Job Description

Security Engineer

About Discovery

Discovery’s core purpose is to make people healthier and to enhance and protect their lives. We seek out and invest in exceptional individuals who understand and support our core purpose, and whose own values align with those of Discovery. Our fast-paced and dynamic environment enables smart, self-driven people to be their best. As global thought leaders, Discovery is passionate about innovating in order to not only achieve financial success, but to ignite positive and meaningful change within our society.

About Discovery Bank

We're the world's first behavioural bank, designed with our clients in mind. We haven't changed just one thing, we've changed everything. Our main goal is to improve the financial health of our clients by helping change how they work with their money. Through Vitality Money, our clients will learn more about what it means to be financially healthy and get rewarded for managing their money well. If you are a problem solver, always questioning the way things are done, passionate about doing what is right, have the ability to change direction quickly when needed and / or love to dazzle your clients, Discovery Bank, has a job where you can be yourself and your best in an environment that is safe and nurturing.

Job Purpose

The Security Engineer is responsible for designing, building and testing security solutions for Discovery Bank. The incumbent will develop and integrate security solutions for application systems, projects and applied technologies, also solving for technical problems and challenges that arise. The Security Engineer is also responsible for overseeing and conducting penetration tests within the Discovery Bank environment.

Areas of responsibility may include but not limited to

• Work across mobile apps, backend APIs and supporting systems to design, build and test security controls.
• Design and build internal tools to automate testing and conduct security reviews.
• Apply OWASP standards to identify risks and vulnerabilities within various systems.
• Use tools like Postman and mobile debugging frameworks to evaluate security controls and perform penetration testing.
• Acquiring a detailed understanding of business processes and applications.
• Translating technology and environmental conditions (business, legal and regulatory requirements) into the security design for applications and business processes.
• Proactively engaging in all stages of the development lifecycle to ensure that solutions are securely designed, built, verified, deployed and maintained.
• Check for gaps in security that could occur and advise on best practice to minimise risk
• Perform risk and threat modelling as part of security assessments and solution design.
• Participate in resolution of incidents in order to engineer requisite solutions.
• Deliver, report and track security issues to resolution.
• Define, implement and maintain security policy and security standards.
• Evaluate new technologies and processes that enhance security capabilities for the bank.
• Collaborate with colleagues on and provide thought leadership on security topics e.g. authorisation, authentication, encryption, integration solutions, etc.

Personal Attributes and Skills

• Values driven.
• Facilitation and conflict resolution capabilities, and builds working relationships.
• Problem solving and analytical capabilities.
• Excellent written and verbal communication skills, with the ability to convey technical detail in clear and concise manner.
• Ability to work under time constraints with minimal supervision in an agile environment.
• Looks for ways to optimise and automate solutions and testing in continuous integration/development and deployment environments.
• Willingness to both issue and accept challenges to analytical problems.
• Knowledge of Banking products, processes and systems is an advantage.

Education and Experience

• Bachelors of Science degree in computer/electronic engineering or software programming background.
• At least 3-5 years’ experience with software development/engineering within banking or financial institutions.
• Experience with popular programming languages and frameworks e.g. Javascript, Node, Java, Spring, .Net, etc.
• Experience with integration protocols and technologies e.g. SOAP, REST, JSON, XML, etc.
• Solid understanding of cloud, virtualisation and containerisation security would be advantageous.
• Solid understanding of modern federated authentication and authorization frameworks e.g. SAML, OIDC, ADFS, OAuth2, etc.
• Working knowledge of data protection best practices (at rest, in flight and in use).
• Experience with encryption protocols, technologies and techniques.
• Experience working with product teams specifying secure application requirements.
• Certifications advantages CISSP, CEH, ISACA CRISC/CISM, CISSP-ISSAP, CISSP-CSSLP, CSK, CCSP, etc.
• Working knowledge of security penetration methods and tools.
• Knowledge of SAP security, micro-services & API security is considered an advantage.
• Working knowledge of tools such as log management and log analytics tools e.g. Splunk is advantageous.

EMPLOYMENT EQUITY

The Company’s approved Employment Equity Plan and Targets will be considered as part of the recruitment process. As an Equal Opportunities employer, we actively encourage and welcome people with various disabilities to apply.