Analyst, Vulnerability Management - Security Cyber

Company Description

Standard Bank Group is a leading Africa-focused financial services group, and an innovative player on the global stage, that offers a variety of career-enhancing opportunities – plus the chance to work alongside some of the sector’s most talented, motivated professionals. Our clients range from individuals, to businesses of all sizes, high net worth families and large multinational corporates and institutions. We’re passionate about creating growth in Africa. Bringing true, meaningful value to our clients and the communities we serve and creating a real sense of purpose for you.

Job Description

To provide expert professional knowledge and technical skills within a specialist area. To execute the bank's information security initiatives, enabling management to make the appropriate decisions and monitoring the protection of sensitive data and systems.

Qualifications

•  A degree in Information Technology
• 5-7 years Experience in risk management and identifying mitigating strategies and plans
• 5-7 years Strong IT understanding, gaining insight into digital and platform operating models and cyber security trends and solutions
• 8-10 years Experience in technical and business management; databases, operating systems, and network security controls

Additional Information

Behavioral Competencies:

• Adopting Practical Approaches
• Articulating Information
• Interpreting Data
• Making Decisions
• Producing Output
• Providing Insights

Technical Competencies:

• Research and keep up to date on application security threats and vulnerabilities, tools, techniques and procedures, trends, and mitigation strategies.
• Working knowledge of OWASP, the MITRE ATT&CK framework, SANS, or other security-related frameworks and familiarity with application threat modelling or other risk identification techniques and Support purple teaming exercises designed to build cyber resiliency across disparate security teams.
• Familiarity with vulnerability management and scanning tools such as Rapid7, Qualys, Nessus, Tenable.
• Familiarity with defensive technologies such as security information and event management systems (SIEMs), endpoint protection (EPP) and endpoint detection/response (EDR) tools, threat intelligence platforms (TIP), and open-source intelligence (OSINT) tools.
• Proficiency in scripting languages such as Python, PowerShell, Bash and Ruby is an added advantage and competency with testing frameworks and tools such as Burp Suite, Metasploit, Cobalt Strike, Kali Linux, PowerShell Empire and AutoSploit is an added advantage.