Applications Security Personnel at First Bank

Job Identification: 105

Job Objective(s)

• Perform Security Assessment, Vulnerability Assessment, threat Analysis/modelling & Risk Assessment on the bank's application (APIs, Mobile, Web Application, Containers) before and after deployment to production.
• Work with other relevant units or departments to develop standards and guidelines to guide the use and acquisition of software and to protect vulnerable information.

Duties & Responsibilities

• Participate in the creation of enterprise security policies, standards, baselines, guidelines & procedures.
• Offering training to Application Developers to become Application Security Experts
• Review code for security vulnerabilities and practices dangerous to security and privacy.
• Write custom rules on automated source code scanning tools
• Build security into infrastructure and architecture designs and guide the implementation with the operations team    
• Create and deliver knowledge sharing presentations and documentation to developers and operations teams
• Working with developers to refine security checkpoints in the SDLC based on best practice and other industry-accepted doctrine such as NIST SP 800-115 and ISO security standards.
• Developing secure coding standards that are based on industry-accepted best practices such as OWASP Guide, SANS CWE Top 25, or CERT Secure Coding to address common coding vulnerabilities.
• Identifying and using tools to perform source code security analyses to identify vulnerabilities and attack vectors in web applications.
• Perform Security Assessment, Vulnerability Assessment, threat Analysis/modelling & Risk Assessment on the bank's application (APIs, Mobile, Web Application, Containers) before and after deployment to production
• Working alongside the Cyber Security Analyst to scope and refine web application penetration testing methods.
• Obtaining and reviewing all required artefacts as part of approval analyses at security checkpoint phases in the development cycle.
• Support Head of IT Security in tracking and managing inventory of applications across the organization, gathering and analysing relational data between business systems
• Assisting in periodic security risk assessments, IT security audits and assessments, and management reporting.
• Supporting changes to information security policies, procedures and standards as part of a continuous improvement model.
• Managing/Optimisation the Web Application Firewall, API Security Gateway, Data Masking tool, Load Balancer and Database Activity Monitoring
• Learn on the job and explore new technologies with little supervision
• Write reports including recommendations, root cause analysis, security summary analysis, and project roadmap
• Perform scheduled and adhoc security and compliance reporting
• Support Security Monitoring team to define and maintain security awareness program
• Perform other duties as may be assigned by the Unit Head, Infrastructure Security  or the Head, Information Security Operations Department
• Comply with the principles and policies in the information security hand book

Job Requirements
Education:

• Minimum Education: First Degree in Computer Science / Engineering, Systems Engineering or with strong Information Security component

Experience:

• Minimum experience -  3 years Security Engineering experience.