Information Security Analyst

Through our client-facing brands Metropolitan and Momentum, with Multiply (wellness and rewards program), and our other specialist brands, including Guardrisk and Eris Property Group, the group enables business and people from all walks of life to achieve their financial goals and life aspirations.We help people grow their savings, protect what matters to them and invest for the future. We help companies and organization’s care for and reward their employees and members. Through our own network of advisers or via independent brokers and utilising new platforms Momentum Metropolitan provides practical financial solutions for people, communities, and businesses. Visit us at www.momentumgroupltd.co.za

Disclaimer As an applicant, please verify the legitimacy of this job advert on our company career page.

Role Purpose

This position is responsible for performing various tasks. This role is also required to conduct ongoing research in the IT security arena and regularly assist in the sales process.The ideal candidate will be responsible for conducting comprehensive penetration tests, identifying vulnerabilities, and providing recommendations to improve security posture. The ideal candidate must have experience in all forms of complex technical security assessments of clients’ information technology systems (including the Internet, Intranet, applications, hosts, firewalls, mobile applications, etc.) and related policies and procedures. They must be highly motivated and have a good command of industry best practices.

Requirements

• 5+ years of experience in penetration testing, vulnerability assessment, or a related field.
• Deep knowledge of security testing methodologies and frameworks (OWASP, NIST, etc.).
• Proficiency with advanced penetration testing tools such as Metasploit, Burp Suite, Nessus, Nmap, etc.
• Strong scripting skills (Python, Bash, PowerShell, etc.) for automating security tasks.
• In-depth understanding of network protocols, operating systems, web technologies, and cloud environments.
• CISSP and CEH certification preferred.
• OSCP, OSEP, CCSP, CRTE, CRTP, or CRTO certification or equivalent is an advantage.
  
  

Duties & Responsibilities

• Lead and conduct comprehensive penetration tests on networks, applications, and systems to identify security weaknesses.
• Develop and implement advanced security test plans, scenarios, and scripts.
• Perform in-depth vulnerability assessments and security analysis using both automated tools and manual techniques.
• Document and report security findings, providing actionable insights to clients and detailed recommendations for remediation.
• Collaborate with cross-functional teams to prioritize and resolve security vulnerabilities.
• Research and stay current with emerging security threats, vulnerabilities, and technology trends.
• Participate in security incident response activities when required.
• Assist in the development and refinement of security policies, procedures, and standards.
• Provide training, guidance, and mentorship to junior penetration testers and other security staff.
• Perform security assessments, including application scans (using tools such as Nessus, Burp Suite) and code reviews, to ensure compliance with Momentum Group’s SDLC policies.
• Participate in a variety of other internal security projects and information security activities as required.
  
  

Competencies

• Strong knowledge of OWASP Top 10 vulnerabilities and how to exploit/mitigate them.
• Excellent technical writing skills for creating detailed assessment reports.
• Self-driven, motivated, independent yet communicative and collaborative.
• Ability to work unsupervised in a remote capacity and deliver results.
• Good organizational skills and time management; ability to resolve conflicts, prioritize tasks, and follow quality benchmarks.
• Strong verbal communication skills for presenting findings to technical and non-technical stakeholders.
• Demonstrate a strong ability to engage with various stakeholders, have a team-based approach, and work towards shared goals and outcomes.
• Ability to think outside the box and a passion to improve your skills and drive innovation.