Application Security Analyst at Clicks Group

Job Description

Application Security Analyst

We are looking for an experienced and innovative candidate for the position of Application Security Analyst for the IT Security Team within the IT Department. This position will report to the Information Security Officer and will be based at our Head Office in Cape Town.

Purpose and Objectives

Job Objectives

• To take ownership of application security duties and provide day-to-day support to the Information Security Officer, including:
• Perform application security reviews and penetration testing towards resolution
• Proactively identify and mitigate against application security risks or incidents
• Assist in security training and outreach to internal infrastructure and development teams
• Raise awareness of application security requirements through development and review of application security standards, policies and processes
• Perform assessments and threat modelling of SSDLC processes
• Guide vendor security activities to ensure 3rd‐party software and development meets Clicks security standards
• Generate weekly application security reports structured to provide information about statistics and trends as required by the Information Security Officer
• Implement application security projects and research work as needed
• Maintain PCI DSS and audit compliance requirements
• Share workload with IT Security analysts to meet call SLA requirements
• Administer logical user access management and review campaigns for key applications
• Monitor and manage on- and off-boarding of users, including employees and contractors
• Initiate and complete user application access certification review campaigns

Requirements

Qualifications and Experience

• At least 5 years general IT experience, preferably in the retail or financial industries
• At least 2 years specialist application security experience
• At least one or more recognised security certifications (CISSP, OSCP)
• Intermediate knowledge and understanding of security engineering, system and network security, authentication and security protocols, cryptography, or application security
• An understanding of web services
• Experience with programming languages
• Working knowledge of diverse range of key applications across different platforms
• Knowledge of OWASP tools and methodologies

Competencies

• Analysing
• Planning and Organising
• Delivering Results and Meeting Customer Expectations
• Deciding and Initiating Action
• Learning and Researching
• Creating and Innovating

Skills, Abilities and Job Related Knowledge

• Excellent written and verbal communication skills
• Understanding of HTTP and other web based protocols
• Knowledge of common application security requirements
• Knowledge of standard SDLC practices
• Ability to quickly assimilate knowledge from outside own area of expertise
• Ability to make quick but informed decisions under pressure
• Innovative, critical thinking and problem solving skills
• Ability to work both independently and in a team-oriented, collaborative environment
• Ability to identify security weaknesses and take ownership of tasks
• Ability to effectively prioritise and execute tasks in a high-pressure environment
• Good communication and organisational skills
• Ability to adapt to shifting priorities, demands and timelines