Information Security Analyst at Development Bank of Rwanda (BRD): (Deadline 19 July 2024)

Background Information

Job Title:  Information Security Analyst

Job Grade: 6

Department: CEO’s Office

Reports to: Senior Manager Information Security and Risk

Contract Terms: Open-ended

Purpose of the Job:

The Information Security Analyst Job function will more into performing penetration tests, manual and automated vulnerability assessment scans on applications and IT infrastructure, risk assessments and code reviews. S/he will also be responsible for implementing remediation of the identified vulnerabilities in applications and supporting infrastructure. will conduct research on threats and attack vectors that impact web applications, bank’s IT infrastructure and mobile applications.

Key Responsibilities:

• Provide security guidance to the application development team on various areas including secure coding techniques, process and tools, security testing support and release.
• Drive and perform application security training, requirements & standards, static & dynamic security testing
• Lead the application security design reviews for new applications to be developed and services.
• Providing DevOps security solution integration with various security test tools
• Conduct effective vulnerability management through VAPTs for all bank’s applications whether newly acquired and existing to ensure vulnerabilities are timely detected and managed.
• Perform source-code reviews and threat modelling the SDLC of the applications
• Assessing application security solutions proof of value through conducting proof of concept
• Participate in the architecture of mobile and web applications including interface and database design, process and API flows, networking, cloud infrastructure, protocol communication, security and appropriate technology use.
• Support the operationalization of the Security Operation Center (SOC) and implementation of ISO 27001:2022 ISMS
• Simulating an attack on the system and IT infrastructure to find exploitable weaknesses
• Establish and manage relations with vendors and related equipment suppliers
• Develop and communicate the Security Service catalogue
• Administer network and system monitoring tools and report attempted attacks to inform recommendations on further mitigation measures
• Perform detailed analysis of incidents and implement recommended mitigation
• Conduct monitoring controls on the Applications and Databases to ensure access management is based on the least privilege principle.
• Perform security reviews for access management of core banking and applications hosted on cloud
• Develop and review policies and procedures for applications/software development

Performance Indicators

• Advanced knowledge in using VAPT tools like Kali Linux tools and other Web Vulnerability and security scanning tools
• Experience working with Web Applications, Web Services, and Service Oriented Architectures
• Experience with multiple programming languages (such as, Java, C++, Ruby, Python, Perl, etc.)
• Familiarity with the OWASP framework and application security best practices
• Strong understanding of SDLC principles.
• Strong analytical, documentation, and interpersonal skills
• Knowledge of encryption technologies (web, database, and file).
• Knowledge of identity and access management and its application in an enterprise
• Understanding of information security risks in financial services.

Professional, academic qualifications and experience

• Bachelor’s degree in computer science, computer engineering, information systems or any other relevant degree.
• Master’s degree in information security field is an added value
• Information security certifications is an added advantage like ISO Lead Implementer, Lead Auditor, CEH or any other related professional recognized certifications
• At least 1 years of experience in conducting VAPT

Other Competencies

• Good communication & analytical skills
• Good time management & team player
• High level of ownership of the assignments
• Flexible to work under changing environment