Cyber Security Specialist : Red Team

We are searching for an energetic, output-driven red teamer to support the execution of the cyber security strategy and roadmap with a primary focus on red teaming, purple teaming and DevSecOps.

You'll be assisting the red team in their efforts to defend Woolworths against various cyber threats by helping mature our ability to test, validate and improve controls. This includes penetration testing and helping mature DevSecOps and application security.

This is a technical role requiring practical experience in penetration testing, red teaming, SDLC security and DevOps.

The role also requires good people skills to effectively interact and communicate with various stakeholders across Woolworths.

• Work with the rest of the security operations team to proactively identify vulnerabilities and validate controls across the Woolworths environment.
• Support the team in responding to security incidents.
• Work with, and coordinate, external providers where and when relevant.
• Assist with maturing the red and purple teaming maturity, leveraging technology and automation with the goal of continual control validation.
• Integrate security practices into the SDLC and DevSecOps under the guiding principles of 'shift left' and 'security by default'.
• Provide expert guidance on, and where relevant maintain and enhance the toolsets required for mature application security covering pen testing, secure coding, source code analysis and vulnerability management.
• Investigate new approaches, technologies, and automation to mature AppSec.
• Assist with AppSec training.
• Assist with managing a risk-based methodology for application and infrastructure penetration testing.
• Provide application and infrastructure penetration testing according to the methodology and where relevant, in line with compliance requirements (e.g., PCI).
• Help drive and validate remediation of findings.
• Consult with application development teams during projects and initiatives.
• Provide AppSec reporting for operational security dashboards.
• Provide application security guidance via documentation, standards, and collaboration.

• Grade 12 and relevant degree / diploma / certifications
• Years relevant experience in cyber security, up to 10 years in IT
• Hands on practical experience in application security and penetration testing
• Experience in DevOps / DevSecOps and the ability to integrate security into the CI / CD processesAdvantageous
• Software development experience
• Relevant qualifications and certifications such as OSCP, OSWE, SANS and CREST
• Practical experience with the MITRE ATT&CK framework is advantageous
• Ability to script and automate processes
• May be required to assist outside of working hours