Job Purpose
The role holder is responsible for ensuring information systems developed and deployed meet the organization's cybersecurity policies, standards, and requirements, as well as complying with applicable cybersecurity regulations and industry standards.
The role holder will ensure that security requirements are properly captured and embedded within the Software Development Life Cycle (SDLC) for all technology initiatives, secure coding practices are adhered to, and secure software and application configurations are maintained.
The specialist will carry out security testing across all technology stacks (mobile, web applications, APIs/microservices, source code, web servers, containers, servers, databases, virtualization environments, network devices, and connectivity) within assigned scrum teams and projects.
Responsibilities
- Work with scrum and project teams to ensure that security requirements are adequately captured during the requirements analysis phase.
- Provide input into the secure design of information systems architecture throughout the project lifecycle.
- Ensure that access to systems during the project lifecycle by staff, contractors, and vendors is secure and based on the principle of least privilege.
- Enforce the implementation and adoption of minimum security baseline standards across all technologies in use.
- Facilitate the identification of security vulnerabilities by performing or coordinating security assessments, vulnerability assessments, and penetration testing (VAPT).
- Ensure security tools and controls are operating as expected within development and deployment pipelines and review security reports generated from them.
- Report security gaps identified within scrum teams and projects and follow up on remediation in accordance with organizational standards and procedures.
- Identify security violations and incidents during the project lifecycle and coordinate the response process.
- Ensure effective integration of security tools to protect, detect, and respond to attempted intrusions before and during project go-live.
- Collaborate with project teams to ensure user access matrices are properly defined and aligned with established roles and responsibilities.
- Participate in deployment activities and conduct post-implementation reviews (PIR) to ensure security configurations are implemented and identified gaps do not progress into production environments.
- Embed cybersecurity awareness initiatives throughout the project lifecycle, with a focus on secure coding practices.
- Provide scheduled security reports to cybersecurity leadership, project teams, and steering committees on the progress of security workstream activities.
Requirements
Skills and Experience
Bachelor’s degree in Computer Science, Information Technology, or other STEM-related discipline.
Master’s degree in Information Security, Cyber Security, or related field will be an added advantage.
Professional information security certifications such as CISA, CISM, CISSP, CRISC, or Security+, as well as application/security testing certifications such as CSSLP, CEH, OSCP, CPT, GPEN, GWAPT, or eJPT.
3+ years of experience in technology roles.
1+ years of experience in information security.
1+ years of experience in Application Security within Secure SDLC and DevSecOps environments.
Strong technical expertise in DevSecOps toolchains, including tools such as Ansible, Jenkins, GitLab, Azure DevOps, Trivy, SonarQube, Terraform, Git/version control systems, or similar technologies.
Familiarity with information security frameworks and standards such as PCI-DSS, ISO 27001, and SABSA.
Knowledge of API security, container security, and cloud security principles.
Experience in project implementation and user training.
Ability to multitask, work effectively under pressure and tight deadlines, influence stakeholders, and operate both independently and within cross-functional teams.
Strong verbal and written communication skills.
Strong analytical and problem-solving skills with the ability to collaborate effectively across teams.