Junior Security Engineer, Durban
Junior Security Engineer, Durban
-
Durban, South Africa -
Last edited: a week ago
-
Save -
Share
Description
MANCOSA, a DHET registered and CHE accredited private higher education distance education provider, offering undergraduate and postgraduate business qualifications, has the following vacancy available
Core Purpose The Security Engineer will be responsible for designing and overseeing the ongoing maintenance and management of the organization’s security architecture, ensuring that it is aligned with global best practice (ISO27001, NIST or similar), business objectives, internal risk management strategies, and external regulatory compliance (POPIA, DHET, CHE among others).
This role requires developing secure infrastructures for both on‑premises and cloud environments (AWS, Azure, Microsoft 365, Google). The Security Engineer will collaborate with cross‑functional teams to integrate security into all aspects of IT infrastructure, applications, web applications, mobile applications, and networks while ensuring that security controls are in place for effective threat management, incident response, and business continuity.
In addition to technical expertise, the Security Engineer will play a critical role in driving governance, risk management, and security frameworks. This includes conducting regular cybersecurity assessments (technical and otherwise), designing remediation plans based on findings, and ensuring the organization’s security posture is continuously improved.
Core Functions Include 1. Design&Implementation of Security Engineer
Design and implementation of security architectures for cloud platforms (AWS, Microsoft 365, Azure) and on‑premises infrastructures.
Ensure that all systems, applications, and network environments are secure by design, integrating security controls into the entire lifecycle of infrastructure and application development (DevSecOps).
Collaborate with DevOps, IT, and business teams to ensure security requirements are embedded in technical implementations.
Security of cloud environments, including Identity and Access Management (IAM), encryption, and cloud monitoring solutions.
Provide guidance on best practices for securing cloud services, storage, and computing.
Implement security tools and practices such as multifactor authentication (MFA), zero‑trust architecture, and data encryption for cloud platforms.
3. Governance, Risk, and Compliance (GRC)
Develop and enforce security governance frameworks that align with industry best practices, regulatory requirements (POPIA), and internal risk management strategies.
Ensure that security controls are compliant with regulatory requirements and that governance processes are in place for continuous monitoring.
Collaborate with risk management teams to conduct risk assessments and prioritize mitigation efforts across the infrastructure.
Collaborate with internal and external audit teams to remediate audit findings.
4. Security Assessments&Vulnerability Management
Conduct regular security assessments, penetration testing, and vulnerability scanning across network, cloud, and application layers.
Design and lead the remediation of vulnerabilities identified in assessments, ensuring alignment with broader security governance and risk management strategies.
Continuously improve the security architecture based on assessments and evolving security threats.
5. SOC&SIEM Integration and Monitoring
Management of SIEM (Security Information and Event Management) solutions that align with the overall security architecture.
Ensure proper integration of monitoring tools to detect, analyse, and respond to security incidents in real time.
Collaborate with the Security Operations Centre (SOC) to enhance incident detection, analysis, and response workflows.
Develop periodic reports providing management with deep insights into the functioning of the Security Operations Centre.
6. Security Policies and Procedures Development
Development of security policies, standards, and procedures to support secure system architecture.
Regularly review and update security policies to align with technological advancements and regulatory changes.
Ensure that security procedures are well documented and integrated into daily operations and disaster recovery/business continuity plans.
7. Network Security&Data Protection
Implement and manage network security controls, including firewalls, intrusion detection/prevention systems (IDS/IPS), VPNs, and endpoint security solutions (EDR).
Ensure strong encryption, data loss prevention (DLP) solutions, and secure data transmission protocols are in place to safeguard sensitive data.
Collaborate with IT teams to ensure network segmentation, secure data flows, and access control measures.
8. Disaster Recovery&Business Continuity Planning
Collaborate with DR/BC teams to ensure that security measures are fully integrated into business continuity and disaster recovery plans.
Provide architectural oversight for systems and processes that support rapid recovery from cybersecurity incidents and natural disasters.
Conduct periodic reviews and tests of disaster recovery and business continuity plans to ensure they meet security standards.
Develop and maintain incident response plans and playbooks, ensuring that they are aligned with the overall security architecture.
Provide guidance and direction during major security incidents, ensuring timely response and minimal business disruption.
Collaborate with the incident response team to improve processes and ensure lessons learned are integrated into future security strategies.
Stay informed on emerging cybersecurity threats, trends, and technologies such as AI‑driven security, zero‑trust architectures, and quantum‑resistant encryption.
Integrate advanced technologies into the security architecture to improve the organization’s security posture.
Utilise threat intelligence data to proactively adjust security controls and stay ahead of potential risks.
