Application Security Specialist
The Position:
The Application Security
Specialist is responsible for undertaking security assurance of applications
before release to production, periodic security reviews, and is the contact
person in Group Cybersecurity for all system change reviews. The Specialist
ensures that security requirements are well captured and embedded in the secure
SDLC for all system developments and deployments, secure coding practices are
adhered to, and secure software and application configurations are maintained
in the system’s lifetime.
Key Responsibilities
- Define,
document, and implement software security policy, secure coding practices
and guidelines for the bank in line with industry best practices and
technologies commensurate with risk and regulatory requirements.
- Develop,
implement, and maintain a software security assurance framework which that
shall guide information security team in security and risk assessments of
applications, as well as provide security requirements for developers and
third parties to adhere to.
- Lead
Information Security involvement in all software and application
implementation projects and scrum teams to ensure all applications and
changes meet set information security requirements before introduction to
production environments.
- Collaborate
with Enterprise Architecture and Business Application Development teams to
identify application/software security improvements and plug-in identified
security controls in DevOps tools.
- Perform
and coordinate regular trainings on secure coding, software security and
application security practices for the development and other KCB
technology teams at regular intervals.
- Collaborate
in the continuous monitoring and defense of the Bank’s critical
applications, such as core banking, and digital channels, for
cybersecurity threat indicators; report on violations and security
measures taken to address threats.
- Identify,
integrate, and maintain security tools, such as SAST and DAST tools
(Static/Dynamic Application Security Testing), standards, and processes
into the software development or product life cycle (SDLC / PLC), and
CI/CD pipelines.
- Participate
in performing risk assessments for business solutions for inherent
security risks and provide recommendations for addressing such risks.
- Define,
create, and deliver software/application security compliance reports and
relevant metrics to the Bank’s Senior Management.
- Protects
the bank’s applications and systems by defining access privileges and
other security control structures.
Qualifications
For the above position,
the successful applicant should have the following:
- Bachelor’s
degree in Information Technology /Computer Science / Telecommunications /
Engineering (Electrical, Electronic) from a recognized university.
- A
Certification in Information Security in either of the following;
CDP: Certified DevSecOps, Professional CSSLP: Certified Secure Software
Lifecycle Professional CISM: Certified Information Security Manager CISA:
Certified Information Systems Auditor CISSP: Certified Information Systems
Security Professional CEH: Certified Ethical Hacker ;OSCP : Offensive
Security Certified Professional eWPT: eLearn Web Penetration Tester CRISC:
Certified in Risk and Information Systems Controle JPT: eLearn Junior
Penetration TesterSecurity+.
- A
minimum of 5 years’ experience in Technology with at least 2 years’
experience in Information Security and 1 year experience within Secure
SDLC and DevSecOps.
How to Apply
The above position is
demanding role for which the Bank will provide a competitive remuneration
package to the successful candidate. If you believe you can clearly demonstrate
your abilities to meet the criteria given above, please log in to our
Recruitment portal and submit your application with a detailed CV.
To be considered your
application must be received by Friday, 28th October
2022.
Qualified candidates with
disability are encouraged to apply.
Only short-listed
candidates will be contacted.