Search thousands of fresh jobs

×
Return to results
This job is expired
Datafin

DevSecOps at Datafin Recruitment

Datafin

  • R Undisclosed
  • Permanent Senior position
  • Pretoria
  • Posted 21 May 2023 by Datafin
  • Job 2515394 - Ref 23494
Save

About the position

ENVIRONMENT:

A Health Tech Solution Company in Pretoria seeks a well-versed DevSecOps (Development Security Operations) who will support the company by working with the team to perform ongoing operations, administration, and development of security systems. You will continuously work towards high confidence and high accuracy detection rules leveraging abnormal or suspicious events.  You must have an Engineering degree (Computer, Software or Electronic) and 3 years+ experience in any of: Scala, Go, Java, NodeJS/JavaScript/Typescript/Ruby and extensive exposure to CI/CD frameworks: (Jenkins, Code Pipeline + CodeBuild).

DUTIES:

DevOps (30%)

  • Design cloud development infrastructure.
  • Automate deployments in AWS and Azure (and other cloud tools as required).
  • Improve the automation of security controls.
  • Work closely with the dev team on defining industry-standard processes and system requirements, identifying, and proposing fixes to shortcomings in dev lifecycle.
  • Review and evaluate development concepts (for existing products and during design phase for new products) to identify gaps in business processes and controls to assist in the design and documentation of the processes.
  • Design and implement updates to the team which includes:
    • Cloud Conformity
    • WAF status
    • Certificate Management

  • Work with dev team to uplift the security posture of consumer accounts using.
  • Work with the dev team to ensure that security standards and policies are being set up and configured correctly. Drive Cloud Security LRP standards, implementing enterprise minimum security requirements:
    • Data Masking
    • Encryption monitoring
    • Perimeter protections
    • Ingress / Egress uplift

  • Define and maintain backups and backup systems.
  • Design and implement CI and CD pipelines.
  • Monitor infrastructure and deployments, ensuring deployment stability.
  • Generate and maintain effective and efficient high quality, reusable code.

Cybersecurity Management (30%)

  • Drive development standards and processes related to cybersecurity compliance.
  • Monitor all cybersecurity processes, operations, and infrastructure, monitoring internal and external policy and regulatory compliance.
  • Liaise with internal and external stakeholders to prepare for SOC2 Type I (and future roadmap towards HiTrust). 
  • Drive cybersecurity audit strategy and readiness from a dev, security and devops perspective. 
  • Identify, implement, and maintain all security tools and technology.
  • Schedule (and ideally automate) ASV scans and internal vulnerability scans, remediating findings and ensuring accurate & timely reporting to satisfy PCI DSS requirements.
  • Schedule annual Penetration Tests with external supplier(s) and ensure implementation of items identified in remediation plans.
  • Complete required cybersecurity applications and records for large customers and audits, including reporting as required.

Infrastructure Management (30%)

  • Advise on the planning, installation, monitoring and maintenance of IT systems and infrastructure focused on cyber security.
  • Design and execute short- and long-term strategic plans to ensure infrastructure (cloud, security and devops) capacity meets current and future needs.
  • Develop, execute, and oversee procedures, policies and related training plans for cybersecurity project management and infrastructure administration.
  • Conduct research and recommend changes in services, products, protocols, and standards to support development efforts and infrastructure procurement.
  • Define and manage Disaster Recovery Strategy for the organization.
  • Define software and hardware standards in collaboration with stakeholders and owners.
  • Ensure appropriate security levels on network, infrastructure and servers are maintained, ensuring that the IT team follows the requirements set in line with cybersecurity standards.
  • Implement cybersecurity continuous improvement programs.
  • Crisis management - keeping stakeholders informed and actively working with teams to return service in the shortest possible time frame.
  • Effective management and optimisation of vendors (where applicable) as well as collaborating with the dev and IT teams as necessary.

Risk Management and Compliance (5%)

  • Collaborate with divisional Product Owners to define and centralise risks and put mitigation measures in place for new and existing products and services, from a cybersecurity and privacy perspective.
  • Remediate audit items by putting measures in place to prevent the reoccurrence of findings.
  • Participate in various internal and external audits as required with relation to cybersecurity and devops.
  • Maintain documentation for cybersecurity-related risks.

