Specialist Application Security

Empowering Africa’s tomorrow, together…one story at a time.

With over 100 years of rich history and strongly positioned as a local bank with regional and international expertise, a career with our family offers the opportunity to be part of this exciting growth journey, to reset our future and shape our destiny as a proudly African group.

Job Summary

To provide specialist advice & support in the development & implementation of IT security service delivery processes, methods and techniques enabling secure management & control of IT access, in alignment with governance requirements.

Job Description

Overall Job Purpose

The Application Security Specialist position is responsible for providing technical expertise in securing software applications across the organization. This role involves implementing security policies, conducting security assessments, and working closely with development teams to ensure applications are designed and maintained with robust security measures.

Key Accountabilities

• Technical implementation of application security initiatives, ensuring alignment with organizational security strategy
• Design and implement security controls throughout the software development lifecycle (SDLC)
• Conduct detailed threat modeling and risk assessments for critical applications
• Perform advanced code reviews, penetration testing, and vulnerability assessments
• Deliver application security training and mentor junior team members
• Monitor emerging threats and vulnerabilities, recommending appropriate security measures
• Collaborate with development and operations teams to embed security in the SDLC
• Provide technical guidance and mentorship to application security team members
• Implement and maintain container security policies and best practices
• Assess and enhance security measures for containerized applications
• Review and secure cloud-native application architectures

Required Education & Certifications

• Bachelor's degree in Computer Science, Information Security, or related field
• Industry certifications such as:
  • CISSP (Certified Information Systems Security Professional)
  • CSSLP (Certified Secure Software Lifecycle Professional)
  • GWAPT (GIAC Web Application Penetration Tester)
  • OSCP (Offensive Security Certified Professional)
  • CKS (Certified Kubernetes Security Specialist) preferred
  • Cloud Security certifications (AWS Security, Azure Security, or GCP Security) preferred

Experience

• 3+ years' experience in information technology or related field
• 3+ years' specific experience in application security
• 1+ years' experience with container technologies (Docker, Kubernetes)
• 1+ years' experience with major cloud platforms (AWS, Azure, or GCP)
• Demonstrated experience securing containerized applications and microservices architectures

Technical Skills & Knowledge

• Secure Coding: Expert knowledge of secure coding practices and techniques to prevent common vulnerabilities
• Security Testing: Advanced experience with SAST, DAST, and IAST methodologies
• Threat Modeling: Strong capability in identifying threats and developing mitigation strategies
• Vulnerability Management: Expertise in managing and remediating security vulnerabilities
• Cloud Security: Strong understanding of cloud security principles and architectures (IaaS, PaaS, SaaS)
• Container Security: Expert knowledge of:
  • Container security best practices and hardening techniques
  • Container image scanning and vulnerability management
  • Kubernetes security controls and policies
  • Runtime container security monitoring
  • Container networking security
• Cloud Technologies: Proficiency in:
  • Cloud-native security controls and services
  • Infrastructure as Code (IaC) security
  • Serverless security
  • Cloud security posture management
• DevSecOps: Experience integrating security into CI/CD pipelines
• Security Frameworks: In-depth knowledge of OWASP, NIST, and ISO 27001
• Programming: Proficiency in relevant programming languages (Python, Java, JavaScript)

Technical Competencies

• Application Security Architecture
• Access Controls
• Cloud Security
• Container Security Architecture
• Cyber Resilience
• Communications Security
• DevSecOps Implementation
• Security Testing & Assessment
• Cloud-Native Security Controls
• Container Orchestration Security

Key Success Factors

• Successful implementation of application security programs
• Reduction in security vulnerabilities and incident rates
• Effective collaboration with development teams
• Timely completion of security assessments and remediation
• Successful implementation of container security controls
• Effective security management of cloud-native applications

Education

Bachelor`s Degrees and Advanced Diplomas: Physical, Mathematical, Computer and Life Sciences (Required)

Absa Bank Limited is an equal opportunity, affirmative action employer. In compliance with the Employment Equity Act 55 of 1998, preference will be given to suitable candidates from designated groups whose appointments will contribute towards achievement of equitable demographic representation of our workforce profile and add to the diversity of the Bank.

Absa Bank Limited reserves the right not to make an appointment to the post as advertised