Support

Software Security Engineer

  • Permanent Senior position

  • Stellenbosch, Western Cape

  • Market Related cost to company Neg

  • Job 2152017 | Ref PE005058Liesl

  • Posted 04 Oct 2017 by Recru-it


About the Position

In this role, you will report to the VP of Software Engineering. You will not be a traditional member of any of our Agile development teams (i.e. you’ll be ‘outside of sprints’), but will collaborate with all teams by attending their Agile ceremonies such as sprint planning and grooming meetings. You will meet often with product owners and other business stakeholders to help them identify and clarify software security requirements.
The role will require a fair amount of research on security trends and building of prototypes to prove security concepts. You will be expected to be the first to know about new Common Vulnerabilities and Exposures (CVE) additions (i.e. publicly known cyber security vulnerabilities). You will also perform penetration testing on our mobile and back-end systems.
Although you will be expected to be the biggest influencer for the use of security patterns, you will not have the authority to dictate it. You are an evangelist who gets people on board through sheer technical respect and influence. Technical design authority will sit with the teams whereas product priority and business requirement authority will sit with the product owners.

Responsibilities


  • Periodic auditing of existing systems and providing improvement recommendations (i.e. almost in line with what penetration testing companies do, but on an ongoing basis)
  • Flagging of existing systems that become affected by newly discovered vulnerabilities (either manually or via some tooling) and working with product owners to schedule fixes
  • Periodic auditing of existing code
  • Participating in developer code-reviews to ensure security robustness of new code
  • Recommending tools or solutions which assist in identifying and mitigating security issues

Technical skills and experience


  • 10+ Years’ object orientated development experience
  • Experience with the use of penetration testing tools (e.g. Metasploit)
  • Experience with network traffic analysis (e.g. Wireshark, tcpdump)
  • Well versed in methods to prevent attacks (e.g. input validation, privilege separation)
  • Well versed in methods to detect attacks (e.g. honeypots, IDSs)
  • Good network protocol knowledge (e.g. DNS, IP, TCP, DHCP, HTTPS)
  • Solid understanding of networking and cloud systems (e.g. AWS, Azure, Google Cloud Platform)
  • Solid understanding of Linux and container systems (e.g. Docker)
  • Knowledge of PKI, TLS, OpenSSL, and Java cryptography 
  • Knowledge of mobile phone exploitation techniques
  • Awareness of social engineering techniques
  • Experience with vulnerability scanning tools (e.g. BlackDuck)
  • Experience with the Agile development frameworks like Scrum

Personality attributes


  • Healthy self-esteem – you will be challenged by some bright minds on a regular basis and they may reject your ideas
  • Good communication skills – you will need to explain your ideas to teams and business stakeholders
  • Ability to get things done – we don’t like micro-management, but we expect you to do the right thing
  • Tendency to think outside the box – innovation is highly valued
  • Aptitude to keep abreast of security trends

Apply online
This job may be removed before it expires.

Expires in 12 days

Get jobs via email

Receive a daily digest of all new jobs matching this job. Your information is safe with us and you can cancel at any time