Security Engineer

About Discovery
Discovery's core purpose is to make people healthier and to enhance and protect their lives. We seek out and invest in exceptional individuals who understand and support our core purpose, and whose own values align with those of Discovery. Our fast-paced and dynamic environment enables smart, self-driven people to be their best. As global thought leaders, Discovery is passionate about innovating in order to not only achieve financial success, but to ignite positive and meaningful change within our society.

About Discovery Bank
We're the world's first behavioural bank, designed with our clients in mind. We haven't changed just one thing, we've changed everything. Our main goal is to improve the financial health of our clients by helping change how they work with their money. Through Vitality Money, our clients will learn more about what it means to be financially healthy and get rewarded for managing their money well. If you are a problem solver, always questioning the way things are done, passionate about doing what is right, have the ability to change direction quickly when needed and / or love to dazzle your clients, Discovery Bank, has a job where you can be yourself and your best in an environment that is safe and nurturing.

Job Purpose
The Security Engineer is responsible for designing and building security solutions for Discovery Bank. The incumbent will develop and integrate security solutions for application systems, projects and applied technologies, also solving for technical problems and challenges that arise. The Security Engineer is also responsible for overseeing and conducting penetration tests within the Discovery Bank environment.

Areas of responsibility may include but not limited to

• Acquiring a detailed understanding of business processes and applications.
• Translating technology and environmental conditions (business, legal and regulatory requirements) into the security design for applications and business processes.
• Proactively engaging in all stages of the development lifecycle to ensure that solutions are securely designed, built, verified, deployed and maintained.
• Create and implement penetration testing methods, scripts and tools.
• Check for gaps in security that could occur and advise on best practice to minimise risk
• Perform risk and threat modelling as part of security assessments and solution design
• Participate in resolution of incidents in order to engineer requisite solutions.
• Deliver report, papers and track issues to resolution.
• Define, implement and maintain security policy and security standards.
• Evaluate new technologies and processes that enhance security capabilities for the bank.
• Collaborate with colleagues on and provide thought leadership on security topics e.g. authorisation, authentication, encryption, integration solutions, etc.

Personal Attributes And Skills

• Values driven.
• Facilitation and conflict resolution capabilities, and builds working relationships.
• Problem solving and analytical capabilities.
• Excellent written and verbal communication skills, with the ability to convey technical detail in clear and concise manner.
• Ability to work under time constraints with minimal supervision in an agile environment.
• Looks for ways to optimise and automate solutions and testing in continuous integration/development and deployment environments.
• Willingness to both issue and accept challenges to analytical problems.
• Knowledge of Banking products, processes and systems is an advantage.

Education And Experience

• Bachelor of Science degree in computer/electronic engineering or software programming.
• At least 3-5 years' experience software development/engineering within banking or financial institutions.
• Experience with popular programming languages and frameworks e.g. Javascript, Node, Java, Spring, .Net, etc.
• Experience with integration protocols and technologies e.g. SOAP, REST, JSON, XML, etc.
• Solid understanding of cloud, virtualisation and containerisation security.
• Solid understanding of modern federated authentication and authorization frameworks e.g. SAML, OIDC, ADFS, OAuth2, etc.
• Working experience with network security and mainstream operating systems e.g. Linux, Windows, etc.
• Working knowledge of data protection best practices (at rest, in flight and in use).
• Experience with encryption protocols, technologies and techniques.
• Experience working with product teams specifying secure application requirements.
• Certifications advantages CISSP, CEH, ISACA CRISC/CISM, CISSP-ISSAP, CISSP-CSSLP, CSK, CCSP, etc.
• Working knowledge of security penetration methods and tools
• Knowledge of SAP security, micro-services & API security is considered an advantage.
• Working knowledge of tools such as log management and log analytics tools e.g. splunk is advantageous.
• Experience building monitoring dashboards and management reporting is considered advantageous.

EMPLOYMENT EQUITY

The Company's approved Employment Equity Plan and Targets will be considered as part of the recruitment process. As an Equal Opportunities employer, we actively encourage and welcome people with various disabilities to apply.