Senior Information Security Engineer

Our client is an established, South Africa–based financial services organisation operating within a regulated, enterprise-scale environment. The business offers investment, insurance, and wealth-related services, supporting a large national client base through secure, high-availability digital platforms.

Technology is central to the organisation’s operations, with IT teams responsible for maintaining and enhancing business-critical systems, data integrity, and information security.

The environment is stable, professionally managed, and suited to experienced IT professionals who value structure, accountability, and working on systems with long-term operational impact rather than short-term or experimental projects.

The role is responsible for designing, implementing, and optimising advanced security architectures across hybrid infrastructure, applications, and cloud platforms. The position also plays a key role in security operations leadership, incident response, vulnerability management, compliance, and executive-level reporting.

The ideal candidate is a senior-level security engineer with extensive experience in enterprise information security environments. They have strong technical depth across security architecture, operations, and incident response, and are capable of operating as a technical authority within a regulated financial services context.

The role suits someone who can mentor junior engineers, engage with senior stakeholders, and contribute to the organisation’s overall security strategy.

Location: Midrand, Johannesburg, Gauteng.

Salary: R1 200 000 per annum.

Minimum Requirements:

• Diploma or Bachelor’s degree in IT, Computer Science, or a related field
• Senior-level security certification, such as CISSP or CISM, or equivalent
• Microsoft security certifications, including Cybersecurity Architect Expert or SC-series certifications
• 7+ years’ experience in cybersecurity or security engineering roles
• At least 3 years’ experience in a senior or lead security role
• Expert-level knowledge of SIEM, EDR, firewalls, DLP, and vulnerability management platforms
• Hands-on experience configuring enterprise firewalls and Web Application Firewall solutions
• Strong experience in identity governance, privileged access management, and zero-trust architecture
• Advanced understanding of cloud security, specifically Azure and Microsoft 365
• Scripting and automation experience using PowerShell and/or Python
• Experience designing and implementing information security awareness programmes

Duties and Responsibilities:

• Lead the design and implementation of security controls across on-premises, cloud, and SaaS environments.
• Define security architecture standards and review new technology integrations for compliance.
• Champion secure development lifecycle practices and perform application security assessments.
• Configure, manage, and report on enterprise firewall and Web Application Firewall solutions.
• Oversee and optimise security operations tools, including SIEM, EDR, DLP, and vulnerability management platforms.
• Develop operational playbooks and mentor junior security engineers.
• Collaborate with outsourced SOC teams, including SLA and performance management.
• Lead major security incidents, forensic investigations, and root cause analysis.
• Act as an escalation point for critical security events and coordinate cross-functional response.
• Define vulnerability and patch management strategies and report on remediation progress.
• Architect and enforce identity and access management using Microsoft Entra ID.
• Develop and deliver information security awareness initiatives across the organisation.
• Ensure alignment with ISO 27001, NIST CSF, CIS benchmarks, and regulatory requirements, including POPIA, GDPR, and FSCA.
• Deliver security metrics, dashboards, and executive-level reports to leadership.