Senior Security Engineer at Sanlam Group

• As a part of our platform engineering team, you’ll get to focus on guiding our engineering team to build enterprise-grade secure, resilient, highly available and scalable cloud-native applications and services to fulfil our product requirements. We are looking for a Security Engineer to put the Sec in DevSecOps. Our ideal candidate would understand the modern Cloud based landscape, but has experience in the traditional corporate arena and deliver reporting as part of a Business Information Security Officer with the support of the CIO and IT Governance Manager. Our benchmark is not what other financial services companies are doing, so we’re aiming for the stars. We use the latest technology to bring to life amazing client experiences.

What will you do?

• Be a security custodian of the Indie Platform running on AWS, this will entail ensuring a secure environment from both the infrastructure deployment and the code deployed to the environment
• Embedding of security related checks and policies in our DevSecOps processes 
• Lead Incident Response in cyber and security incidents 
• Support the engineering team with creating and monitoring policies and automated processes to ensure secure coding practices
• Assist the engineering team to identify opportunities for increasing application security and alerting them to new vulnerabilities
• Introduce innovation by staying abreast of DevSecOps and Cloud Security industry trends
• Partner with the engineering team and provide input on engineering design and architecture based on your knowledge of security best practices 
• Act as a thought leader and mentor to our DevSecOps team to ensure security is part of our DNA
• Implement comprehensive real-time monitoring across the entire platform and running applications with a focus on Cyber related event tracing
• Assist architectural team with strategy and critical thinking in how to best manage, monitor, report and optimize our stack
• Collaborate with the engineering and architecture team to ensure that designs and best practices are being implemented
• Monitor and report on the adoption, execution, and effectiveness of DevSecOps controls within the development environment

We'd love to meet you if...

• You have the ability to work on your own, sometimes spearheading a new direction with minimal guidance
• You are a Security Engineer with demonstrable experience in automation, CI/CD, Unix based systems and love scripting
• Experienced in architecting, securing and managing AWS, or other major cloud platforms
• You know how to optimise an application and SDLC process to improve security posture
• Experienced in securing sockets, RESTful, containerised, serverless, workflow and messaging based architectures
• Terraform experience a plus
• You have experience with Node.JS/Python/Bash
• Experience in Github and Azure DevOps a plus
• Critical thinker with the ability to communicate with all levels of stakeholder
• 5+ years of working experience related to Security Engineering.
• Security related certification desirable such as CCSP
• Have experience in providing reporting on policy compliance and conducting security risk assessments.

Personal Attributes

• Interpersonal savvy - Contributing through others
• Decision quality - Contributing through others
• Plans and aligns - Contributing through others
• Optimises work processes - Contributing through others

Core Competencies

• Cultivates innovation - Contributing through others
• Customer focus - Contributing through others
• Drives results - Contributing through others
• Collaborates - Contributing through others
• Being resilient - Contributing through others