Want to get a job fast?
Signup and complete your profile on MyJobMag. Employers will find you 4x faster with a complete profile. You can download your completed profile anytime Signup Now
First Bank of Nigeria Limited (FirstBank) is Nigeria’s largest financial services institution by total assets and gross earnings. With more than 10 million customer accounts, FirstBank has over 750 branches providing a comprehensive range of retail and corporate financial services. The Bank has international presence through its subsidiaries, FBN Bank ...
Read more about this company
To identify security loopholes and vulnerabilities within the banks information systems.The Vulnerability Senior Analyst will provide input to the Enterprise Vulnerability Management (EVM) strategic direction and to have a focused leadership role on one or more EVM tools.
This role is responsible for implementing and managing enterprise vulnerability tools and processes to reduce technical risks due to vulnerabilities. This includes identifying and evaluating vulnerabilities and remediation activities for the Bank and entire subsidaries IT asserts.
Duties & Responsibilities
Conduct regular reviews of Banks network using manual/automated means to ensure that configurations meet best security practices.
Coordinate and Provide input to the development and implementation of Enterprise Vulnerability Management strategy and processes. This includes penetration testing strategy.
Ownership of critical EVM vulnerability scanning applications such as tools to scan/evaluate cloud and container infrastructures; infrastructure, operational technology and other devices on the network.
Interpretation, prioritization, and communication of scanning results to key business partners
Execution of emergency (e.g. zero day) vulnerability management process including research, coordination of response, and escalation/communication to senior leadership
Primary IT and Business contact for vulnerability related questions, concerns, and support
Drive situational awareness to all staff and other stakeholders based on risk identification
Conduct payment card data discovery scans to ensure security of Card Holder data
Conduct internal and external Penetration tests on the Bank’s information systems and make recommendations to critical findings
Engage with vendors and third parties on the identification and remediation of vulnerabilities
review the security of critical systems (e.g., e-mail servers, Active Directory, applications databases etc.) and changes to sensitive security controls to ensure appropriate security balance and strength across the Bank.
Provide insight on Security defense and hardening practices
Research and keep up-to-date with hacking/defense techniques, exploits and countermeasures
Analyze and evaluate vulnerabilities for exploitability and relevance.
Engage with stakeholders on timelines for closure of vulnerabilities and advise on appropriateness
Comply with the principles and policies in the information security hand book
Minimum Education: First Degree in Computer Science/Engineering, Higher Degrees/Professional Certificates
Minimum experience – Working knowledge of PCI DSS
Working knowledge of ISO 27001
Knowledge of the Security tools such as Qualys, Burp Suite, etc
Good Knowledge of Penetration testing tools.
Good knowledge of MS Windows and Linux
Good understanding of Best Practices Security architecture.
Working knowledge of penetration testing.
Good knowledge of network protocols including UDP/TCP/IP
Professional level knowledge of Access control lists, NAT, routing and switching
Ability to review rule sets for firewalls
Good knowledge of firewalls, IDS and IPS
Good knowledge of network/application security and encryption models