Cybersecurity Analyst (DevSecOps)

KEY RESPONSIBILITIES:

• Represent Group Cyber Security in assigned implementation projects and teams to ensure all applications and changes meet set information security requirements before introduction to production environments.
• Contribute to the definition, documentation, and implementation of software security policies, secure coding practices and guidelines for the bank in line with industry best practices and technologies commensurate with risk and regulatory requirements. 
• Consistently provide security requirements to developers and third parties to adhere to and comprehensively implement the Bank’s software security assurance framework by carrying out security and risk assessments of application and software changes.
• Collaborate with Enterprise Architecture and Business Services & Solutions teams to identify application/software security improvements and plug-in identified security controls in security tools.
• Contribute to formulation and conducting of regular trainings on secure coding, software security and application security practices for the development and other KCB technology teams at regular intervals.
• Contribute to the identification, integration, and maintenance of application security testing tools.
• Perform security and risk assessments for business solutions to identify inherent security risks and provide recommendations for addressing such risks.
• Create, and deliver software/application security compliance and testing reports and relevant metrics to the Bank’s Senior Management.
• Collaborate in the continuous monitoring and defense of the Bank’s critical applications, such as core banking, and digital channels, for cybersecurity threat indicators; report on violations and security measures taken to address threats.
• Protect the bank’s applications and systems by defining and reviewing access privileges and other security control structures.

 

1. MINIMUM POSITION QUALIFICATION REQUIREMENTS

 

1. Academic & Professional

Particulars Detail Specific Field or Qualification Need Type Education  Bachelor’s Degree B.Sc. Information Technology / Computer Science / Cybersecurity / Engineering (Electrical, Electronic) or related field RQ Professional Qualifications Information Security certification such as CISA/ CISM/ CISSP/CRISC/Security+ or any other related RQ   Information Security Testing and certification such as CSSLP (Certified Secure Software Lifecycle Professional)/CEH/OSCP/ CPT/ GPEN/ GWAPT/eWPT/eJPT or any other related RQ     Master’s Degree MBA/MSc AA  

 

 

 

Total Minimum No of Years Experience Required

 

 

3

 

Detail Minimum No of Years Need Type Experience in Information Security 1 ES Strong Application Security knowledge, experience within a project setup 1 ES Experience in testing or implementing web, API, mobile application security best practices (such as OWASP, NIST) 1 ES Experience in working with application security tools (Burp suite, OWASP Zap) 1 DE Experience in financial and capital markets 1 DE