISO risk management) compliance
  • ISO cybersecurity) compliance
  • SOC2 Type 2 (with HiTrust attestation) or HiTrust experience (or equivalent)

Skills and Knowledge
 
(essential):

  • Deep understanding of automation, quality engineering, architectural methodologies, principles, and solution design.
  • Familiarity with operational observability, including log aggregation, application performance monitoring, etc.
  • Understanding of the following: Linux/Windows server and application administration and configuration, networking, scripting and automation, large scale distributed computing architecture.
  • Solid knowledge of IT security (firewalls, EDR, IDS/IPS, SOAR, vulnerability scanning forensic and Threat Hunting).
  • Understanding of AWS ECS & Kubernetes and Containerisation (Docker/Podman/Containerd) with implementation, support, and design.
  • Knowledge in security classification frameworks like MITRE or the cyber-attack kill chain.
  • Good knowledge and understanding of industry standards, memberships, and frameworks such as CIS and SOC 2.

This job description is not a definitive or exhaustive list of responsibilities and is subject to change depending on changing business requirements. Employees will be consulted on any changes. Employee's performance will be reviewed based on the agreed upon objectives
.

This advertiser has chosen not to accept applicants from your region.

Security Engineer

R1200000 - R2400000 Y Apex Group Ltd

Posted today

Job Viewed

Tap Again To Close

Job Description

The Apex Group was established in Bermuda in 2003 and is now one of the world's largest fund administration and middle office solutions providers.

Our business is unique in its ability to reach globally, service locally and provide cross-jurisdictional services. With our clients at the heart of everything we do, our hard-working team has successfully delivered on an unprecedented growth and transformation journey, and we are now represented by over circa 13,000 employees across 112 offices worldwide.Your career with us should reflect your energy and passion.

That's why, at Apex Group, we will do more than simply 'empower' you. We will work to supercharge your unique skills and experience.

Take the lead and we'll give you the support you need to be at the top of your game. And we offer you the freedom to be a positive disrupter and turn big ideas into bold, industry-changing realities.

For our business, for clients, and for you

The Role
As a Cloud and Infrastructure Security Engineer, you'll work across multiple security domains, with emphasis on building, maintaining, and improving security controls that protect Apex's global technology environment

Key Responsibilities

  • Deploy, configure, and manage security solutions across cloud (AWS, Azure, OCI) and on-premises infrastructure.
  • Implement and maintain controls for network security, IAM, endpoint protection, and cloud governance.
  • Support the secure design and integration of hybrid and multi-cloud environments.
  • Conduct security assessments, vulnerability analysis, and remediation of cloud and infrastructure assets.
  • Collaborate with platform, infrastructure, and application teams to embed security into solutions from design to operation.
  • Monitor for and respond to security incidents affecting cloud and infrastructure services.
  • Maintain documentation including architecture diagrams, security control mappings, and operational procedures.
  • Research and recommend new technologies, tools, and practices to enhance security posture.
  • Ensure compliance with relevant frameworks and internal security standards (e.g., NIST, ISO 27001, CSA CCM).

Areas of Focus

  • Deploy, configure, and manage security controls for AWS, Azure, and OCI environments.
  • Implement cloud-native security controls including Security Groups, IAM policies, KMS, and encryption.
  • Integrate and manage CSPM and CWPP tools to monitor and enforce cloud security posture.
  • Enforce least privilege and Zero Trust principles across cloud accounts and subscriptions.
  • Secure cloud and infrastructure environments supporting mergers and acquisitions.
  • Implement and manage Microsoft 365 security baselines, Conditional Access, and Intune compliance.
  • Harden operating systems, containers, and virtual machines following best practices.
  • Design and maintain secure network architectures for hybrid and multi-cloud connectivity.
  • Configure firewalls, WAFs, VPN gateways, and implement network segmentation.
  • Deploy intrusion prevention/detection (IPS/IDS) and network monitoring solutions.
  • Support DDoS protection strategies and integrate with cloud provider capabilities.
  • Conduct patching, vulnerability scanning, and secure configuration audits.
  • Manage identity federation, SSO, MFA, and enforce strong authentication policies.
  • Investigate and respond to incidents affecting cloud workloads, networks, or infrastructure.
  • Map cloud and infrastructure security controls to frameworks such as NIST CSF, ISO 27001, and CSA CCM.
  • Maintain asset inventory and ensure continuous compliance with corporate security standards.
  • Research and recommend new security tools, services, and best practices to strengthen defenses.

