JOB PURPOSE

Ensure the confidentiality, integrity, and availability of an organization's information systems and data and effective implementation of security measures within development processes through integrating security into the operational and development processes to support the organization in streamlining and enhancing the development processes In addition,work closely with cross-functional teams to integrate security practices into their workflows and ensure that security is considered throughout the software development lifecycle, collaborate with stakeholders, manage security initiatives, and provide guidance on secure coding practices. responsible for identifying and mitigating security risks, conducting security assessments, and ensuring compliance with relevant regulations and standards to help improve software reliability, security, and quality.

4. KEY ACCOUNTABILITIES

1.Collaborate with cross-functional teams to integrate security practices into development processes and create seamless flow of work.

2.Provide guidance and support on secure coding practices, secure design principles, and security risk mitigation.

3.Develop and maintain security documentation and guidelines for Continuous Integration / Continuous Development CI/CD pipeline tools and processes. Additionally, Design and implement secure (CI/CD) pipelines for building, testing and deploying software, incorporating security testing tools such as Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST) and Software Composition Analysis (SCA)

4.Evaluate and recommend the implementation of security tools and technologies to enhance the security posture of the organization within the CI/CD pipeline.

5.Responsible for the security of the software development process, including automating scans, code verification, and developing security protocol to protect sensitive data and ensure proper prevention against cyber threats.

6.Review and enhance containers’ security measures within the bank IT environment (e.g. Kubernetes, OpenShift, etc)

7.Collaborate with both development and operations teams to create a seamless flow of work and maintain an agile workflow.

8.Ensure continuous integration and delivery (CI/CD) processes are followed, promoting the speedy release of high-quality software

9.Support the implementation of the key strategic business initiatives and projects through following the secure software development life cycle including specifying the confidentiality, integrity, and availability requirements, addressing security requirements throughout the development of new systems and performing proper risk assessment prior to releasing new systems to production.

10.Review new technologies and changes to existing technologies for in house developed applications to ensure proper information security requirements/controls and compliance with relevant security policies and compliance mandates.

11.Conduct the annual review and update of the area’s processes, procedures and recommend updates to relevant policies with the adherence to the developed SLAs.

Policies, Processes and Procedures

12.Participate, develop and recommend improvements to policies, processes and procedures and manage their implementation to ensure all relevant procedural / legislative requirements are fulfilled.

Day-to-day management

13.Follow the day-to-day operations related to own jobs in the Information Security Management department to ensure continuity of work.

Compliance

14.Ensure compliance with relevant laws, regulations, and industry standards (e.g., CBE, PCI-DSS, ISO 27001).

QUALIFICATIONS, EXPERIENCE, & SKILLS

Qualifications & Experience

Bachelor's degree in Computer Science, Information Security, or a related field. A master's degree is preferred.

3-6 years of proven experience in a similar security-focused role. (5-8 years for Sr. analyst)

Proven experience as a DevSecOps Engineer or similar role, with strong background in software development lifecycle and security

Strong knowledge of secure coding practices, secure design principles, and common security vulnerabilities.

Familiarity with agile development methodologies and experience integrating security into agile processes.

Knowledge of industry regulations and standards such as ISO 27001, NIST, OWASP, etc.

Abroad understanding of security practices such as penetration testing, threat modelling, vulnerability management and static & dynamic application security testing

Experience with CI/CD tools such as Gitlab CI/CD, version control systems, code repositories, etc.

Experience with containerization and orchestration tools (e.g. Docker, Kubernetes, Helm, ArgoCD)

Knowledge of scripting languages (e.g. Bash, Python, Go)

Experience conducting security assessments, vulnerability testing, and risk assessments.

Familiarity with security tools and technologies such as vulnerability scanners, code analysis tools, etc.

Recommended Certification:

CISSP

CISM

CSSLP

GIAC Cloud Security Automation (GCSA)

Certified DevSecOps Engineer (CDSOE)

Certified DevSecOps Professional (CDP)

DevSecOps Engineering (DSOE)

Certified Ethical Hacker (CEH)

Offensive Security Defense Analyst (OSDA)

Skills

Excellent communication and collaboration skills

Strong problem-solving and analytical skills

Proficient verbal and written English

Ability to manage and prioritize tasks

Knowledge of top-level cybersecurity subjects and issues

Ability to research threats and draw up logical conclusions through well-thought-out, unbiased processes

Ability to troubleshoot and solve problems

Ability to learn new technologies quickly

Ability to bring together data from diverse sources and articulate it into simple and concise information