QMS and Documentation (5%)

  • Proactively keep stakeholders updated on status, progress, risks, and problems.
  • Review and approve documented outcomes of Penetration Tests, Remediation Plans and required activities. 
  • Review and approve documented outcomes of Vulnerability Scans, Remediation Plans and required activities.
  • Maintain cybersecurity documents and records in line with certification requirements. 
  • Maintain document bank and matrix for the cybersecurity setup and external customer-audit matrix requests.

REQUIREMENTS:

  • Minimum education (essential): Engineering degree (Computer, Software or Electronic).
  • Minimum education (desirable): CISM (Certified Information Security Manager) or CISSP (Certified Information Systems Security Professional) or CCSP (Certified Cloud Security Practitioner) ITIL Certified.
  • Minimum applicable experience (years): Minimum 5 years’ experience in Technology & Software Minimum 3 years’ experience in Cybersecurity.

Required Nature of Experience:

  • 3 years in any of: Scala, Go, Java, NodeJS/JavaScript/Typescript/Ruby
  • Extensive exposure to CI/CD frameworks: (Jenkins, Code Pipeline + CodeBuild)
  • AWS' ecosystem
  • AWS Well Architected Framework
  • Trusted Advisor
  • GuardDuty / SCP / SSM / IAM / WAF
  • Container services such as ECS/EKS. 
  • Experience deploying auto-scaling and load-balanced Highly Available applications.
  • Hands-on experience with Infrastructure-As-Code tools to automate infrastructure and deployments in AWS, preferably CloudFormation and CDK.
  • Experience reviewing and evaluating development concepts to identify gaps in business processes and controls to assist in the design and documentation of the processes.
  • Experience drafting and implementing security policies, security procedures, security design and implementation.
  • Experience with incident detection and management.
  • The following experience/knowledge would be advantageous: 
    • ISO 14971 (risk management) compliance.
    • ISO 27032 (cybersecurity) compliance.
    • SOC2 Type 2 (with HiTrust attestation) or HiTrust experience (or equivalent).


Skills and Knowledge (essential):

  • Deep understanding of automation, quality engineering, architectural methodologies, principles, and solution design.
  • Familiarity with operational observability, including log aggregation, application performance monitoring, etc.
  • Be familiar with CI/CD pipelines and use of tools such as Github Actions.
  • Understanding of the following: Linux/Windows server and application administration and configuration, networking, scripting and automation, large scale distributed computing architecture.
  • Solid knowledge of IT security (FortiGate firewalls, EDR, IDS/IPS, SOAR(Rapid7), vulnerability scanning (InsightVM,) forensic and Threat Hunting).
  • Understanding of Kubernetes and Containerisation (Docker/Podman/Containerd) with implementation, support, and design.
  • Knowledge in security classification frameworks like MITRE or the cyber-attack kill chain.
  • Good knowledge and understanding of industry standards, memberships, and frameworks such as CIS and ISO-27001.

While we would really like to respond to every application, should you not be contacted for this position within 10 working days please consider your application unsuccessful.

COMMENTS:

When applying for jobs, ensure that you have the minimum job requirements. Only SA Citizens will be considered for this role. If you are not in the mentioned location of any of the jobs, please note your relocation plans in all applications for jobs and correspondence. Apply here [URL Removed] e-mail a Word copy of your CV to [Email Address Removed] and mention the reference number of the job.

Desired Skills:

  • Development
  • Security
  • Operations

Datafin

View agency profile

See all Datafin jobs

About the agency

Datafin Recruitment was established in 1999 and is one of South Africa’s leading Recruitment companies. Owned and managed by two sisters Lindy and Bev Sollinger, we focus on connecting with both our clients and candidates in an authentic conscious meaningful manner. We focus on the Tech, Digital/Online, Data, Finance and HR industries.

Receive a daily digest of all new jobs matching this job. Your information is safe with us and you can cancel any time.

Job expired on 2023/05/23

Email me jobs similar to: DevSecOps at Datafin Recruitment

Receive a daily digest of all new jobs matching this job: Senior IT Auditor. Your information is safe with us and you can cancel at any time.

Create alert
×

Update profile

Recruiters require your CV and profile for job applications and to search for suitable candidates.

It's been over a year. Please review your profile to ensure it's still up-to-date. You will have an opportunity to also upload a new CV.

Start