Job title: Application Security Engineer
Job type: Permanent
Emp type: Full-time
Skills: SDLC DevOps AppSec Application Security Penetration Testing DevSecOps OSCP OSWE Mitre Att&ck
Salary type: Annual
Salary from: ZAR 650,000.00
Salary to: ZAR 800,000.00
Location: Cape Town, WC
Job published: 2021-10-07
Job ID: 32062

Job Description

Redherd is a bespoke, boutique information security and technology recruiting partner. Our clients and us tackle some of the most complex security requirements of the modern-day cyber security industry. We obsess about the details and the subtle intricacies of a given position, therefore only run surgical searches and only approach those who possess the skills required, to excel in specific positions. Our candidates come first, and that will always stay at the forefront.  Afterall, you know what is best for you.

Our client is a leading retailer in South Africa and a household name around the country. They are looking to boost their security team  to further support their endevours. 

The client is looking for a strong and technically minded Application Security Engineer requiring practical experience in penetration testing, code review, SDLC security and DevOps. The role will be split 50% penetration testing and 50% application security. This is a permanent position based at the Head Office in Cape Town.


Job description 

Responsible for managing and monitoring application security 

  • Define and manage a risk-based methodology for application security testing and validation.
  • Perform internal application and service penetration testing according to the methodology.
  • Coordinate external penetration testing where required.
  • Help drive and validate remediation of findings.
  • Consult with application development teams during projects and initiatives. 
  • Provide appsec reporting for operational security dashboards.
  • Provide guidance via documentation and standards on application security practices. 

Responsible for improving application security 

  • Integrate security practices into the SDLC and DevSecOps under the guiding principle of ‘security by default’. 
  • Maintain and enhance the toolsets required for mature application security covering pen testing, secure coding, source code analysis and vulnerability management. 
  • Investigate new approaches, technologies and automation to mature appsec.
  • Provide appsec training. 

Responsible for Red Teaming 

  • Work with the rest of the security operations team to proactively identify vulnerabilities and validate controls across the clients environment. 
  • Support the team in responding to security incidents. 
  • Work with, and coordinate, external providers where and when relevant.


  • Software development experience
  • Relevant qualifications and certifications such as OSCP, OSWE, SANS and CREST
  • Ability to script and automate processes
  • Practical experience with the MITRE ATT&CK framework is advantageous
  • May be required to assist outside of working hours
  • Is aware of and responsive to internal and external events and influences on the technical landscape