Principal Application Security Architect
Bellville, Western Cape, South Africa
Santam BITS has a career opportunity for a senior role of Principal Application Security Architect in the Business Information and Technology Services (BITS) department which is based in the Western Cape or Gauteng.
KEY RESPONSIBILITIES
- Driving a comprehensive application security strategy.
- Threat mitigation and risk management.
- Secure architecture and design.
- Vulnerability management and code reviews.
- Securing the development lifecycle.
- Collaboration and communication with development teams and other stakeholders.
- Understanding regional requirements.
- Lead the development and execution of application security assessments.
- Ensure applications comply with all relevant security standards and regulations.
- Champion a "security by design" culture.
- Develop and maintain application security documentation.
- Develop and manage risk mitigation strategies.
- Work with other security teams (e.g., security operations, etc.)
- Stay up-to-date on the latest application security threats and vulnerabilities.
- Application Security Incident Response and Cyber Crisis Management.
- Participate in Group Information Security Programme (GISP) initiatives.
- Application Security (including cloud security), Infrastructure Security, and Cybersecurity Education, Training and Awareness.
- Provide regular feedback to Santam Manco on Group-wide application security issues.
- Clear and timely communication to management and users regarding application security matters.
- Application Security Risk assessment that identifies a requirement for additional awareness or targeted education, training, and awareness interventions.
- Review and respond to all application security-related audit findings.
- Produce required application security reports.
- Ensure that security 'gates' are a formal part of the SDLC/ Agile/ relevant solution development methodology.
- Active participation in Sanlam-sanctioned industry bodies (e.g. ISF Live, ISACA, FS-ISAC)
- Timeous escalation of new, high or escalating cybersecurity risks.
- Engage with application owners and the Group Cyber Security Centre (GCSC) Operations Team to ensure that system vulnerabilities identified during penetration tests, Red Team exercises, or vulnerability scans are addressed.
- Ensure that the Group CIO is aware of risks and actions required.
- Find & provide root cause analysis and implement permanent and/or long-term fixes for application security-related incidents.
- Strong understanding of integration between Workstations and Network/Servers.
QUALIFICATIONS AND EXPERIENCE
- A bachelor’s Degree or Diploma in Cybersecurity, Computer Science, Information Systems, or a related field, or equivalent work experience.
- A Recognised Cyber Security Certification(s) (e.g., Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Ethical Hacker (CEH), or similar certification will be an advantage.
- With 15+ years of experience in software engineering, a significant portion of that in an architectural position focusing on cybersecurity within complex organisations, preferably in the financial services sector. The incumbent must have a solid technical software engineering background with a deep understanding of cybersecurity concepts, threats, and vulnerabilities.
COMPETENCIES
- High Stress Tolerance.
- Building and maintaining relationships.
- Teamwork and ability to function independently.
- Facilitation Skills.
- Planning and organising.
- Ability to work independently.
- Interpersonal savvy.
- Plans and aligns.
- Optimises work processes.
- Cultivates innovation.
- Drives results.
- Sensitivity to Risk.
- Balances Stakeholders.
- Reporting and Administration.
ADDITIONAL COMPETENCIES AND SKILLS
- Mobile Development: Security expertise in Android, iOS, and cross-platform frameworks like Flutter helps secure sensitive data on user devices.
- Cloud Security: A deep grasp of cloud platforms like AWS, Azure, and GCP and their security implications is vital for secure cloud deployments.
- API Security: Understanding API security best practices is critical to prevent unauthorized access and data breaches.
- Vulnerability Understanding: In-depth knowledge of common and obscure vulnerabilities in various technologies allows for accurate identification and exploitation for testing and mitigation purposes.
- Secure Coding Practices: Expertise in secure coding principles and best practices for different languages and frameworks empowers proactive vulnerability prevention.
- Threat Modelling: The ability to analyse application architecture and functionality to anticipate potential attack vectors and proactively address them is crucial.
- Security Scanners and Code Analysis Tools: It is vital to understand how to use these tools to identify vulnerabilities in code and recommend remediation strategies.
- Penetration Testing Tools: Familiarity with these allows for thorough vulnerability assessment and simulating real-world attack scenarios.
- Security Incident Response Tools: Knowledge of incident response tools and methodologies helps them effectively handle security breaches and minimize damage.
- Cryptography and Encryption: Understanding encryption algorithms and their application in securing data is essential.
ABOUT THE COMPANY
Santam is the leading short-term insurer in South Africa. Along with its subsidiaries, the business transacts all classes of short-term insurance. Santam is a large, diversified, and transforming company and our success is rooted in our passion for our clients. Everything we do is centered on our delivery of Insurance Good and Proper.
Please note this appointment will be made in line with the Divisional Employment Equity targets. People with disabilities are welcome to apply.
#J-18808-Ljbffr