Job Description

Job Details
Closing Date 2024/01/30
Reference Number SHO240123-4
Job Title Security Engineer I
Job Type Permanent
Location - Country South Africa
Location - Province Western Cape
Location - Town or City Brackenfell, Cape Town
Purpose of the Job

The primary responsibility of this role is to help improve the security of the organisation by attempting to find and exploit any vulnerability a threat actor might use. This junior role will also test the effectiveness of existing controls to find gaps, vulnerabilities and weaknesses and suggest measures to improve the security posture. In this role, the individual will plan and execute evaluation tests, stay informed about current cybersecurity threats, tools, techniques, tactics, procedures and methods used by hackers. As well as identifying problems, the successful candidate will also provide advice on how to minimise the identified risks. The role is responsible for ensuring that there are sufficient and effective security controls to protect the organisation form adversaries. This role will conduct offensive security operations to emulate adversary tactics and procedures to test preventative, detective and response controls across the technology landscape. This junior role will user their expertise to help influence technology decisions and work as part of a team to create consistent approaches to the offensive security processes and techniques.

Job Advert Details
Job Category IT
Job Objectives

Identify new security threats by conducting vulnerability assessments and proactive research to analyse security weaknesses and recommend appropriate solutions.
Conduct offensive security testing consistent with known adversary tactics techniques and procedures and contribute to the development of objectives and approaches taken to remediate risk.
Conduct security audits and authorised cyberattack simulations by designing and utilising hacking tools to access designated pieces of data during a predetermined time frame.
Simulate security breaches to test detection and response capabilities of people and technologies in place.
Document security issues and impacts identified through offensive operations and explain technical details in a clear, concise and understandable manner to facilitate reporting to impacted stakeholders.
Create reports and recommendations from findings, including the security issues uncovered and level of risk
Provide guidance and recommendations to different stakeholders responsible for security remediation actions to close identified gaps and remediation validation testing.
Advise on methods to fix or lower security risks to systems and present findings, risks and conclusions to management and other relevant parties.
Consult with defensive operations teams on adversary tactics to guide and mature cyber defensive countermeasures
Stay abreast with emerging security threats, vulnerabilities, and controls.
Other duties as assigned.
Qualifications

Diploma / Degree in computer science, cybersecurity, or any related field
Recognised industry certifications in offensive cybersecurity such as Pentest+ or equivalent
Evidence of practical training such as HackTheBox, TryHackMe, among others; writeups/walkthroughs and participation in Capture the Flag events
Experience

Experience in conducting security or vulnerability assessments for solutions consisting of a variety of technology stacks and architectural implementations.
Experience in identifying and exploiting vulnerabilities.
Experience in security principles such as attack frameworks, threat landscapes, and attacker tactics, techniques and procedures
Strong ability to identify and exploit security gaps/vulnerabilities on endpoint devices, web applications, or networks.
Strong experience in various operating systems and application security hardening and best practices.
Experience and basic knowledge of any scripting language.
Exposure and understanding of enterprise solutions from a functional and security perspective.
Knowledge and Skills

Technical aptitude with a passion and excitement for finding security vulnerabilities and gaps, innovative technologies and exploiting the identified gaps. Strong investigative mindset with an attention to detail.
Problem-solving skills xe2x80x93 Able to collect, organise and assimilate disparate, multiple and complex security threats or flaws within an environment to swifty arrive at solutions.
High level of self-motivation and drive to meet and exceed on goals and expectations and engage and energise others to deliver on expectations. Comfortable taking decisions and dealing with a range of problem-solving challenges independently.
Detailed, organised and quality focused xe2x80x93 Has an affinity for detail, structure and efficiency, balancing planning and execution. Is diligent and vigilantly watches over work processes, tasks and outputs to ensure accuracy while independently actioning and correcting any quality- concerns.
Strong communication skills xe2x80x93 Is able to confidently explain and simply complex IT security concepts and their real-world advantages/disadvantages to a diverse business audience. Is also able to explain technical details in a clear, concise and understandable manner to facilitate reporting to impacted stakeholders.
Collaborative partner- Works effectively across functions and as part of a multi-disciplinary team.
Is collaborative and able to build sound, professional relationships with internal and external stakeholders.
Ability to work under pressure and under tight time constraints, efficiently prioritising workloads, balancing multiple and competing priorities and managing time effectively in a high-volume, fast moving environment. Enjoys challenging work and has the proven ability to effectively adapt to and manage change. Independently handle complex issues with minimal supervision, while escalating only the most complex issues to appropriate staff.
Is curious and adaptable, finds agile and rapid ways of answering business questions and implementing solutions fast.

Shoprite Holdings