Job Location :Head Office, Hq
Job Purpose:
To plan, organize, and deliver cost-effective and efficient IT security controls within developed and acquired systems within the bank.
Main Responsibilities:
- Support the secure application development strategy and roadmap of the bank by ensuring applications are securely designed and developed.
- Support implementation of application security governance by defining, developing, implementing, and maintaining required policies, procedures, standards, and guidelines
- Establish and develop security requirements and designs for all developed and acquired systems.
- Provide security assurance of all applications implemented by validating the implementation of security designs, conducting manual applications code reviews and security assessments to eliminate security vulnerabilities.
- Assist the development team and system vendors in reproducing, triaging, and addressing application security vulnerabilities.
- Conduct periodic security assessments and review of implemented systems to ensure their continued compliance with security standards.
- Establish, maintain, and implement optimal security configurations of all databases, middleware, and applications.
- Conduct research and make recommendations on systems security solutions, services, protocols, standards, and best practices in support of systems security continuous improvements.
- Prepare and maintain systems security documentation including security architecture and designs of systems and applications.
- Implement security improvements by continuously assessing the implemented controls, evaluating security risks, and anticipating requirements.
Knowledge and Skills:
- Knowledge of modern software development trends as well as understanding of software security practices.
- Knowledge of systems security standards and baselines in operating systems, databases, middleware, and applications; Hands-on experience in implementing applications in wide range of Operating Systems is mandatory.
- Knowledge in the best practices of secure mobile application development.
- Experience identifying security issues through manual code review in Java, PHP, JavaScript, Typescript, and other programming languages.
- Hands-on experience in common security libraries and tools (e.g., static and dynamic application security testing tools, proxying / penetration testing tools)
- A basic understanding of network and web related protocols (such as TCP/IP, UDP, HTTP, HTTPS).
- Familiarity with security standards such as OWASP Testing Guide, OWASP ASVS and NIST Security Standards.
- Good interpersonal, written, and oral communication skills in English and Swahili.
- Demonstrable honesty, integrity, and credibility; ability to engender the trust and confidence of internal constituency and external partners.
- Ability to communicate complex security concepts in an easy-to-understand business language.
Qualifications and Experience:
- At least a bachelor’s degree in Computer Science or related academic field.
- Professional certifications such as CEH, CISA, CISSP, OSCP, GPEN will be an added advantage.
- At least 2 years of relevant work experience.
- Experience in scripting and automation using PowerShell and Bash/Shell Scripting.
- Solid hands-on experience in Computer Programming in either Java, PHP or Python is mandatory.
NMB Bank Plc is committed to creating a diverse environment and is proud to be an equal opportunity employer
Job closing date : 28-Mar-2023
