(911) Lead - Applications and Integration Security - BSTD at South African Reserve Bank

Detailed description

The successful candidate will be responsible for the following key performance areas:

• Contribute to the compilation of divisional operational plans and take responsibility for the implementation and monitoring thereof.
• Manage and direct the development and maintenance of the Secure Systems Development Life Cycle procedures and standards based on the SARB environment and manage the implementation thereof, ensuring that the solutions are free from security vulnerabilities.
• Lead and manage the vulnerabilities threat process (threat modelling and risk assessments) in support of building an advanced security posture for the SARB.
• Address the application and integration security audit findings to reduce the SARB’s threat landscape and improve its application security posture.
• Lead and guide the security component of the information technology (IT) projects, upholding code reviews and ensuring compliance to security standards during each stage of the project development life cycle.
• Implement and manage application security tools (e.g. Static Application Security Testing, Dynamic Application Security Testing, Software Composition Analysis) to automate security testing and monitoring.
• Lead the response to application security incidents (in compliance with security major incident response procedures), including root cause analysis and remediation efforts.
• Develop and deliver the application and integration security awareness campaigns, oversee training to all key stakeholders (including developers, testers and business analysts) and improve secure coding practices across the SARB.
• Provide consolidated and integrated reports and analytics for various forums on the state of application and integration security, including metrics and key performance indicators.
• Identify and mitigate risks related to the application and integration security environment and ensure compliance with relevant governance frameworks.
• Keep abreast of best practices and development in the field of application and integration security and ensure continual improvement, while ensuring the SARB applications comply with relevant security standards and regulations (e.g. Open Worldwide Application Security Project, General Data Protection Regulation, Payment Card Industry Data Security Standard).
• Lead stakeholder engagements (internal and external), in support of the sound security posture in the SARB.
• Fulfil the line management function in relation to the development and performance of the team, providing guidance and leadership to development teams and security staff.

Qualifications

Job requirements

To be considered for this position, candidates must be in possession of:

• an Honours degree in IT (NQF 8) or an equivalent qualification; 
• Certified Applications Security Engineer (CASE) certification;
• Certified Ethical Hacker (CEH) certification; and
• eight to ten years’ experience in an IT environment, including secure software development life cycle framework and solutions, of which at least five years are in overall security governance best practices frameworks; and
• proven experience in secure coding practices, threat modelling and vulnerability management.

The following would be an added advantage:

• additional security certifications (i.e. Certified Information Systems Security Professional, Certified Secure Software Lifecycle Professional, Offensive Security Certified Professional or GIAC Web Application Penetration Tester).