The Cyber Security (Service Delivery & Professional Services) Division is looking for a Security Engineer to join their team. The successful incumbent will be responsible for the technical and operational requirements of continuous vulnerability management, the identification and assessment of information security risk, coordination with external stakeholders regarding remediation effectiveness and day-to-day activities of the Vulnerability Management of the team.

This includes network, system, and application vulnerability assessments, using manual and automated tools, on client systems including UNIX/Linux, Windows, Cloud services, virtualization environments, network devices, databases, applications, web servers and operational technology devices.

Summary of the Job

  • Implementation and support of Palo Alto Networks Firewalls solutions
  • Develop and maintain a Vulnerability Management Program for clients.
  • Own the vulnerability management process across on premise and cloud environments.
  • Apply knowledge of Cybersecurity engineering services related to Tenable.sc, Nessus, and related modules to support operationally viable continuous monitoring solutions.
  • Engage multiple stakeholders and leverage expertise to perform day-to-day activities required to operate the Tenable solution in an enterprise environment.
  • Troubleshoot technical issues and perform problem resolution regarding related incidents and service requests. Provide subject matter expertise on all Tenable components and modules.
  • Perform vulnerability assessment scans on a routine and ad-hoc basis against infrastructure and application assets.
  • Ensure vulnerabilities are identified and managed according to SLA and Compliance requirements.
  • Develops and maintains excellent operational practices related to vulnerability management.
  • Contributes to automation efforts in the detection, categorisation, reporting and tracking of identified vulnerabilities.
  • Collaborates with engineering teams to understand vulnerability management needs and assist with remediation and mitigation strategies.
  • Provides verbal and written reports on vulnerability risk to executive, business, and technical stakeholders.
  • Maintains current knowledge of the threat landscape including attacker tactics, techniques, and procedures.
  • Be part of the change control process accountable for vulnerability management.
  • Be aware of vendor related security notifications.
  • Develop and present vulnerability reports and dashboards to provide insight into existing vulnerabilities.
  • Prioritise findings based on risk and document detailed corrective and remediation plans/actions.
  • Monthly SLA reporting.
  • Remote support where necessary.
  • Standby duties (when required).

Qualifications and experience:

  • 3-5 years’ experience in IT/Cyber Security.
  • 2-3 years hands-on working experience with vulnerability management tools such as Tenable, Nessus, Qualys, Rapid7, Acunetix, ZAP, BurpSuite.
  • Well versed in vulnerability assessment and reporting, including comprehensive understanding of Vulnerability Management methodologies and procedures.
  • Implementing, managing, or governing security technologies, specifically vulnerability scanning tools (Tenable, Nessus, Qualys, or similar vulnerability scanning tools).
  • Knowledge of network and IT security systems development, architectures, and vulnerabilities.
  • Knowledge and experience working with the multiple operating systems (Windows, *nix, OSX, VMware, IOS and other infrastructure device OS).
  • Knowledge in performing Vulnerability Assessment on (Web + Mobile) App, Cloud Infrastructures.
  • Knowledge of scripting languages like Ruby, Python etc.
  • Experience of vulnerability remediation workflow and ticketing lifecycle.
  • Security regulatory requirements and standards (such as NIST 800 series, ITU, ITIL, PCI and ISO 27001).

The following certifications (or similar) will be an advantage

  • Network+
  • Security+
  • Tenable Certified Delivery Engineer (OT, IO, SC).
  • Tenable Certified MSSP SOC Analyst (OT, IO, SC).
  • Security domain related certifications such as CEH, OSCP, SANS GMON, GCIA, GCIH.

Closing Date

13 April 2022

Your application must include:

An updated CV, motivational letter and relevant certificates.