Security Analyst reporting to the Senior Security Manager located in Centurion, Pretoria
The Security Analyst will identify and resolve complex technical issues related to security technologies. The analyst will collaboratively perform in-depth analysis with stakeholders on complex security issues and provide optimum solutions which meet both business and technical requirements while aligning with the IoT.nxt information security strategy.
To analyse and enhance information security related processes with the aim to optimise work within the sphere of Information Security in its entirety. Working independently to deliver on work tasks and pro-actively mentor staff where necessary.
Key Result Areas: (Major Accountabilities)
Perform risk assessments, document risk and treat risks.
Assist in the upkeep of information security processes at IoT.nxt.
Assist with security and privacy compliance tasks.
Identify risks in Docker containers and help teams to address identified risks.
Audit various systems for security compliance.
Help to ensure that non-compliant systems are remediated in a timely manner.
Perform penetration tests on various systems.
Assist with incident response.
Help to create technical documentation on security.
Assist with security training and awareness programmes.
Provide assurance through collaboration with other stakeholders that applications, APIs, websites and mobile applications meet the security requirements before they are deployed to production.
Perform security tests on applications, APIs, websites and mobile applications.
Pinpoint methods and entry points that attackers may use to exploit vulnerabilities or weaknesses.
Search for weaknesses in common software, web applications, mobile applications and proprietary systems before they are discovered by hackers.
Research, evaluate, document and discuss findings with IT teams and management.
Review and provide feedback for information security fixes.
Stay updated on the latest malware and security threats.
Knowledge, Skills, Experience:
General scripting/programming knowledge.
Previous penetration testing experience.
Ability to explain difficult concepts in an understandable manner.
Have a good understanding of Windows, Linux, FreeBSD and MacOS.
General scripting/programming knowledge.
Documentation and technical document writing experience important.
Broad understanding of security required.
General understanding of ISO27001, security compliance and risk registers.
General understanding of OWASP, vulnerability identification and vulnerability management.
Excellent attention to detail.
Experience with Kubernetes.
Experience with Docker.
Experience with AWS and Azure.
Degree or certification in Computer Science or similar field.
Certification in cybersecurity, such as OSCP and CEH will be beneficial.
Proven experience with Linux or FreeBSD or MacOS.
Risk management experience.
Minimum 5-year experiences within an IT environment and least 3-5 years specialising in information security.
Excellent at working with lead times and planning.
Good understanding of firewalls and networking
Develops workable implementation plans.
Communicates changes effectively.
Builds commitment and overcomes resistance.
Prepares and supports those affected by change.
Proactively identify risks and propose controls to address the identified risks.
Exhibits confidence in self and others.
Inspires respect and trust.
Accepts feedback from others.
Gives appropriate recognition to others.
Displays willingness to make decisions.
Exhibits sound and accurate judgment.
Supports and explains reasoning for decisions.
Includes appropriate people in decision-making process.
Makes timely decisions.
Sets and achieves challenging goals.
Demonstrates persistence and overcomes obstacles.
Measures self against standard of excellence.
Takes calculated risks to accomplish goals.
Values and Behaviours:
We are honest and respect each other.
We challenge issues but honour commitments.
We believe that innovation is a way of life.
We have a passion to win; a freedom to fail; but only once for the same reason.
We take responsibility for our actions; we are accountable for achieving results and we take ownership of our mistakes.
We do the right thing for the right reason.
We are part of the solution, not part of the problem.
We are fearless with nerves of steel.
We believe in teamwork and partnership.
We are diverse yet united.
We are involved yet independent.
We believe in learning and continuous improvement.
Remuneration & Benefits:
Annual Salary CTC
Flexible / Remote Working
Are you our next SECURITY ANALYST?
Express your interest below