We are seeking a highly skilled IT Technical Specialist in Digital and Cyber Security to join our team. The successful candidate will be responsible for leading complex security assessments and penetration testing projects to identify vulnerabilities and risks in the IT environments across the organisations's functions and partners both nationally and internationally.
Â
What you’ll do:
- Conduct advanced penetration tests to identify vulnerabilities in computer systems, and networks.
- Develop custom testing methodologies.
- Provide technical guidance and mentorship to junior cyber.
- Prepare detailed reports and present findings.
- Stay up-to-date with the latest security threats, techniques, and countermeasures.
Key objectives:
Business Development
- Build rapport with process owners and stakeholders.
- Practice effective communication skills.
Financial
- Manage time in line with the allocated budget and communicate any potential delays or overruns.
- Assist with the achievement of digitisation goals.
Process
- Conduct advanced penetration tests to identify vulnerabilities in computer systems, networks, and applications.
- Develop custom testing methodologies and tools.
- Provide technical guidance and mentorship to junior cyber resources.
- Prepare detailed reports and present findings to stakeholders.
- Stay up-to-date with the latest security threats, techniques, and countermeasures.
- Conduct technical IT reviews/audits in accordance with approved Internal Audit methodology.
- Manage client interaction for allocated areas of scope.
- Attend audit team kick-off and close-out meetings.
- Prepare process analysis documentation (low complexity processes).
- Compile business understanding documents and flow charts.
- Develop and utilise a sound understanding of business processes, risks and controls including relevant regulatory and accounting issues.
- Identification of process, information and control gaps and seek additional information if necessary.
- Ensure that audit work and associated information generated is accurate, valid and comprehensive prior to review and/or reporting.
- Documenting findings and discussion with client in terms of factual correctness – asks for support where necessary.
- Draft and discuss own findings for inclusion in audit reports.
- Take responsibility to clear and finalise all own reported findings/reporting points.
- Review own working papers for quality and completeness before sending to Audit Manager for review.
- Ensure all review queries are cleared within a reasonable timeframe (expectation 48 hours).
- Focus on problem solving/high risk areas during the audit.
- Communicate any delays or difficulties experienced for corrective action.
- Track audit process status for allocated areas of responsibility and effectively communicate any anticipated challenges, delays, etc.
- Communicates knowledge gained throughout the audit engagement and/or otherwise with the team members.
- Assist in developing continuous control monitoring, auditing and automation.
- Contribute to knowledge sharing and upskilling programmes.
Human Resources
- Attend scheduled training.
- Take responsibility for own career and performance management.
- Contribute to training ideas and/or potential training
- Contribute to the social committee and attend team/social activities.
Your expertise:
- 4-6 years related IT security experience and a minimum of 4 years in penetration testing.
- Strong understanding of network protocols, cryptography, and application security.
- Proficiency in scripting languages (e.g., Python, Bash) and penetration testing tools (e.g., Metasploit, Burp Suite).
- Strong communication skills and ability to articulate technical information clearly.
- Expertise in information security auditing, including operating systems, networks, and firewalls.
- Basic business and financial understanding.
- Basic insurance knowledge (an advantage).
- Sound understanding of IT, data and privacy related legislation and regulation.
- Stakeholder engagement (client interviewing).
- Deep knowledge of the threat landscape and security trends.
- Excellent problem-solving skills and ability to think like an attacker.
- Strong communication skills and ability to articulate technical information clearly.
- Risk management (basic)
- Report writing and drafting findings
- Issue identification
- Audit Planning
- Documentation skills
- Time management
- Root cause analysis
- Programming and ability to interpret source code
Qualifications required:
- Bcom IT /BSc IT degree as a minimum, as well as one or more of the following:
- Certified Ethical Hacker (CEH).
- Offensive Security Certified Professional (OSCP).
- Certified Information Systems Auditor (CISA).
- Certified Information Security Manager (CISM).
- Other Recognised IT Security certifications.
Other information applicable to the opportunity:
- Permanent Position
- Location: Johannesburg