About the job
Your time is now to be your exceptional best at Old Mutual!
DevSecOps Engineer will be responsible for implementing and maintaining a comprehensive DevSecOps Security Program.
The candidate will fit in best with the company culture if they value honesty, integrity, reliability, and can interact, communicate with, and share knowledge with colleagues at all levels, whilst treating them with the utmost respect and professionalism
Key Result Areas
- Implement a comprehensive DevSecOps security program to protect applications and supporting infrastructure from both internal and external threats.
- Embed the use of self-service and automated security testing into the DevOps/Software Development Lifecycle.
- Define rules and policies for all CI/CD Pipeline security tools and platform security tools
- Establish strong governance and assurance controls and processes to continuously measure and improve coverage and operating effectiveness of controls
- Conduct reviews of applications, systems, underlying infrastructure, and related processes relating to software development practices.
- Facilitate the use of secure architectural patterns and work with the security engineers to translate these patterns into line of business secure builds.
- Assist in documenting and tracking security findings into a formal risk register. Provide the necessary information to support any deviation to IT Security policies and standards.
- Establish a threat modelling architecture that is measurable and relatable to business to increase maturity on software development practices.
- Collaborate with feature teams, product owners, architecture, IT, business, vendors and other stakeholders to investigate development activities.
- Establish relevant metrics and produce risk reports for stakeholders highlighting key risks, threats, incidents progress and status to assist in decision making.
- Bachelor’s or Master’s degree in Technology related field. Information Systems Security degree will be a plus.
- 3 to 5 years of Technology experience and out of which a minimum of 1 year in a DevSecOps role
- Experience in managing DevSecOps in banking and financial services industry will be a big plus
- Experience in implementing and automating cybersecurity controls for CI/CD pipelines
- Professional security certifications, such as CSSLP and CISSP
- Strong knowledge of vulnerability & threat management
- Knowledge of Python and Dart languages will be a plus
The appointment will be made from the designated group in line with the Employment Equity Plan of Old Mutual South Africa and the specific business unit.
17 March 2023
Old Mutual Limited is pro-vaccination and encourages its workforce to be fully vaccinated against Covid-19.
All prospective employees are required to disclose their vaccination status as part of the recruitment process.
Please refer to the Old Mutual’s Covid-19 vaccination policy for further detail. Kindly note that Old Mutual reserves the right to reinstate the requirement to vaccinate at any point if it is of the view that it is imperative to do so.