The Cyber Security Specialist (Application Security) is responsible for undertaking security assurance of applications before release to production, periodic security reviews, and is the contact person in Cyber Security for all system change reviews.
The specialist ensures that security requirements are well captured and embedded in the secure SDLC for all system developments and deployments, secure coding practices are adhered to, and secure software and application configurations are maintained in the system’s lifetime.
Key Responsibilities
- Define, document, and implement software security policy, secure coding practices and guidelines for the bank in line with industry best practices and technologies commensurate with risk and regulatory requirements.
- Develop, implement, and maintain a software security assurance framework which that shall guide information security team in security and risk assessments of applications, as well as provide security requirements for developers and third parties to adhere to.
- Lead Information Security involvement in all software and application implementation projects and scrum teams to ensure all applications and changes meet set information security requirements before introduction to production environments.
- Collaborate with Enterprise Architecture and Business Application Development teams to identify application/software security improvements and plug-in identified security controls in DevOps tools.
- Perform and coordinate regular training on secure coding, software security and application security practices for the development and other KCB technology teams at regular intervals.
- Collaborate in the continuous monitoring and defense of the Bank’s critical applications, such as core banking, and digital channels, for cybersecurity threat indicators; report on violations and security measures taken to address threats.
- Identify, integrate, and maintain security tools, such as SAST and DAST tools (Static/Dynamic Application Security Testing), standards, and processes into the software development or product life cycle (SDLC / PLC), and CI/CD pipelines.
- Participate in performing risk assessments for business solutions for inherent security risks and provide recommendations for addressing such risks.
- Define, create, and deliver software/application security compliance reports and relevant metrics to the Bank’s Senior Management.
- Protects the bank’s applications and systems by defining access privileges and other security control structures.
The Person
For the above position, the successful applicant should have the following:
- A university degree from a recognized institution preferably in Information Technology/Computer Science/ Cyber Security/ Engineering (Electrical & Electronics) or related field.
- A professional certification in either of the following: CDP: Certified DevSecOps Professional • CSSLP: Certified Secure Software Lifecycle Professional • CISM: Certified Information Security Manager • CISA: Certified Information Systems Auditor • CISSP: Certified Information Systems Security Professional.
- At least 5 years’ experience in Technology.
- At least 2 years’ experience in Information Security.
- Strong Application Security knowledge, experience within Secure SDLC and DevSecOps
The above position is a demanding role for which the Bank will provide a competitive remuneration package to the successful candidate. If you believe you can clearly demonstrate your abilities to meet the criteria given above, please log in to our Recruitment portal and submit your application with a detailed CV.
To be considered your application must be received by Friday 25th August 2023.
Qualified candidates with a disability are encouraged to apply.
Only short-listed candidates will be contacted.