Security Engineer I - Brackenfell at Shoprite Group of Companies

Job Objectives

• Identify new security threats by conducting vulnerability assessments and proactive research to analyse security weaknesses and recommend appropriate solutions.
• Conduct offensive security testing consistent with known adversary tactics techniques and procedures and contribute to the development of objectives and approaches taken to remediate risk.
• Conduct security audits and authorised cyberattack simulations by designing and utilising hacking tools to access designated pieces of data during a predetermined time frame.
• Simulate security breaches to test detection and response capabilities of people and technologies in place.
• Document security issues and impacts identified through offensive operations and explain technical details in a clear, concise and understandable manner to facilitate reporting to impacted stakeholders. 
• Create reports and recommendations from findings, including the security issues uncovered and level of risk
• Provide guidance and recommendations to different stakeholders responsible for security remediation actions to close identified gaps and remediation validation testing.
• Advise on methods to fix or lower security risks to systems and present findings, risks and conclusions to management and other relevant parties.
• Consult with defensive operations teams on adversary tactics to guide and mature cyber defensive countermeasures
• Stay abreast with emerging security threats, vulnerabilities, and controls.
• Other duties as assigned.

Qualifications

• Diploma / Degree in computer science, cybersecurity, or any related field
• Recognised industry certifications in offensive cybersecurity such as Pentest+ or equivalent 
• Evidence of practical training such as HackTheBox, TryHackMe, among others; writeups/walkthroughs and participation in Capture the Flag events

Experience

• Experience in conducting security or vulnerability assessments for solutions consisting of a variety of technology stacks and architectural implementations.
• Experience in identifying and exploiting vulnerabilities.
• Experience in security principles such as attack frameworks, threat landscapes, and attacker tactics, techniques and procedures
• Strong ability to identify and exploit security gaps/vulnerabilities on endpoint devices, web applications, or networks.
• Strong experience in various operating systems and application security hardening and best practices.
• Experience and basic knowledge of any scripting language.
• Exposure and understanding of enterprise solutions from a functional and security perspective.