Role Purpose\/Business Unit:<\/p>\n
\tThe primary purpose of the role is the implementation and continuous improvement of the DevSecOps programme within Vodacom South Africa, ensuring alignment with the Cyber Health and Adaptive Risk Method (CHARM) control 14.2.5-A DevSecOps. In this role you will work within a team of DevSecOps professionals and collaborate with Secure by Design, Security and Enterprise Architecture and DevOps Teams to:
\n\tImplement, operation and ongoing improvement of the DevSecOps Security Chapter and Champions model across technology Development teams to create the cultural shift that will underpin the DevSecOps capability.
\n\tImplement automated scanning tools including SAST, SCA, DAST, and secret scanning and other more advanced security scanning capabilities.
\n\tEstablish and maintain Appsec vulnerability management processes, ensuring critical vulnerabilities are identified, reported, evaluated, prioritized and remediated, to continuously improve the Vodacom\u2019s application security posture.
\n\tAssist with the standardization and security approval of CI\/CD toolchains, ensuring all development tools are compliant with policy, SPDA approved and integrated with ASPM (Application security Posture Management) tool and DevSecOps processes.
\n\tThis role will involve working with Busines unit, Cyber and IT stakeholders in Vodacom South Africa to implement and operate Cyber Security DevSecOps CHARM requirements \u2013 Some of these responsibilities may extend to collaboration with Group Cyber Security and other operating companies to ensure that cyber security controls are consistently applied across markets.<\/p>\n
Your responsibilities will include:<\/p>\n
Culture – Security Champions Programme<\/p>\n
\tImplementation and ongoing management and improvement of the Security Chapter and Champions programme across technology teams.
\n\tEnsure every agile DevOps\/DevSecOps team has appointed Chapter Leads and Security Champions.
\n\tCollaborate with DevSecOps Specialists and provide guidance to Cyber Security Officers to ensure they support Chapter Leads and Champions effectively.
\n\tFacilitate completion and ongoing re-evaluation of DevSecOps Maturity across DevSecOps teams.
\n\tDrive completion of DevSecOps Learning Pathway for all Chapter Leads and Champions.
\n\tFacilitate monthly Chapter meetings and feedback sessions to track progress and maturity.
\n\tPromote a culture of security awareness and collaboration across teams.
\n\tTrack and report on the effectiveness of the Champions model and identify areas for improvement.
\n\tSupport the creation and maintenance of training materials and structured learning paths.<\/p>\n
Security-approved CI\/CD Toolchain<\/p>\n
\tDrive the migration to a standardised CI\/CD pipeline using an Enterprise selected and security approved toolset in collaboration with Enterprise Architecture and Platform Engineering.
\n\tDiscover, Identify and record all DevSecOps tooling being used by Development Teams across the organisation.
\n\tMaintain an inventory of tools used across teams and ensure compliance with security policies.
\n\tCollaborate with Platform Engineering, Enterprise Architecture, Cybersecurity and Development Teams to embed security controls in the pipeline and design secure SDLC patterns.
\n\tSupport the implementation of SPDA-approved software applications and extensions.
\n\tIdentified and Discovered DevSecOps tooling should be integrated with ASPM tooling and channelled through SPDA, where applicable or retired for teams to move to approved tooling.
\n\tEnsure security assessments are passed to and conducted by the Secure by Design on CI\/CD pipelines to meet CHARM 14.2.5-A requirements.
\n\tProvide guidance on secure tool usage and integration across development environments.
\n\tAutomated Scanning, Remediating, and Reporting of Vulnerabilities
\n\tAssist with the implementation of automated scanning tools including SAST, SCA, DAST, and secret scanning.
\n\tSupport the rollout of scanning capabilities and ensure coverage across all teams.
\n\tCollaborate with teams to define and implement vulnerability management processes.
\n\tDevelop and maintain real-time\/near real-time vulnerability dashboards.
\n\tWork with Chapter Leads and Champions to continuously improve security posture and maturity.
\n\tAlign vulnerability remediation with DevSecOps maturity to target a state where critical and high vulnerabilities are remediated prior to code release into production environments.
\n\tTrack vulnerability debt and ensure reduction targets are met.<\/p>\n
The ideal candidate for this role will have:<\/p>\n
\t3-year Technical Diploma\/Degree in Information Security, Computer Science or Engineering
\n\tMinimum of 3-5 years of experience in Cyber Security role
\n\tKnowledge of common information technology management \/ compliance frameworks such as ISO\/IEC 27001, NIST CSF, ISF, PCI DSS, OWASP, SANS etc.
