About the position
Introduction
The position of Ethical Hacker is vacant. The Ethical Hacker will report directly to the ICT Security Specialist and forms part of the Information, Communication and Technology (ICT) Division. The position is based at Head Office in Pretoria.
The total remuneration package for this position is between R611 123 and R763 835 per annum, based on qualifications and experience.
The closing date for applications will be Wednesday, 24 September 2025.
Duties & Responsibilities
The Ethical Hacker will be required to perform the following functions within the Research and Development Division under the supervision of the ICT Security Specialist through the implementation of the following:
- Conduct authorised penetration tests on networks, web applications, internal/external systems, and infrastructure.
- Perform vulnerability assessments and propose risk-based remediation.
- Exploit and validate vulnerabilities (e.g., SQLi, XSS, buffer overflows) to determine impact.
- Produce high-quality technical reports and executive summaries for technical and non-technical audiences.
- Collaborate with ICT, developers, network adminstrators, and service providers to remediate findings.
- Track remediation progress, verify fixes, and report status.
- Plan and execute assessments within scope and timelines, prioritising risk and business impact.
- Maintain accurate documentation, metrics, and evidence for compliance.
- Apply SA-aligned frameworks and regulations in testing and risk reporting (POPIA, ECT Act, King IV, SABS/ISO; SA Cybersecurity Framework).
Desired Experience & Qualification
Qualification requirements are:
- Degree or diploma in Computer Science, Cybersecurity, or related field.
- Professional certifications: CEH (strongly preferred), plus any of OSCP, Security+, CISSP, or GIAC tools a plus
- 3-5 years' hands-on penetration testing experience.
- Proficiency with common tools: Metasploit, Burp Suite, Nmap; vulnerability scanners.
- Strong web application security testing aligned to OWASP.
- Network, operating system, and cloud security assessment experience.
- Experience with scripting/coding (Python, Bash, PowerShell), system administration, and networking.
Beneficial Skills:
- Demonstrated understanding of development frameworks and secure coding practices
- Broad knowledge of hosting environments and cloud infrastructure security
- Proficiency with SIEM solutions and defensive security technologies
- Experience with security auditing tools and vulnerability assessment methodologies
- Demonstrated expertise in intrusion prevention systems and techniques
- Excellent presentation skills with ability to communicate technical findings to diverse audiences
- Hands-on experience with scripting/coding (Python, Bash, PowerShell), system administration, and networking
- Thorough understanding of programming methodologies and secure development practices
- Knowledge of advanced cloud architecture including multi cloud environments, containerisation, and serverless computing
BehaviouralCompetencies:
- Ethical judgement and integrity; discretion and confidentiality.
- Curiosity, persistence, and analytical thinking.
- Attention to detail and professional scepticism.
- Adaptability in fast-changing environments.
- Clear written and verbal communication for diverse audiences.
- Teamwork and collaboration; continuous learning mindset
Desirable:
- Understanding of the medical schemes industry.
Interested?
GEMS employs people with the highest level of integrity - submission to the appropriate pre-employment assessment is obligatory to be considered for the position.
Kindly note that the information provided on application of the position may be shared with a third party for vetting purposes and will be stored by GEMS for a period of 5 years.
Kindly note that information is required for Employment Equity Purposes and information gathered is strictly used according to the intended purpose of collection, unless there is a legal need or permission is granted from the applicant themselves to make use of it for other purpose.
Should you wish to have your information removed from the GEMS database, kindly send a request in writing to [Email Address Removed] .
GEMS adopts a hybrid work model.
GEMS is guided by the principles of employment equity. Preference will be given to groups who are underrepresented in accordance with GEMS employment equity plan.
Successful candidates will be required to seek approval to conduct other work outside of GEMS.
GEMS Employees are required to conduct themselves in a manner that reflects the organisation's paramount values: Excellence, Member Value, Integrity, Innovation, and Collaboration.
