Information Security Specialist- AppSec at Mukuru

About the job
Focused primarily on product and application security, this role requires implementing an application security programme while owning the overall technical aspects of securing our in-house software products to ensure our systems remain secure.

The Information Security Specialist (AppSec) reports directly to the Information Security Manager.

This role is to assess security controls, audit systems and ensure that enhancements are implemented, managed, and maintained across the production application stack, and improve the overall security posture.

We need a technically inclined individual who enjoys interacting with people and is self-driven with an interest in automation and integration. A development background is desirable and understanding code is essential. We are looking for someone who is keen to bug hunt and remediate.

Duties and Responsibilities(include but not limited to):

• Build secure development processes aligned with development methodologies
• Create security awareness and train developers, testers, and business analysts on secure development
• Create and maintain technical documents such as secure coding guidelines, security checklists, and technical security requirements
• Ensure security is built into developed applications
• Perform security assessments: Attack surface analysis and reduction, threat modeling, data protection, secure code reviews, SAST and DAST analysis, security testing
• Code pipeline security
• Develop fixes and seek solutions for software vulnerabilities
• Assess and monitor the production cloud infrastructure hosting applications for vulnerabilities and misconfigurations
• Conduct security audits across the product stack and underlying infrastructure and tooling
• Mitigate future IT security risk
• To manage own professional and self-development

Key Requirements:

• Grade 12 or equivalent (Essential)
• Tertiary qualification in computer science or related field (Essential)
• Recognised industry certifications such as CISSP,ISSAP,CISM,ISO 27001, OSCP (Essential)
• Software engineering certificates
• 5+ years experience in IT systems security (Essential)
• DevOps or DevSecOps Development background
• Knowledge of IT systems and network security
• Knowledge of Cloud Platforms
• Secure Software development
• Knowledge of programming languages such as PHP, .NET, Java, etc.
• Frameworks such as BSIMM, MITRE, OSAMM, OWASP, etc.
• Exposure to code assessment technologies such as Cx, WhiteSource, Vericode

Additional Skills:

• Multitasking skills
• Computer skills
• Attention to detail
• Analytical skills
• Ability to work independently

Only shortlisted candidates will be contacted. If you do not receive any response after two weeks of the closing date, please consider your application unsuccessful.