11. Third‑party Risk Management
Assess the security architecture of third‑party vendors and partners to ensure they meet the organization’s security requirements.
Collaborate with the procurement and legal teams to enforce security standards for third‑party engagements.
Design secure integration strategies for third‑party services, ensuring that vendor risks are managed effectively.
12. Insider Threat Management
Design and implement strategies to detect and mitigate insider threats, including data loss prevention (DLP) measures.
Integrate insider threat management with broader risk and compliance frameworks, ensuring that threats are addressed proactively.
13. User Awareness Training&Education
Collaborate with the IT and HR departments to develop security training programs aimed at improving user awareness.
Ensure that all employees, especially IT and development teams, understand and follow security best practices as part of their daily activities.
Provide guidance on security aspects of emerging trends, such as social engineering and phishing attacks.
Skills&Qualifications
Advanced knowledge of cloud platforms (AWS, Microsoft 365, Azure) and security controls, as well as network, infrastructure, and application security.
Strong experience in designing and implementing security architectures for cloud, hybrid, and on‑premises environments.
In developing security governance frameworks, conducting risk assessments, and aligning security measures with business objectives and regulatory compliance (POPIA, GDPR).
Hands‑on experience in managing security incidents and leading incident response efforts, including the integration of security measures into DR/BC plans.
Experience with SIEM systems, intrusion detection systems, endpoint detection and response (EDR), data loss prevention (DLP), and vulnerability management tools.
Ability to communicate complex technical concepts to executive leadership, IT teams, and non‑technical stakeholders.
Certifications (Preferred) CISSP, CCSP, AWS Certified Security, Microsoft Certified Security, Compliance, and Identity, or other related security certifications.
Qualification (S)
Bachelor’s degree in computer science, Information Technology, or related field.
5 years of experience in security architecture or a related cybersecurity role.
Industry recognized certifications (e.g., CISSP, CCSP) preferred.
Experience
Strong problem‑solving skills with the ability to assess complex security challenges and design practical solutions.
Proactive mindset with a focus on continuous improvement of security controls and architecture.
Excellent collaboration skills to work across departments and with external partners to ensure secure integrations and operations.
#J-18808-Ljbffr
Core Purpose The Security Engineer will be responsible for designing and overseeing the ongoing maintenance and management of the organization’s security architecture, ensuring that it is aligned with global best practice (ISO27001, NIST or similar), business objectives, internal risk management strategies, and external regulatory compliance (POPIA, DHET, CHE among others).
This role requires developing secure infrastructures for both on‑premises and cloud environments (AWS, Azure, Microsoft 365, Google). The Security Engineer will collaborate with cross‑functional teams to integrate security into all aspects of IT infrastructure, applications, web applications, mobile applications, and networks while ensuring that security controls are in place for effective threat management, incident response, and business continuity.
In addition to technical expertise, the Security Engineer will play a critical role in driving governance, risk management, and security frameworks. This includes conducting regular cybersecurity assessments (technical and otherwise), designing remediation plans based on findings, and ensuring the organization’s security posture is continuously improved.
Core Functions Include 1. Design&Implementation of Security Engineer
Design and implementation of security architectures for cloud platforms (AWS, Microsoft 365, Azure) and on‑premises infrastructures.
Ensure that all systems, applications, and network environments are secure by design, integrating security controls into the entire lifecycle of infrastructure and application development (DevSecOps).
Collaborate with DevOps, IT, and business teams to ensure security requirements are embedded in technical implementations.
Security of cloud environments, including Identity and Access Management (IAM), encryption, and cloud monitoring solutions.
Provide guidance on best practices for securing cloud services, storage, and computing.
Implement security tools and practices such as multifactor authentication (MFA), zero‑trust architecture, and data encryption for cloud platforms.
3. Governance, Risk, and Compliance (GRC)
Develop and enforce security governance frameworks that align with industry best practices, regulatory requirements (POPIA), and internal risk management strategies.
Ensure that security controls are compliant with regulatory requirements and that governance processes are in place for continuous monitoring.
Collaborate with risk management teams to conduct risk assessments and prioritize mitigation efforts across the infrastructure.
Collaborate with internal and external audit teams to remediate audit findings.
4. Security Assessments&Vulnerability Management
Conduct regular security assessments, penetration testing, and vulnerability scanning across network, cloud, and application layers.
Design and lead the remediation of vulnerabilities identified in assessments, ensuring alignment with broader security governance and risk management strategies.
Continuously improve the security architecture based on assessments and evolving security threats.
5. SOC&SIEM Integration and Monitoring
Management of SIEM (Security Information and Event Management) solutions that align with the overall security architecture.
