Application Security Engineer

Developer/Designer ~ IT Security
Cape Town – Western Cape – South Africa

Are you an experienced Application Security Engineer in Cape Town? We need you for a contract on a Hybrid basis. You must have a Bachelor’s Degree in Computer Science, Information Security, and 5 years’ experience in a similar application security role with 5 years of development experience with proficiency in C#, Java, and Python. Further you’ll need relevant information security certifications include CEH, OSCP, OSCE, LPT, and others. Knowledge and experience in international information security standards and personal data protection standards, such as ISO 27XXX, NIST, PCI DSS, and GDPR, are preferred. Knowledge and experience with information security standards and frameworks, such as OAuth, WS-Security, X.509, SSL/TLS, etc., are desirable. Experience in CTF or bug bounty programs, knowledge of DevSecOps practices and tools, and experience in web or mobile app development is a plus.
 
Type:  12-Month Contract
Salary:  Hourly rate highly negotiable
Area:  Hybrid in Cape Town
 
Responsibilities:
    • Collaborating with Developers and Operations Teams to ensure that security is integrated into every software development lifecycle (SDLC) stage. This involves guiding developers on secure coding practices, participating in code reviews to identify potential vulnerabilities, and advising on remediation strategies.  
    • Collaborate with operations teams to ensure that security measures are effectively implemented in production environments and help design and implement secure network architectures.
    • Security Reviews and Threat Modellingconducting security reviews to evaluate applications for potential vulnerabilities and non-compliance with security standards. Understanding the application’s architecture, identifying potential attack vectors, and devising strategies to mitigate these threats.  
    • Integrating Security Tools and Processes into the DevOps pipeline. This involves automating security checks and scans to identify and fix vulnerabilities early in the development process.  
    • Responding to Security Incidents in the event of a security incident or breach, assisting in the response and recovery process. This involves investigating the incident, identifying the cause, and implementing measures to prevent similar incidents in the future.  
    • Training and Awareness – raising awareness about application security within the comapny. This involves conducting training sessions for developers and other IT professionals on secure coding practices, security standards, and the latest security threats and countermeasures.  
    • Fostering a culture of security within the company, promoting the importance of security, encouraging the adoption of secure practices, and ensuring that security is considered at every level of the organisation.
 
Requirements:
    • A Bachelor’s degree in Computer Science, Information Security
    • 5 years experience in a similar application security role
    • 5 years of development experience with proficiency in C#, Java, and Python
    • Relevant information security certifications include CEH, OSCP, OSCE, LPT, and others.
    • Knowledge and experience in international information security standards and personal data protection standards, such as ISO 27XXX, NIST, PCI DSS, and GDPR, are preferred.
    • Knowledge and experience with information security standards and frameworks, such as OAuth, WS-Security, X.509, SSL/TLS, etc., are desirable.
    • Experience in CTF or bug bounty programs, knowledge of DevSecOps practices and tools, and experience in web or mobile app development is a plus.
 
Technical Skills
    • Proficiency in multiple programming languages
Expertise in various programming languages as an application security engineer. This includes writing code and a deep understanding of the complexities and security vulnerabilities inherent in different languages. Proficiency in Java, C#, Python, and Ruby is advantageous.
    • Knowledge of secure coding practices
Secure coding practices are a set of guidelines that developers follow to prevent vulnerabilities and security flaws in their code. These practices may include input validation, output encoding, and proper error handling.
    • Familiarity with security frameworks and standards
Knowledge of industry-standard frameworks and standards such as the OWASP Top 10, the CWE Top 25, and ISO 27001. You will use this knowledge to design and implement secure systems that meet industry expectations.
    • Understanding of web application architecture
Comprehensive understanding of how different components of the application work together and the potential security risks associated with each component. Such components include the server, client, and database interactions.
In-depth knowledge of different architectural patterns, such as the Model-View-Controller (MVC) and microservices.
    • Proficiency with security tools and technologies
These include static analysis tools, dynamic analysis tools, and penetration testing tools. Additional knowledge areas must include security technologies such as firewalls, intrusion detection systems, and encryption.