Required Experience & Skills

  • 5–8 years of experience in cybersecurity, cloud, or infrastructure roles, with a focus on security engineering.
  • Proven hands-on experience with AWS, Azure
  • Strong knowledge of network security, IAM, endpoint protection, and vulnerability management.
  • Familiarity with Kubernetes, CI/CD security, and cloud automation (Terraform, Ansible, etc.).
  • Understanding of security frameworks (NIST, ISO 27001, CSA CCM, MITRE ATT&CK).
  • Ability to troubleshoot and resolve security incidents in complex environments.
  • Strong communication skills to work effectively with both technical and non-technical stakeholders.
  • Relevant certifications such as CCSP, CISSP, AWS/Azure Security Engineer, or equivalent are advantageous.

What will you get in return:

  • Opportunity to work with senior security professionals across multiple global teams.
  • Exposure to cutting-edge cloud and infrastructure technologies.
  • Flexible work options and a strong focus on collaboration and growth.
  • A role where you can directly influence Apex's global security posture.

Additional information:
We are an equal opportunity employer and ensure that no applicant is subject to less favourable treatment on the grounds of gender, gender identity, marital status, race, colour, nationality, ethnicity, age, sexual orientation, socio-economic, responsibilities for dependents, physical or mental disability. Any hiring decision are made on the basis of skills, qualifications and experiences. We measure our success as a business, not only by delivering great products and services and continually increasing our assets under administration and market share, but also by how we positively impact people, society and the planet. For more information on our commitment to Corporate Social Responsibility (CSR) please visit If you are looking to take that next step in your career and are ready to work for a high performing organization, alongside talented people who take pride in delivering great results, please submit your application (with your CV, cover letter and salary's expectations).

Disclaimer: Unsolicited CVs sent to Apex (Talent Acquisition Team or Hiring Managers) by recruitment agencies will not be accepted for this position. Apex operates a direct sourcing model and where agency assistance is required, the Talent Acquisition team will engage directly with our exclusive recruitment partners.

This advertiser has chosen not to accept applicants from your region.
 

Nearby Locations

Other Jobs Near Me

Industry

  1. request_quote Accounting
  2. work Administrative
  3. eco Agriculture Forestry
  4. smart_toy AI & Emerging Technologies
  5. school Apprenticeships & Trainee
  6. apartment Architecture
  7. palette Arts & Entertainment
  8. directions_car Automotive
  9. flight_takeoff Aviation
  10. account_balance Banking & Finance
  11. local_florist Beauty & Wellness
  12. restaurant Catering
  13. volunteer_activism Charity & Voluntary
  14. science Chemical Engineering
  15. child_friendly Childcare
  16. foundation Civil Engineering
  17. clean_hands Cleaning & Sanitation
  18. diversity_3 Community & Social Care
  19. construction Construction
  20. brush Creative & Digital
  21. currency_bitcoin Crypto & Blockchain
  22. support_agent Customer Service & Helpdesk
  23. medical_services Dental
  24. medical_services Driving & Transport
  25. medical_services E Commerce & Social Media
  26. school Education & Teaching
  27. electrical_services Electrical Engineering
  28. bolt Energy
  29. local_mall Fmcg
  30. gavel Government & Non Profit
  31. emoji_events Graduate
  32. health_and_safety Healthcare
  33. beach_access Hospitality & Tourism
  34. groups Human Resources
  35. precision_manufacturing Industrial Engineering
  36. security Information Security
  37. handyman Installation & Maintenance
  38. policy Insurance
  39. code IT & Software
  40. gavel Legal
  41. sports_soccer Leisure & Sports
  42. inventory_2 Logistics & Warehousing
  43. supervisor_account Management
  44. supervisor_account Management Consultancy
  45. supervisor_account Manufacturing & Production
  46. campaign Marketing
  47. build Mechanical Engineering
  48. perm_media Media & PR
  49. local_hospital Medical
  50. local_hospital Military & Public Safety
  51. local_hospital Mining
  52. medical_services Nursing
  53. local_gas_station Oil & Gas
  54. biotech Pharmaceutical
  55. checklist_rtl Project Management
  56. shopping_bag Purchasing
  57. home_work Real Estate
  58. person_search Recruitment Consultancy
  59. store Retail
  60. point_of_sale Sales
  61. science Scientific Research & Development
  62. wifi Telecoms
  63. psychology Therapy
  64. pets Veterinary
View All Security Testing Jobs