\n\tA deep understanding of Technology Security risks and mitigating solutions
\n\tA diverse security background with knowledge and experience in three or more of the Security Domains including: Security Assessment and Testing; Software Development Security; Security Governance and Risk Management; Security Architecture and Engineering; Communication and Network Security; Identity and Access Management; Security Operations; Asset Security.
\n\tSpecialist experience in either DevSecOps, Application Security, Security Architecture or Offensive Security will be an added advantage.
\n\tKnowledge of operating systems such as Windows and Linux and how to secure them
\n\tKnowledge of and\/ or experience in creating and managing DevSecOps pipelines practicing CSA, SAST, DAST, and Security as Code will be an added advantage
\n\tBe well-versed in at least one of the programming languages like Java, PHP, Python, Ruby, and Perl ,or other, so as to collaborate competently with software engineering teams within the organization to identify and implement opportunities for improvement and automation in the CI\/CD pipeline.
\n\tKnowledge of Cloud and container technologies such as AWS\/GCP\/Azure, Docker, Kubernetes, and how to implement CI\/CD pipelines in developer tools such as Gitlab will be an added advantage.
\n\tKnowledge of configuration management tools such as Chef, Puppet, and Ansible will be an added benefit.
\n\tAbility to work under time and resource pressure
\n\tAn ability and desire to collaborate and communicate with a broad set of stakeholders.
\n\tA customer-focused, responsive, and transparent attitude<\/p>\n
We make an impact by offering:<\/p>\n
\tEnticing incentive programs and competitive benefit packages
\n\tRetirement funds, risk benefits, and medical aid benefits
\n\tCell phone and data benefits, advantages fibre connection discounts, and exclusive staff discounts offered in collaboration with partner companies<\/p>\n
Closing date for Applications: 05 September 2025.<\/p>\n
go to method of application \u00bb<\/p>\n
Apply via company website ( http:\/\/www.vodafone.com ) or<\/p>\n
<\/p>\n","protected":false},"author":2,"featured_media":0,"template":"","meta":{"_promoted":"","_job_location":"","_application":"","_company_name":"Vodafone Global Enterprise","_company_website":"http:\/\/www.vodafone.com","_company_tagline":"Vodafone Global Enterprise is part of the Vodafone Group, dedicated to simplifying the management of global communications for the world's largest multi-national companies. Specialists in enterprise mobility, Vodafone Global Enterprise focuses on implementing mobility strategies and solutions tailor... read moreed to the needs of global corporations - enabling them to focus on their core business With over a billion people spread across over 50 countries, Africa is developing at an unprecedented rate, The GDP of the continent is expected to hit $2.6 trillion by the year 2020. This expansion is matched by the growth in mobile subscribers. These have increased by some 20% each year over the past six years, with over 75% penetration and more than a billion subscribers expected by the end of 2016. Many global businesses are now firmly established across the continent and are taking advantage of the many opportunities for expansion. By helping businesses manage the complex business challenges that exist in Africa, we are helping to transform the way the region\u2019s businesses participate in today\u2019s fast-moving global economy. midrand south africa","_company_twitter":"","_company_video":"","_filled":0,"_featured":0,"_remote_position":0,"_job_salary":"","_job_salary_currency":"","_job_salary_unit":""},"job_listing_region":[11],"job-types":[12],"class_list":["post-17808","job_listing","type-job_listing","status-expired","hentry","job_listing_region-gauteng","job-type-full-time"],"jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/jobs.dataaxisnode.com\/southafrica\/wp-json\/wp\/v2\/job-listings\/17808","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/jobs.dataaxisnode.com\/southafrica\/wp-json\/wp\/v2\/job-listings"}],"about":[{"href":"https:\/\/jobs.dataaxisnode.com\/southafrica\/wp-json\/wp\/v2\/types\/job_listing"}],"author":[{"embeddable":true,"href":"https:\/\/jobs.dataaxisnode.com\/southafrica\/wp-json\/wp\/v2\/users\/2"}],"wp:attachment":[{"href":"https:\/\/jobs.dataaxisnode.com\/southafrica\/wp-json\/wp\/v2\/media?parent=17808"}],"wp:term":[{"taxonomy":"job_listing_region","embeddable":true,"href":"https:\/\/jobs.dataaxisnode.com\/southafrica\/wp-json\/wp\/v2\/job_listing_region?post=17808"},{"taxonomy":"job_listing_type","embeddable":true,"href":"https:\/\/jobs.dataaxisnode.com\/southafrica\/wp-json\/wp\/v2\/job-types?post=17808"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}