Head of SecDevOps Re-advertisement

Listing reference: atns_000505
Listing status: Under Review
Apply by: 8 October 2024
Position summary
Industry: Aviation & Aerospace
Job category: Others: Transport and Logistics
Location: Johannesburg
Contract: Permanent
Remuneration: Market Related
EE position: Yes
Introduction
Applications are invited for the position of Head of SecDevOps based at Head Office (Bruma). The successful applicant will be reporting to the Chief Technology & Information Officer. Overview To develop and implement a SecDevOps strategy and roadmap in line with the vision and strategy of the organization. To leverage evolving practices in security, application development, operations and sourcing to provide a world class, resilient technology environment that enables taking full advantage of opportunities in the digital economy. To implement and oversee Secure Software Development Lifecycle (SSDLC) best practices , fostering a culture of security excellence within cross-functional teams. To lead the secure development and maintenance of ATNS digital platforms, in collaboration with relevant stakeholders.
Job description

Major Activities

  • Develop the SecDevOps strategy to contribute to the overall departmental and  organizational strategy.
  • Build upon the International Civial Avialtion Organisation’s  aviation cybersecurity strategy to ensure safety, security and continuity of ATNS services in a world increasingly jeopardized by cybersecurity threats.
  • Actively participate in the development and implementation of the national aviation cybersecurity strategy.
  • Drive the adoption of best practices in software development, configuration and support that integrate principles of lean thinking, continuous improvement and agility, e.g. test-driven development, continuous integration, etc.
  • Lead the secure development and maintenance of ATNS digital platforms, supported by peers working on infrastructure management, data and analytics, and information security, in line with the ATNS modernisation strategy.
  • Establish together with South African Civil Aviation Authority an information sharing group for governance and compliance consisting of all aviation ecosystem role players with a trust framework that can be leveraged by the RSA aviation community as a whole.
  • Participate in relevant regional and international  fora.
  • Collaborate effectively with technology peers and colleagues across the organization.
  • Lead application rationalisation informed by business value analysis of the application inventory.
  • Transform the application landscape through scalable applications and technology, enabling business efficiency and growth.
  • Apply strategic judgement to inform build or buy decisions.
  • Ensure that all applications adhere to relevant standards.
  • Provide cybersecurity technical leadership and guidance in relevant local, regional and international bodies.
  • Develop and maintain the Applications roadmap in line with agreed priorities, initiatives and expected operational service levels.
  • Ensure compliance with relevant legal and policy frameworks. 
  • Develop and maintain relevant policies, processes, procedures and standards.
  • Facilitate secure software development lifecycle , ensuring the infusion of security into every phase of systems development and operation.
  • Provide cybersecurity controls (covering people, processes and technology) designed to protect CNS systems, networks and data from digital attacks.
  • Schedule and implement regular maintenance of applications in order to maintain system reliability and stability .
  • Drive cybersecurity controls to ensure that the aviation infrastructure systems and information systems ranging from legacy systems to next generation satellite communication systems are resilient to cyber-attacks and remain safe and trusted globally, whilst continuing to innovate and grow in all the defined or determined areas within the South African sovereign and delegated continental and oceanic airspace.
  • Manage solution delivery initiatives, build or buy, to ensure quality coding and/or that solutions are delivered efficiently.
  • Collaborate with all relevant technology peers in every phase of the value chain: project management, architecture, information security, quality assurance, business and technical specifications, etc.
  • Facilitate continuous improvement of the application development/sourcing processes.
  • Establish appropriate metrics for performance measurement of the Applications Team.
  • Risk Management: Identify, evaluate, and mitigate security risks, partnering with teams to conceive risk mitigation strategies.
  • Agile Collaboration: Actively participate in all planning meetings and stand-ups, addressing security concerns and risks within an agile development framework.
  • Incident Response: Lead and coordinate security incident response, encompassing investigation and resolution.
  • Policy and Process Management: Create, revise, or archive security policies and documented processes in alignment with industry best practices.
  • Technology Trends: Remain abreast of emerging technology trends, frameworks, and security methodologies to bolster software security.
  • Security Advocacy: Cultivate a culture of secure coding and configuration across all applications and features.
  • Leadership and Team Management: Oversee and mentor a team of DevSecOps engineers and specialists. Set clear objectives, provide consistent feedback, and support team members' professional growth. Foster a collaborative and innovative team milieu.
  • DevSecOps Strategy: Formulate and execute a DevSecOps strategy that aligns with the organization's objectives. Define and continuously enhance DevSecOps processes and practices.
  • Automation and Tools: Implement and manage SecDevOps automation tools and technologies. Continuously evaluate and select appropriate tools to augment the SecDevOps pipeline.
  • Maintain constructive and productive stakeholder relations across the business and with relevant external related parties.
  • Visible and active leadership to the organisation's applications landscape.
  • Develop a RACI matrix that clearly identifies and assigns information security roles for the various ATSEPs and other stakeholders.
  • Identify key risks, develop and implement effective mitigating plans and actions in order to avoid or minimise relevant risks, and report and raise these risks in the appropriate forums.
  • Ensure optimisation of resources through effective deployment and management of skills.
  • Develop a robust cybersecurity culture through structured training and awareness programs to capacitate the ATSEPs from end to end i.e. Cybersecurity Education, Training and Skills.
  • Ensure that staff is managed in accordance with HC policies, processes and practices.
  • Ensure continuous development of staff. Ensure that staff remain suitably trained to achieve expected performance outcomes in a dynamic technology environment.
  • Ensure effective management of finance in line with business priorities and within financial parameters.

