Thato Aphane

Senior Infrastructure and Security Engineer

Netsurit — November 2023 – Present

Design and implement secure network and cloud architectures, integrate security into engineering workflows, and lead incident response and compliance activities.

• Design and implement secure network architectures (firewalls, IDS/IPS, micro-segmentation) and SIEM solutions to strengthen security posture.
• Integrate automated security testing into CI/CD (Jenkins, GitLab CI, GitHub Actions) including SAST, DAST and dependency scanning to catch issues early.
• Lead incident response, forensic analysis, and remediation while minimising business impact.
• Manage IAM systems and conditional access policies to enforce least-privilege and strong authentication.
• Ensure and audit compliance with POPIA, PCI DSS and ISO 27001; develop policies and run internal audits.
• Evaluate and manage security vendor relationships and define key security metrics to drive improvements.

Technologies:

Azure, AWS, GCP, Office 365/Microsoft 365, Splunk, Nessus, Wireshark, Active Directory, Azure AD, Docker, Jenkins, GitLab CI, GitHub Actions, Python, Bash

Senior Cloud Security Analyst / Pen Tester

Jinjer.co.za — May 2021 – October 2023 (Contract / Full-time)

Performed infrastructure and application penetration tests, developed testing tooling and methodology, and provided technical consultation to uplift client security.

• Executed network, web and mobile penetration tests, social engineering and physical security reviews.
• Developed custom exploits, scripts and automation to support continuous security assessments.
• Authored rules of engagement, security standards and automation for repeatable testing.
• Performed code reviews and worked with developers to validate and remediate vulnerabilities.
• Delivered workshops and training to share techniques and findings with technical and non-technical audiences.

Technologies:

Metasploit, Burp Suite, Nessus, Wireshark, Kali Linux, Python, Bash

IT Security Specialist

Johannesburg City Parks & Zoo — August 2017 – March 2023

Implemented and administered enterprise security solutions across on-prem and cloud, managed IAM, conducted pentests, and owned business continuity planning and compliance.

• Designed and administered identity platforms (Active Directory, Azure AD), group policy and related IAM tooling.
• Performed ethical hacking and managed EDR/anti-malware and SIEM tooling.
• Implemented security principles and controls including PKI, RADIUS, LDAP, SAML/OAuth, MFA, PAM and Zero Trust concepts.
• Managed compliance and security operations across virtualization, messaging, networking and data centre infrastructure.

IT Senior Analyst

Webhelp SA Outsourcing — March 2014 – May 2017

Day-to-day monitoring, investigation and response to cybersecurity alerts; automation of processes and vulnerability management across the estate.

• Operated anti-malware and vulnerability management tooling (Nessus, Qualys), and automated monitoring & alerts.
• Managed incident response, access reviews and security awareness initiatives across the business.
• Supported penetration testing, policy enforcement and security standards across projects and operations.

Systems Administrator

LDS Church Corporate Administration Offices — December 2008 – March 2012 (Contract)

Managed systems administration tasks including configuration, performance tuning, security management and ITIL-based operational processes.

• Worked on Windows Server, Cisco networking and VMware; supported incident/change/problem management and performance tuning.
• Assisted with network device configuration and developer workstation optimization for production workloads.

Key Metrics & Security Automation

Pipeline security integration and automation highlights across engagements.

• Integrated automated security tests at multiple stages of development (SAST, DAST, dependency scanning) to catch vulnerabilities earlier in the lifecycle.
• Reduced manual testing overhead and improved secure deployment cycles across client environments.