Job Description
An IT Security Analyst with focus on security architecture experience plays a crucial role in safeguarding an organization’s data and systems against internal and external security threats. Ongoing Security Testing for Online Banking. Make sure these applications are secure.
Hello future IT Security Analyst/Architect.
Welcome to FNB, the home of the #changeables. We design for the shapeshifters and deliver products and services that make us incredibly proud of people that make it happen.
As part of our Core Banking Team, you will be surrounded by unique talents, diverse minds, and an adaptable environment that lives up to the promise of staying curious. Now’s the time to imagine your potential in a team where experts come together and ignite effective change.
Are you someone who can:
Security Architecture Design:
- Develop comprehensive security architectures and frameworks tailored to the organization’s needs. Assess security risks, identify vulnerabilities, and define security requirements to establish a robust security posture that addresses both current and future threats as part of design of business applications and solutions.
- Design secure software architectures and applications to mitigate vulnerabilities and prevent exploitation by attackers. Conduct threat modeling, secure code reviews, and penetration testing to identify and address security weaknesses in software systems. This includes implementation of secure coding practices, encryption mechanisms, and access controls to protect against common security threats such as SQL injection, cross-site scripting (XSS), and buffer overflows.
- Evaluate security technologies and recommend solutions to enhance security posture to protect the organization's sensitive information assets, including intellectual property, customer data, and financial information.
- Assess information security risks and implement technical controls to safeguard data confidentiality, integrity, and availability in areas such as data encryption, access control, data loss prevention (DLP), and identity and access management (IAM).
Research and Evaluation:
- Research new security tools, assess their applicability, and evaluate products and service offerings to enhance the organization’s security posture.
- Perform ongoing Security Testing for Online Banking to ensure that applications are secure, in accordance with National Credit Act (NCA).
Incident Response and Compliance:
- Support incident response policies. Monitor compliance with security policies, document findings, and ensure successful closure of compliance deficiencies and incidents.
Data Protection and Confidentiality:
- Implement processes to protect data confidentiality, integrity, and availability. Maintain technical mechanisms that enable these controls.
Project Participation:
- Participate in or lead projects assigned by the Chief Information Security Officer (CISO) to meet information security requirements. Collaborate with technical and business personnel to ensure secure solutions.
- Assist in the design of new business tools and products, ensuring best practice and effective security principles are incorporated from the design of these systems.
We would love to see applicants who:
- Have expert knowledge of and experience with security tools/techniques.
- Possess knowledge of security architecture to enhance software development to include security-by-design principles.
- Utilize tools and technologies to conduct ethical hacking and penetration testing with a particular emphasis on custom developed web applications.
- Analyze test results and report on recommendations to rectify any vulnerabilities identified.
- Ensure compliance to security standards within the business unit and within the organisation.
- Consult to projects in terms of identifying risks, vulnerabilities, and controls for new developments.
- Identify significant risks during the software development test cycle and implement controls to mitigate these risks.
- Research and assist in the implementation of security products within the organisation where appropriate.
- Perform functional and technical test analysis and testing (including regression) on security specific projects, incidents and work requests.
- Provide weekly reporting on test progress.
- Research and understand security best practices and how they are implemented in a corporate environment.
- Maintain current knowledge of the Information Systems security industry’s emerging technologies.
Qualification AND Experience:
- IT Degree.
- Preference to security qualification e.g., OPST, CISSP, CISM, Security+.
- Professional Registrations.
Additional Requirements:
- Perform security reviews, with a specific focus on testing of major software components and their code, by utilizing tools and technologies to conduct ethical hacking and penetration testing with a particular emphasis on custom developed web applications.
- Have firewall knowledge and experience in firewall reviews and network design.
- Comply, understand and implement all steps for the IT Information Security Processes and Procedures and meet governance in terms of legislative and audit requirements.
- Analyze information security test results and report on recommendations to rectify any vulnerabilities identified and ensure compliance to security standards within the business unit and within the organisation.
- Contribute to the implementation, and maintenance of corporate-wide information security policies, programs, and standards. Ensure that security measures align with organizational goals.
- Perform risk assessments and technical vulnerability analyses. Identify process risks, weaknesses, and controls, making recommendations and plans to address vulnerabilities.
- Report on mitigating actions required to correct or remedy actions where necessary and inform IT Risk of any significant changes and risk situations.
- Consult to projects in terms of identifying risks, vulnerabilities and controls for new developments by researching and understanding security best practices and implementation of security products in a corporate environment.
- Perform Security Assessments on internal environments or external 3rd party environments, with the purpose of identifying shortcomings which introduce risk.
#Post
#FNB
#LI-ML2
Job Details
Take note that applications will not be accepted on the below date and onwards, kindly submit applications ahead of the closing date indicated below.
15/11/24
All appointments will be made in line with FirstRand Group’s Employment Equity plan. The Bank supports the recruitment and advancement of individuals with disabilities. In order for us to fulfill this purpose, candidates can disclose their disability information on a voluntary basis. The Bank will keep this information confidential unless we are required by law to disclose this information to other parties.
#J-18808-Ljbffr