Reporting to: Manager- Cyber Defence

Duty station: Head Office

Reporting to the Manager- Cyber Defense, the IT Security Specialist- Applications is responsible for ensuring the security and integrity of software applications by implementing, monitoring, and managing security measures to protect against vulnerabilities, threats, and unauthorized access.

KEY ACCOUNTABILITIES:

• • Conduct vulnerability assessments and penetration testing on applications.
  • Identify and remediate security weaknesses in application designs, code, and configurations. This is for both new implementations and for those undergoing changes.
  • Collaborate with developers to integrate security into the Software Development Life Cycle (SDLC).
  • Promote secure coding practices, such as input validation, encryption, and authentication mechanisms.
  • Investigate and respond to application security incidents, such as breaches or malware infections.
  • Perform root cause analysis and recommend preventative measures.
  • Ensure applications comply with security standards (e.g., OWASP Top 10, ISO 27001, or PCI-DSS).
  • Develop and enforce application security policies and guidelines.
  • Deploy and manage tools like Web Application Firewalls (WAFs), Static and Dynamic Application Security Testing (SAST/DAST) tools, and runtime protection tools.
  • Continuously monitor application activity for anomalies or suspicious behaviour.
  • Educate developers and stakeholders on application security risks and best practices.
  • Conduct workshops or create resources to build a security-first mindset within development teams.
  • Work with cross-functional teams, including developers, DevOps, and BT teams, to address security issues.
  • Communicate risks and solutions to both technical and non-technical stakeholders.
  • Stay updated on emerging application security threats and technologies.
  • Recommend and implement improvements to enhance application security posture.

KNOWLEDGE, SKILLS, AND EXPERIENCE REQUIRED:

• • A minimum qualification of a Bachelor’s degree in Computer Science, Information Technology, or a related numerical Sciences degree.
  • A Master’s degree specializing in Digital Security is an added advantage
  • Professional information and cyber security certifications in relevant technologies such as Cisco, Microsoft, Unix / Linux will be an added advantage.
  • At least one information security certification e.g. CISSP, CISM, CEH, CCSP etc.
  • At least 5 years’ experience in systems / network administration role or information and cyber security role.
  • Work experience in the banking industry will be an added advantage.
  • Experience and qualifications in Ethical Hacking.
  • Working Knowledge of systems architecture and systems development.
  • Knowledge and experience in Applications penetrations testing.
  • Skills and training in internet applications design and security.
  • Experience with Web Application Firewalls Proficiency in security technologies such as firewalls, intrusion detection systems, and encryption.
  • Knowledge and Experience in Cyber Defense techniques and technologies.
  • Experience in UNIX and Windows server administration is an added advantage.
  • Technical skills in Unix and Windows and Python scripting skills.
  • Demonstrate experience in writing technical reports and management reports for stakeholders is a must.
  • Must possess above average problem-solving skills, organization skills, excellent and communication skills.
  • Considered an out of the box thinker and displays a willingness to learn.
  • Ability to maintain robust stakeholder engagements, a strong work ethic, and is a team player with the ability to work well independently.
  • Experience with security frameworks and regulations such as PCI-DSS & ISO 27001.
  • Ability to respond immediately to security incidents and provide post incident analysis.
  • Ability to perform security systems testing both in-house and external systems before production deployment.
  • The ability to educate employees on security best practices and promote a culture of security awareness.
  • Advanced Business Architectural & IT Security skills.
  • Analytical Thinking & Inductive Reasoning.
  • Planning and Organization.
  • Strategic Perspective – Establish priorities, challenging goals and measurements consistent with these goals and organizational vision.
  • Critical Judgement and Decision-Making – Define issues and focus on achieving workable solutions to obstacles.
  • Good Communicator – Presents ideas effectively, clearly and concisely both orally and in writing.
  • Leadership and Interpersonal Skills – Create a culture of continuous development and ownership with self and the team.
  • Inspire Commitment –Actions and behaviors are consistent with words.
  • Self-Development – Pursues positive change in self and organization.
  • Drives own personal development plan.