Ensure proper integration of monitoring tools to detect, analyse, and respond to security incidents in real time.
Collaborate with the Security Operations Centre (SOC) to enhance incident detection, analysis, and response workflows.
Develop periodic reports providing management with deep insights into the functioning of the Security Operations Centre.
6. Security Policies and Procedures Development
Development of security policies, standards, and procedures to support secure system architecture.
Regularly review and update security policies to align with technological advancements and regulatory changes.
Ensure that security procedures are well documented and integrated into daily operations and disaster recovery/business continuity plans.
7. Network Security&Data Protection
Implement and manage network security controls, including firewalls, intrusion detection/prevention systems (IDS/IPS), VPNs, and endpoint security solutions (EDR).
Ensure strong encryption, data loss prevention (DLP) solutions, and secure data transmission protocols are in place to safeguard sensitive data.
Collaborate with IT teams to ensure network segmentation, secure data flows, and access control measures.
8. Disaster Recovery&Business Continuity Planning
Collaborate with DR/BC teams to ensure that security measures are fully integrated into business continuity and disaster recovery plans.
Provide architectural oversight for systems and processes that support rapid recovery from cybersecurity incidents and natural disasters.
Conduct periodic reviews and tests of disaster recovery and business continuity plans to ensure they meet security standards.
Develop and maintain incident response plans and playbooks, ensuring that they are aligned with the overall security architecture.
Provide guidance and direction during major security incidents, ensuring timely response and minimal business disruption.
Collaborate with the incident response team to improve processes and ensure lessons learned are integrated into future security strategies.
Stay informed on emerging cybersecurity threats, trends, and technologies such as AI‑driven security, zero‑trust architectures, and quantum‑resistant encryption.
Integrate advanced technologies into the security architecture to improve the organization’s security posture.
Utilise threat intelligence data to proactively adjust security controls and stay ahead of potential risks.
11. Third‑party Risk Management
Assess the security architecture of third‑party vendors and partners to ensure they meet the organization’s security requirements.
Collaborate with the procurement and legal teams to enforce security standards for third‑party engagements.
Design secure integration strategies for third‑party services, ensuring that vendor risks are managed effectively.
12. Insider Threat Management
Design and implement strategies to detect and mitigate insider threats, including data loss prevention (DLP) measures.
Integrate insider threat management with broader risk and compliance frameworks, ensuring that threats are addressed proactively.
13. User Awareness Training&Education
Collaborate with the IT and HR departments to develop security training programs aimed at improving user awareness.
Ensure that all employees, especially IT and development teams, understand and follow security best practices as part of their daily activities.
Provide guidance on security aspects of emerging trends, such as social engineering and phishing attacks.
Skills&Qualifications
Advanced knowledge of cloud platforms (AWS, Microsoft 365, Azure) and security controls, as well as network, infrastructure, and application security.
Strong experience in designing and implementing security architectures for cloud, hybrid, and on‑premises environments.
In developing security governance frameworks, conducting risk assessments, and aligning security measures with business objectives and regulatory compliance (POPIA, GDPR).
Hands‑on experience in managing security incidents and leading incident response efforts, including the integration of security measures into DR/BC plans.
Experience with SIEM systems, intrusion detection systems, endpoint detection and response (EDR), data loss prevention (DLP), and vulnerability management tools.
Ability to communicate complex technical concepts to executive leadership, IT teams, and non‑technical stakeholders.
Certifications (Preferred) CISSP, CCSP, AWS Certified Security, Microsoft Certified Security, Compliance, and Identity, or other related security certifications.
Qualification (S)
Bachelor’s degree in computer science, Information Technology, or related field.
5 years of experience in security architecture or a related cybersecurity role.
Industry recognized certifications (e.g., CISSP, CCSP) preferred.
Experience
Strong problem‑solving skills with the ability to assess complex security challenges and design practical solutions.
Proactive mindset with a focus on continuous improvement of security controls and architecture.
Excellent collaboration skills to work across departments and with external partners to ensure secure integrations and operations.
#J-18808-Ljbffr
Highlights
-
Company nameMANCOSA -
Job positionJunior Security Engineer
-
Flag -
Block ad
Safety Tips
Be careful: if it seems too good to be true, it most likely is.
Related searches
More info about this ad
Junior Security Engineer has been posted in the Durban Engineering category on Locanto.
Why not check out other ads in this category, such as Laboratory Manager, Potgietersrus, Laboratory Technician, Durban or Quality Engineer (Quality Department Automotive Industry) in Durban. Right now, there are 80 classified ads in Engineering in Durban on Locanto.
There are more ads within a 15 km radius for this category. If you want to view those ads, click here.
