DevSecOps Engineer

Infrastructure & Security · Cape Town, Western Cape
Department Infrastructure & Security
Employment Type Full-Time
Minimum Experience Experienced

PayFast, together with the DPO Group, is one of the leading Fintech organisations in Africa. We’re on a mission to exponentially grow the digital economy of Africa by building world-class payment products. Our DevOps department is at a crucial stage which means this role will become one of the biggest key players in the department and organisation. 


Together with Network International, we are on the hunt for a DevSecOps Engineer, reporting to Head of Infrastructure and Security.


About the team 


Network International’s Information Security team is tasked with enabling business growth safely, continually reducing our attack surface, generating situational awareness for senior management of the risk we face and developing a standardized and compliant information security policy matrix that simply explains how we protect our customers and our organisation.

 

You would be part of a small team, yet dynamic Team in Cape Town as part of a wider team of teams across the group. 


About you


You’d love working with us if you’re a fun, sharp and self-motivated person who has a passion for people and can keep tabs on multiple moving parts in your job. Someone who has outstanding interpersonal and communication skills and is passionate about finding the cream of the crop.


You’ll fit in perfectly with our culture if you:


  • Get energised by a fast-paced environment
  • Enjoy a hybrid working model 
  • Cherish a good work-life balance
  • Are adaptable and don’t mind a bit of chaos now and again 
  • Regard collaboration as an essential part of getting the job done
  • Pride yourself as being a self-starter who doesn’t lack motivation   
  • Don’t need to be micromanaged 
  • Take feedback well and use it for self-improvement 
  • Welcome change and new ideas 
  • Value the importance of diversity   


 What you'll be doing


Responsible for all security related tasks and initiatives for DevOps Security, manage security tooling within Devops CI / CD pipelines and manage runtime protection of digital estate of NI. Additionally, you will assist in developing an automated security framework for robust deployment tools and processes, leveraging various scripting languages and open-source solutions.


  • Working with Developers, DevOps, and Engineering teams in a dynamic environment to promote/implement the DevSecOps program throughout the organization.
  • Integrating and automating security tooling in the CI/ CD Pipeline – SCA / SAST / DAST / Container security
  • Ensuring DevOps platforms are in compliance with PCI-DSS and Information Security frameworks/standards (i.e. CIS, NIST, RFC2196, ISO27001 etc).
  • Review SAST / DAST testing results and assess risks in micro-services / apps. 
  • Conducting and coordinating vulnerability assessments through the use of automated and manual tools (Tenable, NMAP, etc).
  • Review and analyze vulnerability data to identify security risks to the organization's network, infrastructure, and application's and determine any reported vulnerabilities that are false positives.
  • Prepare security vulnerability and risk management metrices / dashboards / reports for management and Security Departments.
  • Working with Key Management Systems, Certificate Management, Encryption, Penetration Testing, Vulnerability Scanning, Application Security Testing, Security and Monitoring tools, etc.
  • Configuring, implementing and leveraging computer security and networking diagnostic/monitoring tools.
  • Leadership and Teaming skills to coordinate remediation of vulnerabilities within established timeframes.


What you'll need


  • 5+ years of experience working in a security role with a focus on cloud computing
  • Minimum 3+ years’ experience in DevSecOps / Application Security / SAST / DAST in Banking / Finance / Payment Processing Domains.
  • Experienced in Docker and Kubernetes technologies with good background in Linux/Unix background
  • Knowledge of DevOps Automation: Terraform, Puppet, Ansible, SaltStack,
  • Working knowledge of API Security, Container Security, Cloud Security on public clouds infra.
  • Knowledge of PCI-DSS, NIST cybersecurity framework, GDPR Standards and Policies and the associated certification and audit processes
  • Auditing and Compliance Certifications such as CISA, PCI-ISA, and PCIP.
  • Experience with security automation and machine learning.
  • CCSP, Azure, AWS, GCP, Kubernetes Security or other Security Certifications.
  • Take ownership, team player and able to communicate with stakeholders.
  • Customer focused and should be able to work under extreme pressure(s) and should have an easy-going attitude with ability to multitask
  • Self-motivated and ability to manage the client and represent the client internally
  • Able to support investigations, audit requirements internally and take ownership of the issue until closure
  • Has the initiative to manage the daily tasks without any supervision


    While not required, it’ll probably help if you have some knowledge of fintech, and an interest in entrepreneurship and startups would be beneficial. But don’t worry, there’s no need to be a unicorn as we’ll offer onboarding assistance.


    About us


    PayFast was founded in 2007 and has grown into one of South Africa’s leading online payment gateways. The DPO Group, which includes DPO Africa, PayGate, PayFast and SiD Instant EFT, is the largest and the fastest-growing African payment service provider, operating in 21 countries and working with more than 60,000 active merchants across the continent. In 2021, DPO Group was acquired by Network International. Our combined resources and expertise are benefiting merchants and online shoppers looking to accept digital payments through as many different channels as possible.


    What we offer

    • Work from the comfort of your home and our stunning office   
    • Company pension  
    • 21 days annual leave   
    • Study leave   
    • Celebrate your cake day with special birthday leave  
    • Great company culture   
    • Free mental health consultations   
    • Access to learning and development   
    • Onsite Barista, fueling your coffee needs   
    • And a whole lot more…  


    Availability 


    As soon as humanly possible (but we are willing to wait for the perfect candidate).

    If this sounds like a role that you would flourish in, please apply now.

    Thank You

    Your application was submitted successfully.

    • Location
      Cape Town, Western Cape
    • Department
      Infrastructure & Security
    • Employment Type
      Full-Time
    • Minimum Experience
      Experienced