Cyber Security Specialist: Red Team

Main PurposeWe are searching for an energetic, output-driven red teamer to support the execution of the cyber security strategy and roadmap with a primary focus on red teaming, purple teaming and DevSecOps. You’ll be assisting the red team in their efforts to defend Woolworths against various cyber threats by helping mature our ability to test, validate and improve controls. This includes penetration testing and helping maturing DevSecOps and application security. This is a technical role requiring practical experience in penetration testing, red teaming, SDLC security and DevOps. The role also requires good people skills to effectively interact and communicate with various stakeholders across Woolworths.If You Join Us, You’ll Do A Lot Of / Key ResponsibilitiesWork with the rest of the security operations team to proactively identify vulnerabilities and validate controls across the Woolworths environment.Support the team in responding to security incidents.Work with, and coordinate, external providers where and when relevant.Assist with maturing the red and purple teaming maturity, leveraging technology and automation with the goal of continual control validation.Integrate security practices into the SDLC and DevSecOps under the guiding principles of ‘shift left’ and ‘security by default’.Provide expert guidance on, and where relevant maintain and enhance the toolsets required for mature application security covering pen testing, secure coding, source code analysis and vulnerability management.Investigate new approaches, technologies, and automation to mature AppSec.Assist with AppSec training.Assist with managing a risk-based methodology for application and infrastructure penetration testing.Provide application and infrastructure penetration testing according to the methodology and where relevant, in line with compliance requirements (e.g., PCI).Help drive and validate remediation of findings.Consult with application development teams during projects and initiatives.Provide AppSec reporting for operational security dashboards.Provide application security guidance via documentation, standards, and collaboration.What You’ll Need / Job RequirementsMandatoryGrade 12 and relevant degree/diploma/certifications3+ years relevant experience in cyber security, up to 10 years in IT Hands on practical experience in application security and penetration testingExperience in DevOps / DevSecOps and the ability to integrate security into the CI/CD processesBonus If You Have / AdvantageousSoftware development experienceRelevant qualifications and certifications such as OSCP, OSWE, SANS and CRESTPractical experience with the MITRE ATT&CK framework is advantageousAbility to script and automate processesMay be required to assist outside of working hoursIf you are interested in the above position please send your CV to RecruitmentITS@Woolworths.co.za, clearly stating the job you are applying for as well as the reference number of the job.