M

DevSecOps Engineer

MIT Recruitment
1 day ago
Full-time
Remote
South Africa
Web Development

Introduction

Our client is looking for a strong Senior Security Engineer to join their Cape Town based team. 

In summary, this Security Engineer will not just be detecting vulnerabilities or problems but also understanding the root causes, help design better architectures and also fix things in infrastructure and code.  They will therefore also review code and build integrations that do not exist yet.

The Security Engineer will own the companies defensive posture end-to-end: building detection and

response capabilities, hardening how they ship software, and using AI to stay ahead of threats

at speed. This includes building new security features, driving remediation processes and

responding to security incidents.

 

Duties & Responsibilities

Key Responsibilities

1. Secure our data, endpoints and networks

2. Ongoing preparation, monitoring, and response to security incidents

3. Build, maintain, enhance and oversee SIEM solutions.

4. Risk management:

  • Conduct pen-testing and threat hunting to find weaknesses in defence systems to improve overall security
  • Design, build and use automations (including AI) to detect threats and drive the remediation processes.
  • Work alongside engineering teams to ensure architecture and design are secure, and ensure implementation is correct.

 

5. Standards, policies, and practices:

  • Design, develop and improve internal security standards and policies
  • Contribute to security requirements for relevant industry standards (PCI, ISO27001, etc)

 

6. Plan, conduct and manage internal security audit processes

7. Conduct diligence on third-party vendors and provide recommendations to management

8. Consult with and mentor staff members on security-related matters.

Desired Experience & Qualification

Requirements

  • Bachelors degree or equivalent experience
  • 8+ years total experience
  • 4+ years in a security-related role
  • 4+ years in a dev or devops role
  • Highly familiar and comfortable with AI for coworking, coding and automation integration in order to augment and speed up delivery based on their own deep technical understanding.
  • The ability to communicate clearly in both written and verbal manner.
  • Attention to detail - for example, spotting a misconfigured IAM policy buried in Terraform or an access token that shouldn’t be there.
  • Clear understanding of security controls and requirements & ability to communicate why security controls are required to technical and non-technical audiences.
  • Experience working with standards such as ISO 27001, PCI, CIS Top 18, OWASP, etc
  • OSCP, CISSP, CISM, SSCP or similar qualifications are advantageous