Software Developer & Cyber Security Specialist

Software Developer & Cyber Security Specialist Technology Eazi Access Johannesburg , South Africa Until 2026/07/25 Job description Role Purpose The Software Developer & Cyber Security Specialist is a dual-mandate role that combines hands-on software engineering — with an emphasis on AI-enabled solutions — with end-to-end ownership of the organisation's cyber security posture. The role builds and improves the digital tools that make the business more productive, while simultaneously protecting the people, data and systems on which those tools run. The successful incumbent partners with business and IT leadership to identify problems worth solving with software and AI, ships working solutions, and ensures that everything the Group builds, buys, and operates is designed, configured and maintained to a defensible security standard. Key Accountabilities

• 1 Software Development & AI Solutions Design, develop, test, deploy and maintain business applications, integrations, APIs and AI-enabled features that solve clearly-scoped business problems.

Translate business requirements into clean technical designs; write maintainable, well-documented code; conduct peer code reviews and uphold engineering standards. Build and operationalise AI solutions — including the responsible use of large language models, prompt engineering, retrieval-augmented generation and agentic workflows — where they create defensible business value. Manage source control, build and release pipelines (CI/CD), and ensure every deployment is reproducible, rollback-able and auditable. Apply secure-by-design and privacy-by-design principles from the first line of code: input validation, secrets management, least-privilege access, dependency scanning, threat modelling.

• 2 Cyber Security Operations (This role is to take ownership and accountability of cyber security as a whole, with the support of other members of the IT team in terms of some of the day-to-day security administrative functions) Own the day-to-day cyber security posture of the organisation: endpoint protection, e-mail security, identity and access management, network segmentation, vulnerability management and patching cadence. Implement, tune and operate the Group's security toolset (e.g. EDR/XDR, SIEM, MFA, conditional access, DLP, e-mail gateway, web filtering, vulnerability scanner). Triage and respond to security alerts and incidents; lead containment, eradication and recovery; produce post-incident reports with corrective actions and lessons learned. Run regular vulnerability scans and coordinate remediation with system owners; manage the patch cycle to agreed SLAs. Conduct phishing simulations and security awareness campaigns; measure behaviour change and adjust the programme accordingly. Maintain an up-to-date incident response plan, run tabletop exercises, and ensure the Group is rehearsed — not improvising — when a real incident occurs.
• 3 IT Infrastructure & Cloud (Azure) Configure, harden and monitor Azure services — including Entra ID (Azure AD), Microsoft 365, Defender for Cloud / Endpoint / Identity, Sentinel, Key Vault, App Services, Storage, Networking and Backup — to Group baselines. Manage identity, access and conditional access policies; enforce MFA, privileged identity management and just-in-time access for sensitive resources. Operate and verify backup, disaster recovery and business continuity arrangements for critical systems; run periodic restore and DR tests and document outcomes. Secure networks, firewalls and segmentation in coordination with infrastructure partners; review configurations against current best practice.
• 4 Governance, Risk & Compliance

Formation / Diplômes

Maintain Group information security policies, standards and procedures; keep them current, accessible and enforceable. Ensure compliance with POPIA and any other applicable data-protection legislation; support data subject access requests and breach-notification obligations. Conduct regular risk assessments and third-party / vendor security reviews; track findings to closure. Support internal and external audits; close findings within agreed timelines and without recurrence. Maintain accurate asset, software and licence inventories; manage the access-review cycle for critical systems.

• 5 User Enablement & Service Act as a credible second-line escalation for complex software, integration and security incidents. Oversee the building and running of a continuous security awareness programme — onboarding, refreshers, targeted campaigns — so that every employee knows how to recognise and report a threat. Produce clear documentation, runbooks and how-to guides for business users and IT colleagues alike.
• 6 Vendor, Tooling & Budget Evaluate, select and manage vendors relevant to your area of responsibility; negotiate licences and SLAs; hold suppliers to delivery. Operate within the agreed project and tooling budget; flag overruns early with options, not surprises. Maintain a forward-looking technology radar — track relevant Azure, AI and cyber-security developments — and recommend adoption or retirement decisions with reasoning. Key Stakeholders Internal Chief Information Officer (line manager). Business unit heads and process owners (commercial, operations, finance, HR, SHEQ). IT infrastructure, applications and service-desk colleagues; data and reporting teams. Internal audit, risk and compliance functions; legal and company secretarial. External Microsoft / Azure partners; managed security service providers (MSSP); software and AI vendors. External auditors and assessors. Industry forums and peer security communities. Candidate Profile
• 1 Minimum Requirements

Expérience

Experience and proven track record of developing AI software solutions. Knowledge of general IT infrastructure, such as Azure services. First-hand experience implementing and maintaining cyber security solutions for a medium to large organisation. Relevant tertiary qualification (NQF 6 / 7) in Computer Science, Information Systems, Software Engineering, Cyber Security or equivalent — or demonstrable equivalent commercial experience. Minimum 5 years of professional software development experience, including production deployments. Minimum 3 years' hands-on cyber security experience in an operational role (not exclusively advisory or audit). Working knowledge of secure software development life-cycle (SSDLC) practices, and common application-security pitfalls. Valid driver's licence; willing to travel on occasion to branches. Clear criminal and credit record (role is subject to security vetting).

• 2 Preferred Qualifications & Certif

[Click the Apply button below to see the contact details]