Security Engineer III (AWS Cloud)
  • South Africa Brackenfell
  • The Shoprite Group of Companies
1 year before
31.12.2023
Protect and Defend
Cyber Defense Infrastructure Support
Job Description

The purpose of the Lead Security Engineer is to provide AWS cloud security expertise and will be responsible for the implementation of system-specific security controls and security overlays necessary to ensure the resilience of the AWS security posture. This role is part of a larger team dedicated to cloud-based management and security. As a Lead Security Engineer, this role is also responsible for the development and execution of highly complex, large-scale cyber security initiatives and requires a professional who is comfortable taking decisions and dealing with a range of problem-solving challenges and can work in a fast-paced environment and has a clear passion for cybersecurity and related technologies.


Quick response

Required Knowledge
  • K0001   Knowledge of computer networking concepts and protocols, and network security methodologies.
  • K0004   Knowledge of cybersecurity and privacy principles.
  • K0021   Knowledge of data backup and recovery.
  • K0033   Knowledge of host/network access control mechanisms (e.g., access control list, capabilities lists).
  • K0044   Knowledge of cybersecurity and privacy principles and organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
  • K0061   Knowledge of how traffic flows across the network (e.g., Transmission Control Protocol [TCP] and Internet Protocol [IP], Open System Interconnection Model [OSI], Information Technology Infrastructure Library, current version [ITIL]).
  • K0104   Knowledge of Virtual Private Network (VPN) security.
  • K0179   Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).
  • K0205   Knowledge of basic system, network, and OS hardening techniques.
  • K0332   Knowledge of network protocols such as TCP/IP, Dynamic Host Configuration, Domain Name System (DNS), and directory services.

Required Skills
  • S0007   Skill in applying host/network access controls (e.g., access control list).
  • S0059   Skill in using Virtual Private Network (VPN) devices and encryption.
  • S0121   Skill in system, network, and OS hardening techniques. (e.g., remove unnecessary services, password policies, network segmentation, enable logging, least privilege, etc.).
  • S0124   Skill in troubleshooting and diagnosing cyber defense infrastructure anomalies and work through resolution.
  • S0367   Skill to apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).

Required Abilities
  • A0123  Ability to apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).