Minimum requirements

Minimum Qualifications

Bachelor’s degree in Information Technology, Information Systems or a related field

Post Graduate Degree in Information Technology, Information Systems or a related field           

Master's degree preferred

Certification: PMI-ACP, OSCP, CEH, CISSP. Other certifications like TOGAF, ITIL, COBIT or related certifications would be an advantage.

 Knowledge of cloud technologies (Infrastructure or DevOps or Solution Architecture), Certification will be advantageous 

ISACA Professional Registration is an advantage

Leadership qualification in a field relevant to aviation/aerospace/aeronautics

Minimum Experience

Seasoned professional required with minimum 10 years' experience in Information Technology of which at least 5 years' experience in SecDevOps or a related field, and 5 years' experience in managing technical team(s).

Experience in a high technology electronic environment with in-depth knowledge and understanding of aeronautical communication, navigation, surveillance and satellite systems is also required.

Must be experienced in SecDevOps and Agile software development principles, an advocate of lean thinking and display an appreciation for cybersecurity and continuous improvement.

Key knowledge requirements:

Excellent stakeholder management: tactful, diplomatic and empathetic to clients, colleagues and subordinates.

In-depth working knowledge of ICAO global and regional plans and SARP’s.

A working knowledge of ITU regulations.

Demonstrated experience in DevSecOps leadership and security management.

Secure Development: Strong knowledge of secure software development practices and methodologies.

Security Standards: Familiarity with OWASP top 10 and other security standards.

Vulnerability Management: Proficiency in vulnerability management tools and practices.

Agile Experience: Agile development experience is a plus.Experience in C# or Java, along with proficiency in NodeJS/JavaScript/Typescript/Ruby.

Proven experience with continuous integration and continuous delivery (CI/CD) pipelines, including tools like Jenkins, Code Pipeline, and CodeBuild.

Knowledge of the aviation regulatory framework and relevant legislation.

Proficiency with Version Control tools such as GitHub, GitLab, or Bitbucket.

Familiarity with CI/CD platforms such as Jenkins, GitLab CI/CD, DevOps, CircleCI, or Travis CI.

Containerization and Orchestration: Experience with containerization technologies like Docker, Kubernetes, Docker Swarm, and OpenShift.

Cloud Experience: Proficiency in cloud platforms like Owncloud, AWS, Openstack, Azure, or Google Cloud Platform.

Familiarity with security frameworks such as OWASP and SANS.

Hands-on experience with DevSecOps tools such as SonarCloud, SonarQube, OWASP ZAP, Burp Suite, Snyk, Fortify, and QualysGuard.

Our website uses cookies so that we can provide you with the best user experience. By continuing to use our website, you agree to our use of cookies.