Engineer, Cyber Security at Standard Bank Group

Job Purpose 

To provide expert professional knowledge and technical skills within a specialist area. To execute the bank's information security initiatives, enabling management to make the appropriate decisions and monitoring the protection of sensitive data and systems.

Key Deliverables 

• Act as a trusted adviser for information security across the Group and stakeholders.
• Adhere to and implement the relevant technology standards developed by the wider IT Function.
• Adhere to Group minimum standards for vendor selection and participate in the selection of the most appropriate vendor with required expertise.
• Build and develop relationships across the different internal IT teams and with various stakeholders so that the business unit remains involved and aware of internal developments.
• Consider various attack scenarios and identify appropriate controls, by working with architects and software engineers to specify how information security technologies should be implemented.
• Continually review system operations, updating and amending processes and products to mitigate risks as identified and discovered to minimise future incidents.
• Contribute inputs to the setting of reliable and realistic targets and budgets.
• Contribute to detection and response maturity by recommending security operation centre control improvements.
• Contribute to the process of digitising and/ or automating of standard operating procedures indicated to contain security risks and optimise efficiencies.
• Contribute to the review of detection rules, assessing false positives and improve efficacy of detection rules and minimise future false positives.
• Create and implement standard/ default detection rules as requested by business areas, requesting support as required.
• Design, scope, execute and document threat hunts to determine if malicious activity exists within the environment, notify the incident response team as appropriate.
• Implement and operate pro-active monitoring and maintenance support activities to ensure confidentiality, integrity and availability of services and underlying platforms to minimise information security incidents in accordance with the bank's risk appetite.
• Minimise the spend on Information Security where possible, exercising financial prudence.
• Participate in and contribute to the automation and/ or integration of repeatable tasks, by building technical control capabilities and maturing their operational effectiveness.
• Participate in post incident analysis, identify control weaknesses and include remediations in planning and scoping activities, requesting support from more senior team members when required.
• Prototype and pilot proposed information security solutions or capabilities to identify viability of new developments.
• Provide ad-hoc advice, assistance, coaching and/ or mentoring to team mates so that their developmental needs are identified and met.
• Provide input into operational plans and the practical application thereof, and ensure that operational plans are clearly articulated and are understood.
• Provide insight into the design, management and implementation of relevant policies, processes and systems in order to facilitate the management of risks.
• Represent the business area in various projects and working groups to positively influence the project outcomes, considering information security goals and requirements.
• Review both commercial and open source tools to enhance Standard Banks security testing labs.

QUALIFICATIONS

Minimum Qualifications

• Type of Qualification: First Degree
• Field of Study: Information Technology

Experience Required
Software Engineering
Technology
1-2 years
Proven experience in risk management

3-4 years
Proven experience in software and integration development, databases, operating systems, and network security controls , as well as technical and business management.

ADDITIONAL INFORMATION

Behavioral Competencies:

• Adopting Practical Approaches
• Articulating Information
• Developing Strategies
• Embracing Change
• Exploring Possibilities
• Generating Ideas
• Interpreting Data
• Making Decisions
• Meeting Timescales
• Producing Output
• Providing Insights
• Team Working

Technical Competencies:

• Data Analysis
• Debugging and Fixing Software
• Design Patterns
• Software Development Life Cycle (SDLC) methodologies & Tools
• Systems Patterns Integration
• Technical Analysis
• Use of Build and Test Automation
• Write Code