(916) Applications Security Specialist - BSTD at South African Reserve Bank

Detailed description

The successful candidate will be responsible for the following key performance areas:

• Conduct security assessments – including code reviews, vulnerability scans and penetration testing – to identify and remediate security vulnerabilities.
• Collaborate with development teams to integrate security best practice into the system development life cycle, including threat modelling, secure coding and security testing.
• Design and implement applications security controls, frameworks and policies to protect against emerging threats.
• Identify security risks and vulnerabilities, analyse the impact thereof, and engage relevant stakeholders (e.g. governance bodies and product owners) on relevant security solutions, driving and monitoring the implementation thereof to mitigate and remediate security vulnerabilities.
• Participate in applications security audits through the provision of relevant information, and respond to and address security-related audit findings to reduce the SARB’s threat landscape and improve its applications security posture.
• Participate in information technology (IT) security projects as the applications security subject-matter expert, ensuring compliance with security standards during each stage of the project development life cycle.
• Engage with the larger security community to acquire new information and adopt new security capabilities within the SARB’s IT security environment.
• Participate in the evaluation and implementation of security tools and technologies, including static and dynamic code analysis, vulnerability scanning and confidentiality management.
• Stay up to date with the latest security trends, vulnerabilities and attack techniques, and proactively apply this knowledge to improve the SARB’s security practices.
• Implement the security major incident response procedures during a security breach by investigating, reporting and providing recommendations to ensure the continuous improvement of security measures and avoid recurrence.
• Develop training material and deliver applications security training to all key stakeholders (including developers, testers and business analysts) in support of applications and integration security awareness campaigns.
• Present periodic reports and analytics pertaining to the security landscape surrounding the designated business applications.

Qualifications

Job requirements

To be considered for this position, candidates must be in possession of:

• a Bachelor’s degree in IT (NQF 7) or an equivalent qualification;
• a Certified Applications Security Engineer certification;
• a Certified Ethical Hacker certification; and
• at least 5–8 years’ experience in system development life cycle frameworks and solutions, of which at least 3 years in overall security governance best practice, frameworks and design, with hands-on experience with security tools such as DAST, SAST and SCA.

The following would be an added advantage:

• any additional security certifications, for example as a Certified Information Systems Security Professional, a Certified Secure Software Life Cycle Professional, an Offensive Security Certified Professional or a GIAC Web Application Penetration Tester.