Job Description

Job Title:

Specialist - Cyber Security Assurance

Location: Midrand

Contract duration: 12 months

Brief Description

Manage the Security and Privacy by Design Assurance (SPDA) processes


Ensure that all projects follow the security-by-design principles, and that privacy and security risks are mitigated from the design phase to implementation.


Conduct internal and external penetration tests on the company's infrastructure, web applications, APIs, and network systems to identify vulnerabilities.


Assess the security of new and existing systems, products, and services to ensure compliance with company security policies, industry standards, and best practices.


Safely exploit vulnerabilities to determine the risks of unauthorized access or data compromise.


Conduct both automated and manual tests to evaluate the resilience of systems against various attack vectors.


Architect and design cybersecurity systems in line with industry best practices to ensure security, performance, and scalability.


Collaborate with IT teams to ensure secure integration of new systems and services and that they comply with cybersecurity requirements.


Implement threat modeling and risk assessments in the design phase of security systems and software.


Review and provide security assessments of company technology projects to close any MPA risks (Material, Procedural, and Administrative), ensuring that risks are mitigated early.


Ensure that all projects are designed, executed, and delivered with the required security baselines in mind.


Stay up-to-date with the latest security trends, attack techniques, and mitigation strategies to ensure the organization remains ahead of emerging threats.


Research and implement innovative cybersecurity technologies and methodologies to improve overall defense posture.


Participate in knowledge sharing, training, and mentoring activities within the cybersecurity team to foster a culture of continuous learning and improvement.

Key Skills and Qualifications:

Experience:

Minimum of 3 years in penetration testing or ethical hacking.

Certifications:

Strongly preferred certifications like

OSCP

(Offensive Security Certified Professional),

CEH

(Certified Ethical Hacker),

CISSP

(Certified Information Systems Security Professional),

CISA

(Certified Information Systems Auditor).

Technical Skills:

+ Proficiency in penetration testing tools such as

Kali Linux

,

Burp Suite

,

Metasploit

,

Nessus

, etc. + Strong knowledge of

network security

,

web application security

,

cloud security

, and

mobile application security

.
+ Familiarity with programming/scripting languages like

Python

,

Bash

,

Ruby

,

PowerShell

, or

JavaScript

.
+ In-depth understanding of

TCP/IP

,

DNS

,

HTTP/S

,

SSL/TLS

, and other network protocols.
+ Solid understanding of common attack techniques like

SQL injection

,

XSS

,

CSRF

,

buffer overflow

, and others.

Soft Skills:

+ Strong analytical and problem-solving skills. + Excellent verbal and written communication skills, with the ability to articulate complex technical findings to non-technical stakeholders.
+ Strong attention to detail and a methodical approach to testing and reporting.