Application Security Engineer / Penetration Tester at OUTsurance

What do you get OUT? 

• OUTsurance has been voted Top Employer South Africa since 2022.  Our people vision is to be a great company to work for where you always get something OUT.

We offer our employees:

• A winning, fun and inclusive company culture that embraces diversity.
• Great Rewards and Recognition programs.
• Benefits (Medical Aid, Pension fund, Group life and Disability benefits)  
• Growth opportunities (we hire talent, train skill and promote values driven leaders from within)
• Wi-Fi on campus and Emergency Panic-Assist through the OUTsurance app
• Employee wellness programs: Free Counselling, Legal Advice and Financial Coaching for you and your members of household.

Casual Dress Code

• Central office location with shuttles to and from the Gautrain station and Centurion Taxi Rank
• Onsite Clinic, Canteen, Carwash, Barber, Beauty Salon and Sports facilities
• Day care centre during public school holidays
• Maternity Expressing Rooms
• Prayer Rooms
• A chance to give back (Staff Helping SA OUT volunteer program) and much more…

We are seeking a highly experienced Application Security Engineer/ Penetration Tester to join our team. The ideal candidate will have a strong background in software development, information security, and operations.

Job Description

Responsibility: Application Security(70%)

• Identify, implement, and maintain security tools and technologies
• Participate in regular security reviews and assessments of the infrastructure, applications, and processes.
• Up to date knowledge of security testing methodologies, tools, and frameworks (OWASP, IST, SANS, etc.)
• Schedule (and ideally automate) Vulnerability scans and tests, remediate findings and ensure accurate reporting to satisfy regulatory compliance.
• Perform quarterly penetration tests of all deployed projects and ensure implementation of items identified in remediation plans.
• Software dependency scanning

Responsibility: DevSecOps (20%)

• Maintain & Administer Security controls on Cloud Development Infrastructure
• Improve Automation of Security Controls on Deployments in Azure & On-Premise Environments
• Work with the dev team to ensure that security standards and policies are being set up and configured correctly

Responsibility: Knowledge sharing & documentation (10%)

• Host the secure development forum for OUTsurance.
• Communicate effectively with stakeholders at all levels of the organization, including technical and non-technical audiences.
• Develop and maintain security policies, procedures, and guidelines for development, deployment, and operations.

Qualifications

• 3 Years industry specific experience & Minimum 5 Years in Technology & Software
• Great knowledge and understanding of Secure Code Development practices and tools such as SonarQube, AquaSec, Harbor, etc.
• Knowledge in security classification frameworks like MITRE or the cyber-attack kill chain and Open Threat Networks
• Knowledge of security testing methodologies, tools, and frameworks (OWASP, NIST, SANS, etc.)
• Solid knowledge of IT security (FortiGate Firewalls, Local Traffic Managers, SIEM, SOAR, EDR, XDR)
• Experience with security compliance frameworks (PCI DSS, HIPAA, GDPR, etc.)
• Experience drafting and implementing security policies, security procedures, security design and implementation.
• Extensive knowledge of DevSecOps principles, practices, and tools, including containerization, orchestration, and automation
• Experience with cloud platforms (AWS, Azure, GCP) and infrastructure-as-code tools (Terraform)
• Familiarity with operational observability, including monitoring, log aggregation, application performance monitoring, etc.