Senior Security Engineer at Shoprite Group of Companies

Job Objectives    

• Provide assurance through collaboration with other stakeholders that all cloud and digital platforms meet the organisation’s security requirements.
• Provide security recommendations on cloud-based data security, platforms and application development.
• Recommend innovative technologies or other methods that will enhance the security of cloud-based environments.
• Serve as the subject matter expert (SME) on cloud security.
• Develop standards, policies and procedures as well as best practices documentation.
• Translate security and technical requirements into business requirements and communicate security risks to different audiences ranging from business leaders to engineers.
• Influence multi-disciplinary teams in implementing and operating cyber security controls.
• Work closely with application developers to deliver creative solutions to complex technology challenges and business requirements.
• Automate security controls, data and processes to provide better metrics and operational support.
• Utilize cloud-based APIs when appropriate to write network/system level tools for securing cloud environments.
• Stay current on emerging security threats, vulnerabilities and controls.
• Identify and implement new security technologies and best practices.
• Create technical and managerial level reports and conduct risk assessments for Cloud-based applications and infrastructure.
• Identify processes/procedures for how to handle cloud security events, including forensic isolation and mitigation with Digital Forensics and Incident Response teams.
• Identify new security threats by conducting continual monitoring, penetration testing, vulnerability assessments and log analysis.

Qualifications    

• Academic qualifications in computer science, cybersecurity, or any related field.
• Recognised industry certifications in cloud security- CSA CBK, CCSP, CISSP.

Experience    

• At least 5 years of experience in cyber security.
• At least 3 years of experience and hands-on expertise in cloud security.
• Practical knowledge of public cloud offerings such as AWS, Azure and GCP.
• Practical knowledge of services related to cloud computing, network, storage, content delivery, administration and security, deployment and management, automation technologies.
• Robust microservices programming (AWS Lambda, Docker, etc.)
• Good understanding and exposure to cloud standards, architecture and models.
• Experience with PKI, SSL, SSH etc
• Hands on knowledge of automation and DevSecOps skills.
• Good understanding of software development principles, including design patterns, code structure, programming languages, continuous integration, continuous deployment, and deployment orchestration.
• Experience with open-source software security.
• Experience with network protocols and deep packet inspection.
• Knowledge of microservices, Kubernetes, docker etc.

Knowledge and Skills    

• Required Skills: strong technical skills, including experience with Linux and Windows operating systems, scripting languages, and cloud provider ecosystems like Amazon AWS,GCP and Azure.
• Excellent attention to detail, as they must constantly monitor systems to ensure there are no external threats.
• Excellent oral and written communication skills will be essential when interacting with team members.
• Strong problem-solving skills in order to swiftly and deal with threats or flaws in cloud environments.
• Skilled in discussing complex security issues in understandable business terms.
• Detailed knowledge of system security vulnerabilities and remediation techniques.
• Ability to recommend solutions based on use cases and business requirements.
• Stay- Abreast with emerging technologies and threats and ability to proactively assess and evaluate the adoption thereof in the organization.