Log In
Sign Up
The role holder will be responsible for performing application, API, and overall vulnerability management for all Group applications. In addition, collaboration will be required with pre-deployment application testing team to ensure that issues are identified and remediated in a timely manner.
Key responsibilities
Perform application vulnerability assessments including regular scanning and penetration testing activities in terms of post deployment security testing on Web based, APIs, Mobile, Cloud application, Robotics, IOT etc
Performing cyber vulnerability assessment across the Enterprise and maintain vulnerability tracker
Develop risk based vulnerability assessment plan
Conduct comprehensive post penetration test of web based application, mobile application, network infrastructure, databases, ICT servers to assess the effectiveness of the cybersecurity framework implemented
Maintaining proactive approach to cyber security risk and vulnerability assessment through market intelligence, continuous engagement with stakeholders to understand business dynamics
Assessing threats and vulnerabilities regarding information assets and recommend appropriate security controls
Identifying cyber threats, evaluating controls and make recommendations to improve internal controls and operational effectiveness and efficiency
Monitoring the banks compliance to InfoSec security policies, standards, guidelines and procedures
Engage stakeholders in the remediation of vulnerabilities identified by both internal and external parties
Ensure that application security is an embedded and critical part of the software delivery lifecycle (including during the early stages of projects) regardless of delivery methodology and tool sets used (e.g. static code analysis)
Train and educate developers and teams in secure coding techniques including use of supporting toolsets and enable them to self service
Perform application vulnerability assessments including regular scanning and penetration testing activities in terms of post deployment security testing on Web based, Mobile, Cloud application, Robotics, IOT etc
Perform secure code review across a variety of programming languages
Develop functional security testing scripts and procedures and identify opportunities to automate security testing and processes
Identify inherent vulnerabilities and information security risks within systems and applications
Proactively follow up on vulnerability remediation for all assessments performed.
Qualifications
Knowledge and Experience:
Bachelor’s Degree in Information Technology, Information Security/Assurance, Engineering or similar area of study
At least 2 years’ experience in vulnerability management and penetration testing (application and API testing).
Certifications such as CEH. Any other related certifications will be an added advantage
Cloud experience will be an added advantage.
In-depth knowledge of security concepts such as cyber-attacks and techniques, threat vectors, risk management, incident management etc.
Expertise with industry standard frameworks (ISO, NIST, PCI)
Excellent communication and presentation skills, both verbal and in writing and an ability to build a network and to collaborate with various teams.
