(916) Applications Security Specialist - BSTD

Brief description

The main purpose of this position is to facilitate and implement applications security throughout the system development life cycle to ensure secure, resilient and scalable applications for the South African Reserve Bank (SARB).

Detailed description

The successful candidate will be responsible for the following key performance areas:

• Conduct security assessments – including code reviews, vulnerability scans and penetration testing – to identify and remediate security vulnerabilities.
• Collaborate with development teams to integrate security best practice into the system development life cycle, including threat modelling, secure coding and security testing.
• Design and implement applications security controls, frameworks and policies to protect against emerging threats.
• Identify security risks and vulnerabilities, analyse the impact thereof, and engage relevant stakeholders (e.g. governance bodies and product owners) on relevant security solutions, driving and monitoring the implementation thereof to mitigate and remediate security vulnerabilities.
• Participate in applications security audits through the provision of relevant information, and respond to and address security-related audit findings to reduce the SARB’s threat landscape and improve its applications security posture.
• Participate in information technology (IT) security projects as the applications security subject-matter expert, ensuring compliance with security standards during each stage of the project development life cycle.
• Engage with the larger security community to acquire new information and adopt new security capabilities within the SARB’s IT security environment.
• Participate in the evaluation and implementation of security tools and technologies, including static and dynamic code analysis, vulnerability scanning and confidentiality management.
• Stay up to date with the latest security trends, vulnerabilities and attack techniques, and proactively apply this knowledge to improve the SARB’s security practices.
• Implement the security major incident response procedures during a security breach by investigating, reporting and providing recommendations to ensure the continuous improvement of security measures and avoid recurrence.
• Develop training material and deliver applications security training to all key stakeholders (including developers, testers and business analysts) in support of applications and integration security awareness campaigns.
• Present periodic reports and analytics pertaining to the security landscape surrounding the designated business applications.

Job requirements

To be considered for this position, candidates must be in possession of:

• a Bachelor’s degree in IT (NQF 7) or an equivalent qualification;
• a Certified Applications Security Engineer certification;
• a Certified Ethical Hacker certification; and
• at least 5–8 years’ experience in system development life cycle frameworks and solutions, of which at least 3 years in overall security governance best practice, frameworks and design, with hands-on experience with security tools such as DAST, SAST and SCA.

The following would be an added advantage:

• any additional security certifications, for example as a Certified Information Systems Security Professional, a Certified Secure Software Life Cycle Professional, an Offensive Security Certified Professional or a GIAC Web Application Penetration Tester.

Additional requirements include:

• knowledge and skill in;
• cybersecurity, governance risk and compliance;
• industry, organisational and business awareness;
• quality assurance;
• continuous improvement;
• continual learning and professional development;
• collaboration;
• system development life cycle design, testing and development;
• applications support and maintenance;
• cloud platforms (e.g. AWS, Azure, GCP) and their security features;
• scripting languages (e.g. Bash, Python) and automation frameworks;
• network security, encryption and identity management;
• IT enablement reporting; and
• problem-solving and analytical abilities.

In line with the SARB’s commitment to diversifying its workforce, preference will be given to suitable candidates from designated groups. People with disabilities are welcome to apply.

The SARB offers remuneration and benefits commensurate with the level of the position and in line with the market. The level at which the successful applicant will be appointed will depend on his/her competence and experience.

About SARB

 

Primary mandate of the SARB

 

Section 224 of the Constitution of South Africa states the mandate of the SARB as follows:

The primary object of the South African Reserve Bank is to protect the value of the currency in the interest of balanced and sustainable economic growth in the Republic.

The South African Reserve Bank, in support of its primary objective, must perform its functions independently and without fear, favour or prejudice.

 

WHAT WE DO

 

Monetary Policy

 

The Constitution gives the SARB the mandate to protect the value of the rand. We use interest rates to keep inflation low and steady.

 

Financial Stability

 

The SARB has a mandate to protect and enhance financial stability. We identify and mitigate systemic risks that might disrupt the financial system.

 

Prudential Regulation

 

The Prudential Authority regulates financial institutions and market infrastructures to promote and enhance their safety and soundness, and support financial stability.

 

Financial Markets

 

Open market operations are the main tool we use to implement monetary policy. We manage South Africa’s gold and foreign exchange reserves.

 

Financial Surveillance

 

The SARB is responsible for regulating cross-border transactions, preventing the abuse of the financial system and supporting the regulation of financial institutions.

 

Payments and Settlements

 

The SARB is responsible for ensuring the safety and soundness of the national payment system, which is the backbone of South Africa’s modern financial system.

 

Statistics

 

The SARB provides important economic and financial statistics that present an overview of the economic situation in South Africa.

 

Research

 

Research conducted by the SARB focuses on economics, financial stability, banking and emerging trends in finance. Our research supports policy decision-making.

Banknotes and Coin

 

The SARB has the sole right to make, issue and destroy banknotes and coin in South Africa.