Provide security analysis and design input as a member of the Security Engineering team with a focus on establishing the security enablers required by the product engineering community as well as tactical support for teams when needed. The Security Engineering team needs a security analyst, much like an LSC, who can provide specialized input into the efforts of the team as we establish the enablers we need to improve our cyber security posture.


  1. Participate in threat modelling exercises with product engineering teams.
  2. Document threat mitigation patterns that are feasible within the current environment.
  3. Design of new mitigation patterns where gaps are identified.
  4. Identity security misconfigurations in IT infrastructure e.g. databases, queues, web servers
  5. Establish secure default configurations for IT infrastructure.
  6. Select security training material for the Security Champions and product engineering teams.
  7. Participate in security training, such as Capture The Flag exercises and walkthroughs
  8. Development of security code review guidelines.
  9. Development of appropriate access governance controls within the development environment to promote uphold the principles of least privilege and segregation of duties.
  10. Input into the evolution of clients security standards.
  11. Client/Customer:
  12. Provide support and contribute to a culture of customer service excellence that meets and exceeds exceptional service.
  13. Build relationship with customers that contribute to a culture of customer service excellence.
  14. Conduct: Ensure that all activities and duties are carried out in full compliance with regulatory requirements, Enterprise Wide Risk Management Framework and internal Policies and Policy Standards
  15. Finance: Contribute to the effective reduction of cost and financial wastage in line with organisational policies and procedures.
  16. Learning and Growth: Participate in forums that positively contributes to knowledge improvement.
  17. Provide advice and support in the management of change and offer operational support where required


  1. IT related degree / certificate or equivalent experience
  2. Relevant qualification e.g. CISSP/OSCP/CEH/Security+
  3. Min 5 years relevant experience
  4. Solid experience in information security
  5. Familiarity with application and network security concepts
  6. Broad understanding of hosting and cloud environments
  7. Understanding of development frameworks
  8. Broad understanding of SIEM & Defensive Technologies
  9. Strong Unix, Windows and networking security skills
  10. Experience developing custom scripts or tools used for vulnerability scanning and identification
  11. Excellent communication skills
  12. System hardening to eliminate vulnerabilities and reduce attack surface area
  13. Threat modeling with development teams
  14. Security testing using offensive security testing / ethical hacking techniques
  15. Programming / software development

[ninja_form id=’1075′]