IT Security Specialist

Cape TownThe company security team is looking for a Red Team member to expand our security coverage.You will be on a team responsible for the continuous assessments of the technologies in use within the business making use of various TTP’s (Tools, Techniques and Procedures) to ensure that they are secure.A successful candidate will need a combination of troubleshooting, technical, and communication skills, as well as the ability to handle a mix of complex decisions.You would need to have the ability to take a long-term view of the company security posture to proactively fix architectural deficiencies. Qualifications:4+ years’ experience in software security.Bachelors’ degree in Computer Science or similar field or equivalent work experience is desirableRole relevant qualifications, i.e., Security Testing.3+ years of proficiency in at least 1 scripting programming language, familiarity with Java, and familiarity with Python Requirements:Passionate about internet security issues and the threat landscape for popular software & servicesCandidate must possess good oral and written communication skills.Experience with the design and implementation of technical security controls.Experience performing or supporting Red Team engagements with an understanding of a holistic assessmentExperience with full-stack (Linux / Unix) software architectures from UI to infrastructure.Experience with serverless architectures, and common virtualization techniques (hypervisors/containers/jails) and escapes/exploits from these environments.Experience with micro-service, API-based agent, or service-oriented software architectures.Operations experience with CI/CD development or managing distributed systemsWeb service assessment experience with authentication controls, session management, access controls, logic flaws, injection vulnerabilities, request smuggling, cloud privilege escalation, DOS attacks Responsibilities:Contribute to the design, implementation, and execution of security review and test methodologies for the testing of the company services. Ensuring remediation of risks by partnering with service teams.Perform a rolling security review across the estate by penetration testing and red teaming on production systemsScope and perform real-life attack scenarios to test and measure the company detection capability and at the same time determine detection thresholds, silent to noisy.Work with development teams across the company to create comprehensive security tooling and functional improvements at scale.Assist with Incident Response if and when called upon and validate that detective and preventative technology approaches work on the newest threats.Be a mentor for other members in the team