• Responsible for managing and monitoring application security
o Define and manage a risk-based methodology for application security testing and validation.
o Perform internal application and service penetration testing according to the methodology.
o Coordinate external penetration testing where required.
o Help drive and validate remediation of findings.
o Consult with application development teams during projects and initiatives.
o Provide appsec reporting for operational security dashboards.
o Provide guidance via documentation and standards on application security practices.
• Responsible for improving application security
o Integrate security practices into the SDLC and DevSecOps under the guiding principle of ‘security by default’.
o Maintain and enhance the toolsets required for mature application security covering pen testing, secure coding, source code analysis and vulnerability management.
o Investigate new approaches, technologies and automation to mature appsec.
o Provide appsec training.
• Responsible for Red Teaming
o Work with the rest of the security operations team to proactively identify vulnerabilities and validate controls across the Woolworths environment.
o Support the team in responding to security incidents.
o Work with, and coordinate, external providers where and when relevant.
• Grade 12 and relevant degree/diploma (3 years)
• 3 years relevant experience in cyber security, up to 10 years in IT
• Hands on practical experience in application security and penetration testing
• Knowledge of devops / devsecops and the ability to integrate bug resolution into CI/CD processes
• Software development experience
• Relevant qualifications and certifications such as OSCP, OSWE, SANS and CREST
• Ability to script and automate processes
• Practical experience with the MITRE ATT&CK framework is advantageous
• May be required to assist outside of working hours
• Knowledge of Woolworths IT and cyber security landscape, including systemic understanding of key business linkages and dependencies
• Is aware of and responsive to internal and external events and influences on the technical landscape
• Ability to research technology-related concepts, trends and best practices, and apply findings
You have successfully created your alert.
You will receive an email when a new job matching your criteria is posted.
Your account has not been verified. Please use the verification link sent via email.Resend Verification Link