Jobs Career Advice Post Job
X

Send this job to a friend

X

Did you notice an error or suspect this job is scam? Tell us.

  • Posted: Jul 6, 2026
    Deadline: Not specified
    • @gmail.com
    • @yahoo.com
    • @outlook.com
  • We bring an Out of the Ordinary approach to creating and managing wealth. Founded in South Africa as a small finance company, today we offer clients our services as a global bank and asset management group. Follow us on LinkedIn for unique insights from leading minds within the world of finance and Out of the Ordinary stories about our people, communit...
    Read more about this company

     

    Application Security Engineer

    Description

    • The Application Security Engineer is responsible for improving and embedding security throughout the software development lifecycle across Investec's engineering environments. The role focuses on secure software development practices, application security tooling, DevSecOps integration, and engineering enablement to reduce security risk while supporting modern software delivery.
    • The role works closely with software engineering teams, platform teams, and security stakeholders to implement scalable application security controls, improve developer security practices, and enhance visibility into software supply chain and application risk.

    Key Responsibilities

    Application Security Engineering

    • Partner with engineering teams to embed security into software design, development, testing, and deployment processes. 
    • Provide practical security guidance and support across modern application architectures and development frameworks. 
    • Assist teams in identifying and remediating application security vulnerabilities and weaknesses. 
    • Promote secure-by-default engineering practices across the software development lifecycle. 

    Secure Development and Code Review

    • Support secure coding practices across primarily .NET and TypeScript environments, with exposure to Python and Java ecosystems. 
    • Review application architectures, code patterns, and integrations for security risks and weaknesses. 
    • Assist development teams with remediation guidance and secure implementation approaches. 
    • Develop and maintain secure coding standards, patterns, and reusable guidance. 

    Application Security Tooling and DevSecOps

    • Implement, maintain, and optimise application security tooling across CI/CD pipelines and engineering workflows. 
    • Manage and support tooling including: 
    • Static Application Security Testing (SAST) 
    • Software Composition Analysis (SCA) 
    • Secrets detection and scanning 
    • Software supply chain security controls 
    • Support integration of security tooling into build and deployment processes to enable automated security validation. 
    • Work closely with platform and engineering teams to improve developer experience and reduce friction in security adoption. 

    Software Supply Chain and Vulnerability Management

    • Assist with management and interpretation of software security findings including vulnerabilities, dependency risks, and exposure trends. 
    • Maintain familiarity with industry standards and terminology including: 
    • CWE (Common Weakness Enumeration) 
    • CVE (Common Vulnerabilities and Exposures) 
    • SBOM (Software Bill of Materials) 
    • Support prioritisation and remediation of application and dependency vulnerabilities. 
    • Contribute to improving software supply chain visibility and governance. 

    Infrastructure as Code (IaC) and Cloud-Native Security

    • Support secure Infrastructure-as-Code practices with a strong focus on Bicep and cloud-native deployment models. 
    • Review and improve security controls within application deployment templates and infrastructure definitions. 
    • Collaborate with cloud and platform engineering teams to improve secure deployment standards and patterns. 
    • Promote DevSecOps practices across application and infrastructure delivery pipelines. 

    Security Enablement and Collaboration

    • Work closely with developers, architects, and platform teams to improve security maturity across engineering environments. 
    • Assist with application security awareness, guidance, and developer enablement initiatives. 
    • Contribute to security standards, engineering patterns, and operational processes. 
    • Support investigation and response activities related to application security findings and incidents.

    Qualifications, Experience and Skills

    • Bachelor's degree in Computer Science, Information Technology, Engineering, or related discipline (or equivalent practical experience) 

    Relevant Certifications (desirable)

    • CSSLP, GWAPT, GWEB, OSWE, or equivalent application security certifications 
    • Microsoft Azure certifications advantageous 
    • Secure software development or DevSecOps related certifications beneficial

    Technical Skills and Experience

    • Strong understanding of modern application security principles and secure software development practices. 
    • Hands-on experience with .NET and TypeScript application ecosystems. 
    • Working knowledge of Python and Java environments advantageous. 
    • Familiarity with scripting and automation using PowerShell, Bash, or similar technologies. 
    • Experience implementing and managing application security tooling including SAST and SCA solutions. 
    • Strong understanding of software supply chain security concepts including SBOMs, dependency management, and vulnerability management. 
    • Familiarity with common application security weaknesses and frameworks including OWASP Top 10 and CWE classifications. 
    • Experience with CI/CD concepts and DevSecOps integration patterns. 
    • Strong Infrastructure-as-Code knowledge with experience in Bicep desirable.

    Behavioural Attributes

    • Pragmatic and engineering-focused mindset 
    • Strong analytical and problem-solving capability 
    • Collaborative and developer-friendly approach 
    • Ability to communicate complex technical concepts clearly 
    • Self-driven with strong ownership and continuous improvement mindset

    Check how your CV aligns with this job

    Method of Application

    Interested and qualified? Go to Investec on careers.investec.co.za to apply

    Build your CV for free. Download in different templates.

  • Send your application

    View All Vacancies at Investec Back To Home

Career Advice

View All Career Advice
 

Subscribe to Job Alert

 

Join our happy subscribers

 
 
 
Send your application through

GmailGmail YahoomailYahoomail