Security Engineer at Discovery Limited

Job Purpose

• The Security Engineer is responsible for designing, building and testing security solutions for Discovery Bank. The incumbent will develop and integrate security solutions for application systems, projects and applied technologies, also solving for technical problems and challenges that arise. The Security Engineer is also responsible for overseeing and conducting penetration tests within the Discovery Bank environment.

Areas of responsibility may include but not limited to

• Work across mobile apps, backend APIs and supporting systems to design, build and test security controls.
• Design and build internal tools to automate testing and conduct security reviews.
• Apply OWASP standards to identify risks and vulnerabilities within various systems.
• Use tools like Postman and mobile debugging frameworks to evaluate security controls and perform penetration testing.
• Acquiring a detailed understanding of business processes and applications.
• Translating technology and environmental conditions (business, legal and regulatory requirements) into the security design for applications and business processes.
• Proactively engaging in all stages of the development lifecycle to ensure that solutions are securely designed, built, verified, deployed and maintained.
• Check for gaps in security that could occur and advise on best practice to minimise risk
• Perform risk and threat modelling as part of security assessments and solution design.
• Participate in resolution of incidents in order to engineer requisite solutions.
• Deliver, report and track security issues to resolution.
• Define, implement and maintain security policy and security standards.
• Evaluate new technologies and processes that enhance security capabilities for the bank.
• Collaborate with colleagues on and provide thought leadership on security topics e.g. authorisation, authentication, encryption, integration solutions, etc.

Personal Attributes and Skills

• Values driven.
• Facilitation and conflict resolution capabilities, and builds working relationships.
• Problem solving and analytical capabilities.
• Excellent written and verbal communication skills, with the ability to convey technical detail in clear and concise manner.
• Ability to work under time constraints with minimal supervision in an agile environment.
• Looks for ways to optimise and automate solutions and testing in continuous integration/development and deployment environments.
• Willingness to both issue and accept challenges to analytical problems.
• Knowledge of Banking products, processes and systems is an advantage.

Education and Experience

• Bachelors of Science degree in computer/electronic engineering or software programming background.
• At least 3-5 years’ experience with software development/engineering within banking or financial institutions.
• Experience with popular programming languages and frameworks e.g. Javascript, Node,  Java, Spring, .Net, etc.
• Experience with integration protocols and technologies e.g. SOAP, REST, JSON, XML, etc.
• Solid understanding of cloud, virtualisation and containerisation security would be advantageous.
• Solid understanding of modern federated authentication and authorization frameworks e.g. SAML, OIDC, ADFS, OAuth2, etc.
• Working knowledge of data protection best practices (at rest, in flight and in use).
• Experience with encryption protocols, technologies and techniques.
• Experience working with product teams specifying secure application requirements.
• Certifications advantages CISSP, CEH, ISACA CRISC/CISM, CISSP-ISSAP, CISSP-CSSLP, CSK, CCSP, etc.
• Working knowledge of security penetration methods and tools.
• Knowledge of SAP security, micro-services & API security is considered an advantage.
• Working knowledge of tools such as log management and log analytics tools e.g. Splunk is advantageous.