SecDevOps Engineer at Kerridge Commercial Systems South Africa

Kerridge Commercial Systems (KCS) is a market leader in the development and provision of trading and financial software environments for specialist Distribution, Wholesale, Merchant and Retail industry sectors, addressing single or multi-branch operations, as well as catering for organisations with 'point-of-sale' showrooms and warehouses. 

We are experiencing significant growth in markets across North America, Europe and Africa, and indeed beyond. Some great opportunities are being created as a result of this for the right candidates, with the right aptitude for innovating some great products for our much valued customers. 

The Ideal Person: 

• You build excellent relationships and informal networks.
• You are passionate about security 
• You have a naturally positive outlook
• You are a born communicator
• You act on your own initiative
• You take imposed deadlines seriously and take pride in meeting them whilst delivering excellent solutions.
• You have the courage to hold a different stance to the majority, but you constantly strive towards a consensus.
• You constantly look for better ways of working.
• You remain abreast of industry practices and new technologies in the fields of DevOps, and especially Security.

Key Responsibilities: 

As SecDevOps, you will form a part of our growing DevOps team with specific responsibilities for research, design, and implementing automation and Cybersecurity solutions to protect our clients' most sensitive information using secure systems development practices. 

• Architecting, designing and providing implementation patterns of security controls throughout the software delivery lifecycle.
• Designing and developing generic security patterns and guidelines to ensure our portfolio of ERP products stay compliant
• Integrate best practices and processes within software design, development, delivery and DevOps processes and CI/CD pipelines through all stages of the lifecycle.
• Evaluating and on-boarding security tools such as RASP, WAF, SAST, vulnerability and open source scanning into the Security DevOps life cycle for multiple diverse tech stacks.
• Contributing features to internally developed Information Security tools and integrate those tools into the Security DevOps pipelines.
• Driving continuous improvement to both the Security DevOps pipelines and processes, and to the Information Security tools, services, and processes.
• Review, analyse and classify outputs from vulnerability and assessment tools to determine and prioritise fixes, improvements and to determine and articulate risk.
• Contribute to the overall DevOps team objectives and responsibilities.
• Transferring knowledge of and building awareness of cybersecurity solutions within the DevOps team and wider R&D community. 

Key Requirements:

Essential 

Candidates will be evaluated based on their ability to perform the duties listed above while demonstrating the skills and competencies necessary to be highly-effective in the role. These skills and competencies include: 

• Ability to react quickly, decisively, and deliberately in high-stress, high-impact situations
• Strong decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate one
• An ability to influence others effectively to modify their plans and behaviours
• An understanding of business needs and commitment to delivering high-quality, prompt, and efficient service to the business
• Technical expertise in security testing tools throughout the development lifecycle. 

Desirable 

• Experience working with highly complex ERP systems
• Professional qualifications, training or other relevant accreditations in the area of security
• Security Certifications e.g. CISSP, CISM, CCSP, SANS/GSEC
• Cloud Certifications e.g. Azure, AWS etc
• Competencies in any of the following Burpsuite, Zed Attack Proxy, Acunetix, Rapid7, Nessus etc. 

Competencies 

Candidates will be evaluated primarily upon their ability to demonstrate the competencies required to be successful in the role, as described above. For reference, the typical work experience and educational background of candidates in this role are as follows: 

• Minimum of 5 years’ experience working in a DevOps/SecDevOps environment.
• Bachelors or Masters in Computer Science or other related engineering fields, or equivalent in directly relevant experience.
• Experience working in a Software Engineering role in a security focused environment with a strong focus in software engineering / Devops.
• Experience with security testing at scale by building and implementing static and dynamic analysis tools, integrating security into CI/CD workflows for everyday deployments.
• Experience with Containerisation, Kubernetes and Docker.
• Experience converting feedback from security analysis tools into infrastructure improvements.
• Excellent oral and written communication skills with the ability to listen, clarify and share complex information clearly and concisely
• The ability to build strong working relationships and to be able to persuade and influence a range of people at all levels and across cultural and global boundaries
• Flexibility in approach and an ability to manage through change
• Resilient and able to remain calm and positive under pressure and when dealing with ambiguity
• Decisive and mature in judgement
• Able to resolve complex problems taking a proactive approach to analyse the issues and generate solutions
• Actively manages personal learning and development