Information Security Manager - Cape Town
Salary Negotiable
Cape Town,
Western Cape
more than 14 days ago
Our client, a fast-growing company based in Cape Town, seeks an experienced Information Security Manager to design security guidelines and controls to enforce security on web based application using Threat Modelling, Threat Profiling, OWASP Top Ten Testing, Black Box Testing, and Source Code Reviews. Your 8 – 12 years information security experience is highly sought after by our Client.
Salary: R500K – R550K per annum + benefits
Location: Cape Town
Primary Responsibility:
Designing security guidelines and controls to enforce security on web based application using Threat Modelling, Threat Profiling, OWASP Top Ten Testing, Black Box Testing, and Source Code Reviews.
Facilitate external VA/PT audits, Application Security Audits, customer audits, and actively project-manage the remediation of audit findings.
Minimum requirements:
• 8 – 12 years information security experience
• Minimum Graduation (Science and Engineering Background Only)
• One or more of the following certifications: CSSLP,CISSP/CEH/SANS
• Clear Criminal Record and ITC
Main Duties:
• Performing security testing of web applications, networks and source code reviews using Risk based approach Conducting VAPT, Source code audits, Infrastructure reviews
• Conducting security assessments on a wide variety of business applications in the areas of Ecommerce Finance, Insurance, Utilites, Transportation etc..
• Performing Application Threat Modeling and Threat profiling based on Hackers Interest areas. Performing source code reviews of multiple critical applications on different platforms and technologies. Knowledgeable in Platforms: o Secure J2EE Programming o Secure .NET Programming o Secure PHP Programming
• Programming languages: Java, Perl, SQL, C and C++
• Conducting a configuration audit of multiple platforms including Windows, Linux, AIX, Solaris, Oracle and MSSQL databases, Apache and IIS web servers, IIS, Cisco IOS, Cisco Pix Firewall, DHCP Server, Microsoft Exchange Server etc…
• Analyzing security of the network & wireless Infrastructure. Performing external as well as Internal penetration testing of Internet-facing servers using tools like Burp suite,Nmap,Nessus,Metasploit and performed black box and grey box testing on internally hosted Web applications.
• Performing Vulnerability on Windows 2003,2008 R2,Domain Controllers,Linux,Oracle,SQL database servers.
• Auditing the Firewall Rule base of multiple firewalls including but not limited to Fortigate, Checkpoint, Cisco Juniper, Microsoft ASA, Microsoft TMG etc….
• Conducting trainings and awareness sessions in the domain of web application security and secure coding practices.
Performance Parameters:
Maturity of Secure Development of Application (SDLC process)
o Secure Software Requirements - capturing security requirements in the requirements gathering phase o Secure Software Design - translating security requirements into application design element
o Secure Software Implementation/Coding - unit testing for security functionality and resiliency to attack, and developing secure code and exploit mitigation
o Secure Software Testing - integrated QA testing for security functionality and resiliency to attack o Software Acceptance - security implication in the software acceptance phase
o Software Deployment, Operations, Maintenance and Disposal - security issues around steady state operations and management of software
Compliance to Information Security policies, standards and processes
Client relationship management (facilitate external audits, PCIDSS,ISO 27001, customer audits
Salary: R500K – R550K per annum + benefits
Location: Cape Town
Primary Responsibility:
Designing security guidelines and controls to enforce security on web based application using Threat Modelling, Threat Profiling, OWASP Top Ten Testing, Black Box Testing, and Source Code Reviews.
Facilitate external VA/PT audits, Application Security Audits, customer audits, and actively project-manage the remediation of audit findings.
Minimum requirements:
• 8 – 12 years information security experience
• Minimum Graduation (Science and Engineering Background Only)
• One or more of the following certifications: CSSLP,CISSP/CEH/SANS
• Clear Criminal Record and ITC
Main Duties:
• Performing security testing of web applications, networks and source code reviews using Risk based approach Conducting VAPT, Source code audits, Infrastructure reviews
• Conducting security assessments on a wide variety of business applications in the areas of Ecommerce Finance, Insurance, Utilites, Transportation etc..
• Performing Application Threat Modeling and Threat profiling based on Hackers Interest areas. Performing source code reviews of multiple critical applications on different platforms and technologies. Knowledgeable in Platforms: o Secure J2EE Programming o Secure .NET Programming o Secure PHP Programming
• Programming languages: Java, Perl, SQL, C and C++
• Conducting a configuration audit of multiple platforms including Windows, Linux, AIX, Solaris, Oracle and MSSQL databases, Apache and IIS web servers, IIS, Cisco IOS, Cisco Pix Firewall, DHCP Server, Microsoft Exchange Server etc…
• Analyzing security of the network & wireless Infrastructure. Performing external as well as Internal penetration testing of Internet-facing servers using tools like Burp suite,Nmap,Nessus,Metasploit and performed black box and grey box testing on internally hosted Web applications.
• Performing Vulnerability on Windows 2003,2008 R2,Domain Controllers,Linux,Oracle,SQL database servers.
• Auditing the Firewall Rule base of multiple firewalls including but not limited to Fortigate, Checkpoint, Cisco Juniper, Microsoft ASA, Microsoft TMG etc….
• Conducting trainings and awareness sessions in the domain of web application security and secure coding practices.
Performance Parameters:
Maturity of Secure Development of Application (SDLC process)
o Secure Software Requirements - capturing security requirements in the requirements gathering phase o Secure Software Design - translating security requirements into application design element
o Secure Software Implementation/Coding - unit testing for security functionality and resiliency to attack, and developing secure code and exploit mitigation
o Secure Software Testing - integrated QA testing for security functionality and resiliency to attack o Software Acceptance - security implication in the software acceptance phase
o Software Deployment, Operations, Maintenance and Disposal - security issues around steady state operations and management of software
Compliance to Information Security policies, standards and processes
Client relationship management (facilitate external audits, PCIDSS,ISO 27001, customer audits
Recruiter: Black Pen Recruitment