JOB PURPOSE
To drive the adoption of Information Security Policies & Cyber Security Standards across all Ecobank group. The Application Security Engineer is responsible for implementing and driving all initiatives aimed at ensuring the Security of applications and databases on the corporate cloud and on-premise ecosystem of the Ecobank group.
JOB CONTEXT
Collaborate with Vendors, Engineers, Consultants, Architects and leadership to address security risks and provide mitigation recommendations within the Secure Development Lifecycle (SDLC) and ensure the automation of Database Design, Implementations and tasks associated with reporting and control of Database Activity Monitoring controls.
Collaborate with vendors, engineers, consultants, architects, and leadership teams to identify, assess, and mitigate application and database security risks throughout the Secure Development Lifecycle (SDLC). Provide expert security guidance and actionable remediation recommendations to ensure secure design and implementation of applications.
KEY RESPONSIBILITIES
• Implement and maintain SecDevOps/DevSecOps across the group for software development and code reviews
• Participates in Project Management activities as Technical lead for Applications Security programs and initiatives
• Continuously work with Ecobank Software center to ensure all software developments are managed through the SecDevOps/DevSecOps pipeline
• Continuously work hand in hand with the Business Security & Architecture team to ensure the implementation of all developed Application Security Architecture and recommendations from design reviews of all Application systems developed in or for Ecobank group
• Responsible for the development, and implementation of controls around Identity & Access Management (IAM) to ensure logical user access management across native, on premise and cloud hosted applications and services are compliant with polices and monitored throughout their entire lifecycle.
• Continuously perform validation of Application Security controls to ensure adherence with corporate policies, standards and industry best practices.
• Continuously perform hands on security testing of Applications, products and services to proactively discover risk and track them to resolution.
• Guides and performs security activities including Application vulnerability testing and analysis, code review, static and dynamic code testing, ethical hacking and business logic exploit testing.
• Evangelizes application security program fundamentals, tools, processes and acts as a consultative partner to the business
• Define and maintain Application Security models for existing and new Application platforms across the group
• Develop and implement Application security tools based upon defined requirements and use cases
• Identify opportunities to optimize current Application solutions and perform Technical analysis and/or provide hands on technical support on an as needed basis to troubleshoot problems related to poorly Applications in production
• Perform product evaluation testing and certification of security, database and application products
• Works with Group Technology Operations to assess compliance with policies, regulatory requirements, standards, procedures, and best practices.
• Maintains security by monitoring and ensuring compliance to standards, policies, and procedures; conducting incident response analyses; developing and conducting training programs.
• Upgrades security systems by monitoring security environment; identifying security gaps; evaluating and implementing enhancements.
• Recommend areas of information management and security that require the establishment of policies and standards in the organization
• Ensures teams are validating for OWASP and performing industry leading application security practices.
• Participates in the development and implementation of database management policies and standards for efficient quality control and data administration.
• Designs and operates client-server database performance monitoring software and utilizes hardware, software, and manual procedures to verify the integrity of database systems.
• Develop Database security tools based upon defined requirements and use cases and ensure all Database traffic across the group are secured by ensuring principles such as vaulting, firewalling and Encryption
• Proactively protect the integrity, confidentiality, and availability of information in the custody of or processed by the bank whiles identifying unauthorized changes to authentication and authorization systems.
• F5 ASM administration
• Working knowledge of AWS, GCP and Azure.
JOB PROFILE
Experience & Qualifications:
• Bachelor’s degree in Computer science, Information Security/Cyber Security, Cryptography, Mathematics or a related field
• 5-7 years' previous experience in information security and Software development
• Excellent written and oral communication skills, as well as interpersonal skills including the ability to articulate to both technical and non-technical audiences.
• Firm understanding of enterprise class application and database architectures that are highly scalable and reliable and the ability to secure them.
• Experience of security architecture and design reviews.
• Threat modeling.
• AWS, GCP and Azure.
• Experience with multiple languages such as Java, JavaScript and frameworks, Go, Python and Perl etc. and understand how to detect and remedy related security issues such as OWASP top 10.
Skills, Capabilities & Direct attributes
• Excellent analytical, evaluative, and problem-solving abilities.
• Experience with securing host, database, and application solutions for multi-tier systems.
• Experience with Application Testing.
• Knowledge of automated attack tools and developing mitigation techniques.
• Hacker mindset and always strives to think like an attacker.
• Experience with Core Banking Applications and Financial Systems
• Technical certifications within information security are a plus (CISSP, CCSP, GIAC or equivalents).
• Understand, balance, and communicate business risk with security risk.
• Ability to understand business requirements and apply security without adversely affecting the desired functionality.
• High level of personal integrity, with the ability to professionally handle confidential matters, and reflect appropriate level of judgment as it pertains to security.
• Leading includes keeping better communication with other engineers, consultants and leadership in order to conduct other job duties in the above as a team.
• Member of security bodies such as NIST, ISACA, ISC2, EC Council, SANS, CIS etc.
“Ecobank is committed to providing equal opportunities to all and fostering an inclusive and diverse workplace. To this end, we encourage applications from individuals regardless of their nationality, race, gender, age, social class, religion, beliefs, and disability while fully adhering to the local laws and regulations established where Ecobank operates.”
