IT Security Analyst

Job Description

An IT Security Analyst with focus on security architecture experience plays a crucial role in safeguarding an organization’s data and systems against internal and external security threats. Ongoing Security Testing for Online Banking. Make sure these applications are secure.)

Hello future IT Security Analyst/Architect.

Welcome to FNB, the home of the #changeables. We design for the shapeshifters and deliver products and services that make us incredibly proud of people that make it happen.

As part of our Core Banking Team, you will be surrounded by unique talents, diverse minds, and an adaptable environment that lives up to the promise of staying curious. Now’s the time to imagine your potential in a team where experts come together and ignite effective change.

Are you someone who can:

Security Architecture Design:

• Develop comprehensive security architectures and frameworks tailored to the organization’s needs. Assess security risks, identify vulnerabilities, and define security requirements to establish a robust security posture that addresses both current and future threats as part of design of business applications and solutions.
• Designing secure software architectures and applications to mitigate vulnerabilities and prevent exploitation by attackers. Conducting threat modeling, secure code reviews, and penetration testing to identify and address security weaknesses in software systems. This includes implementation of secure coding practices, encryption mechanisms, and access controls to protect against common security threats such as SQL injection, cross-site scripting (XSS), and buffer overflows
• Security Solution evaluation of security technologies and recommend solutions to enhance security posture to protect the organization's sensitive information assets, including intellectual property, customer data, and financial information. 
• Assessment of information security risks and implementation of technical controls to safeguard data confidentiality, integrity, and availability in areas such as data encryption, access control, data loss prevention (DLP), and identity and access management (IAM).

Research and Evaluation:

• Analysts research new security tools, assess their applicability, and evaluate products and service offerings to enhance the organization’s security posture.
• Perform ongoing Security Testing for Online Banking to ensure that applications are secure, in accordance with National Credit Act (NCA)

Incident Response and Compliance:

• IT security analysts actively support incident response policies. They monitor compliance with security policies, document findings, and ensure successful closure of compliance deficiencies and incidents.

Data Protection and Confidentiality:

• Analysts implement processes to protect data confidentiality, integrity, and availability. They maintain technical mechanisms that enable these controls.

Project Participation:

• IT security analysts participate in or lead projects assigned by the Chief Information Security Officer (CISO) to meet information security requirements. They collaborate with technical and business personnel to ensure secure solutions.
• Assisting in the design of new business tools and products, ensuring best practice and effective security principles are incorporated from the design of these systems.

We would love to see applicants who:

• Has expert knowledge of and experience with security tools / techniques.
• Knowledge of security architecture to enhance software development to include security-by-design principles.
• Utilisation of tools and technologies to conduct ethical hacking and penetration testing with a particular emphasis on custom developed web applications.
• Analysis of these test results and report on recommendations to rectify any vulnerabilities identified.
• Ensuring compliance to security standards within the business unit and within the organisation
• Consulting to projects in terms of identifying risks, vulnerabilities and controls for new developments.
• Identifying significant risks during the software development test cycle and implementing controls to mitigate these risks
• To research and assist in the implementation of security products within the organisation where appropriate.
• Perform functional and technical test analysis and testing (including regression) on security specific projects, incidents and work requests
• Weekly reporting on test progress
• To research and understand security best practices and how they are implemented in a corporate environment
• Maintain current knowledge of the Information Systems security industry’s emerging technologies.

Qualification AND Experience:

• IT Degree
• Preference to security qualification e.g., OPST, CISSP, CISM, Security+
• Professional Registrations

Additional Requirements

• Perform security review, with a specific focus on testing of major software components and their code, by utilisation of tools and technologies to conduct ethical hacking and penetration testing with a particular emphasis on custom developed web applications.
• Firewall knowledge and experience in firewall reviews and network design.
• Comply, understand and implement all steps for the IT Information Security Processes and Procedures and meet governance in terms of legislative and audit requirements.
• Analyse information security test results and report on recommendations to rectify any vulnerabilities identified and ensure compliance to security standards within the business unit and within the organisation.
• Contribute to the implementation, and maintenance of corporate-wide information security policies, programs, and standards. They ensure that security measures align with organizational goals.
• Perform risk assessments and technical vulnerability analyses. They identify process risks, weaknesses, and controls, making recommendations and plans to address vulnerabilities.
• Report on mitigating actions required to correct or remedy actions where necessary and inform IT Risk of any significant changes and risk situations.
• Consult to projects in terms of identifying risks, vulnerabilities and controls for new developments by researching and understanding security best practices and implementation of security products in a corporate environment.
• Perform Security Assessments on internal environments or external 3rd party environments, with the purpose of identifying shortcomings which introduce risk.

#Post
#FNB 
#LI-ML2
 

Job Details

Take note that applications will not be accepted on the below date and onwards, kindly submit applications ahead of the closing date indicated below.

15/11/24

All appointments will be made in line with FirstRand Group’s Employment Equity plan. The Bank supports the recruitment and advancement of individuals with disabilities. In order for us to fulfill this purpose, candidates can disclose their disability information on a voluntary basis. The Bank will keep this information confidential unless we are required by law to disclose this information to other parties.