LOCATION:

SANRAL COC Offices, 36 Assegai Wood Road Rooihuiskraal, Centurion 0157

GRADE: D3 Paterson Grade

POSITION OBJECTIVE:

The Manager: Application Security will be responsibilities for SANRAL’s application security engineering as well as identifying, assessing, and mitigating vulnerabilities in applications, ensuring they are secure from security threats. The role will also oversee the implementation of security policies and practices within the application development lifecycle, often collaborating with other engineering and development teams.

MINIMUM REQUIREMENTS:

• NQF Level 7 Bachelor’s degree, Advanced Diploma or equivalent in Information Technology
• Compulsory industry certifications: CISSP, CISM, or CISA
• 5 years min relevant experience
• 3 years min supervisory experience

WORKPLACE COMPETENCIES:

• Experience with OWASP Top 10 standard.
• Experience with securing applications in cloud environments (e.g., AWS, Azure).
• Strong understanding of authentication and authorization protocols, and encryption.
• Attention to Detail.
• Software Development Lifecycle.
• Demand Management.
• Technology Trends.
• Proven experience leading or mentoring a team of security professionals.
• Relationship Building and Influence.
• Business Needs Analysis.
• Project management skills to organize, drive, and execute initiatives.
• Experience in supporting supplier security activities to ensure third‐party software and development meets SANRAL's security standards.

KEY RESPONSIBILITIES:

Management:

• Lead and manage the application security program, closely align with the overall SANRAL Cyber Security program.
• Establish and drive the adoption of application security testing frameworks, capabilities, and tooling.
• Scale application security through automation, ensuring security testing is integrated into development pipelines.
• Provide guidance on secure application design and risk mitigation for technology stakeholders.

Operational:

• Establish and enforce secure development standards, policies, and procedures across the organization.
• Integrate security tools, standards, and processes into the systems life cycle.
• Support the incident response and architecture review processes whenever application security expertise is needed.
• Ensure compliance with relevant security standards and regulations.
• Conduct security assessments of applications (web, cloud, mobile, API) using range of manual and automated review techniques.
• Create functional and non-functional application security requirements, including delivering secure cloud services that strike a balance of product usability.
• Oversees Vulnerability remediation and ensures accountability for risk reduction.
• Provide security requirements for systems security testing.
• Serve as a Subject Matter Expert (SME) in the field of Application Security.

Reporting:

• Provide regular updates on application security metrics, program status, and risk assessments to SANRAL’s leadership.
• Communicate security issues and plans effectively to both technical and non-technical audiences.

EMPLOYMENT REFERENCE CHECKS:

Employment reference checks are a requirement as part of SANRAL’s recruitment and selection process. In order for SANRAL to conduct these checks a consent form needs to be completed and signed by the applicant. As an applicant of this position, you authorize SANRAL to process all the information provided for the purpose of your application for the position as well as the verification and record keeping of such credentials.

Please note that this is a confidential document and is intended for internal use by SANRAL’s Human resources department only.

EMPLOYMENT EQUITY:

Appointments will be made in accordance with SANRAL’s Employment Equity plan.
SANRAL reserves the right not to fill any position.

Closing date for applications: 05 August 2025