Security Engineer

We're looking for a candidate to fill this position in an exciting company.ResponsibilitiesThe ideal candidate will come from a software development process in order to appreciate the security pitfalls of software development and how to speak dev.Build and support systems providing security features such as firewalls, authentication and secrets managementProvide subject matter expertise on architecture, authentication and system securityPerforming security reviews of new and existing services (IT, OT, Cloud and Software)Liaising/Consulting internally with teams on security findings to solve vulnerabilitiesSolving interesting and large scale backend technical challenges that affects securityMonitor application and audit logging for security anomaliesAutomation of security anomaly detection and alertingParticipate in forensics of security incidentsLooking for opportunities to innovate and optimize our security solutionsTechnical RequirementsDesign & development of backend software and APIsObject-oriented programming using a language like Ruby (equivalent will be considered)Software development within the Linux/Unix environmentSoftware development using a containerization platform like Docker or KubernetesAgile development practices (team focus, continual improvement, automated tests, refactoring, continuous integration, pair programmingAbility to discover and patch SQLi, XSS, CSRF, SSRF, authentication and authorization flaws, and other web-based security vulnerabilities (OWASP Top 10 and beyond)Code quality reviewsProactively identify and reduce security risksFind and remove outdated and vulnerable code and code librariesGit version controlQualificationsBSc or BTech majoring in Computer Science will be advantageous, however, your ability to demonstrate your track record of security systems is what ultimately countsA minimum of 4+ years of software development experienceMinimum of 2 years supporting a large scale application in an operational capacityMinimum of 4+ years in a similar positionDesirable Skills and ExperienceSecurity related security certifications such as CISSP and OSCPExperience with Kubernetes or other container orchestration platformsUnderstanding of database design (MySQL, Redis, etc.)Familiarity with ElasticSearchExperience with DevOps on a linux based platformExperience with system administration on a linux based platformRuby software development experience preferredKnowledge of common authentication technologies including OAuth, SAML, CAs, OTP/TOTPImplementation and management of infrastructure and service monitoring systemsExposure to secrets management solutionsCloud Infrastructure as a serviceInfrastructure automation such as Cloudformation, Ansible and PuppetNetwork and host based security solutions like Palo Alto, Fortinet, Cisco or Cloudflare
Cape Town, WC, ZA