ROLE PURPOSE\u00a0 \u00a0<\/p>\n
The Cyber Security Analyst (DevSecOps) is responsible for supporting the Bank\u2019s cybersecurity strategy by embedding security controls across the software development lifecycle and technology implementation processes.<\/p>\n
The role holder will work closely with scrum teams, developers, infrastructure teams, and project stakeholders to confirm that systems developed and deployed comply with the Bank\u2019s cybersecurity policies, regulatory requirements, and industry standards.<\/p>\n
The role is responsible for supporting secure coding practices, application security testing, vulnerability management, and secure configuration management across technology environments including mobile applications, web applications, APIs, microservices, servers, databases, cloud infrastructure, containers, and network environments.<\/p>\n
DUTIES AND RESPONSIBILITIES\u00a0\u00a0\u00a0<\/p>\n
Secure SDLC and Security Architecture<\/p>\n
\tWork with scrum and project teams to confirm that security requirements are adequately captured during the requirements analysis phase.
\n\tProvide input into secure architecture and solution design throughout the project lifecycle.
\n\tSupport the implementation of secure software development lifecycle practices across all technology initiatives.
\n\tPromote secure coding standards and application security best practices within development teams.
\n\tEmbed cybersecurity awareness initiatives during project implementation with a focus on secure coding practices.<\/p>\n
Vulnerability Management and Security Testing<\/p>\n
\tConduct and coordinate vulnerability assessments and penetration testing activities across applications, APIs, infrastructure, databases, cloud environments, containers, and related technologies.
\n\tReview reports generated from DevSecOps security tools and support remediation activities.
\n\tMonitor security checks within deployment pipelines and confirm that security tools are functioning effectively.
\n\tIdentify, document, and follow up on security vulnerabilities and project related security gaps through to closure.
\n\tParticipate in deployment sessions and post implementation reviews to confirm that security configurations are implemented appropriately.<\/p>\n
Security Compliance and Access Management<\/p>\n
\tSupport secure access management during the project lifecycle in line with the principle of least privilege.
\n\tWork with project teams to define and review user access matrices aligned to approved roles and responsibilities.
\n\tSupport compliance with cybersecurity frameworks and standards including PCI DSS, ISO 27001, and SABSA.
\n\tFacilitate implementation of the Bank\u2019s minimum security baseline standards across all technologies.
\n\tSupport integration of security controls and tools to strengthen threat detection, prevention, and incident response capabilities.<\/p>\n
Security Operations and Reporting<\/p>\n
\tIdentify security incidents and policy violations during project implementation and coordinate response activities.
\n\tProvide scheduled security updates and reports to the Cybersecurity Project Lead, project teams, and steering committees.
\n\tSupport project implementation activities and end user security awareness initiatives.
\n\tCollaborate with internal and external stakeholders to strengthen security controls and operational resilience.<\/p>\n
MEASURABLE OUTCOME<\/p>\n
\tMaintain compliance with internal cybersecurity standards and regulatory requirements across assigned projects.
\n\tAchieve timely identification and remediation of security vulnerabilities and configuration gaps.
\n\tMaintain secure and effective DevSecOps pipeline controls across technology initiatives.
\n\tReduce security incidents and vulnerabilities introduced during system development and deployment.
\n\tMaintain effective reporting and closure of identified security risks and gaps.
\n\tSupport successful implementation of secure technology projects within approved timelines and standards.<\/p>\n
KEY COMPETENCIES<\/p>\n
\tCybersecurity Risk Management
\n\tSecurity Monitoring and Incident Response
\n\tStakeholder Collaboration and Communication
\n\tProblem Solving and Analytical Thinking
\n\tAttention to Detail and Technical Accuracy
\n\tProject Coordination and Reporting<\/p>\n
Requirements<\/p>\n
QUALIFICATIONS & EXPERIENCE<\/p>\n
\tBachelor\u2019s degree in Computer Science, Information Technology, Cybersecurity, or any other STEM related discipline.
\n\tMaster\u2019s degree in Information Security, Cybersecurity, or a related field will be an added advantage.
\n\tProfessional certifications such as CISA, CISM, CISSP, CRISC, Security+, CSSLP, CEH, OSCP, CPT, GPEN, GWAPT, EWPT, or EJPT will be an added advantage.
\n\tMinimum of 3 years\u2019 experience in technology related roles.
\n\tAt least 1 year of experience within information security environments.
\n\tAt least 1 year of experience in Application Security, Secure SDLC, or DevSecOps environments.
\n\tExperience working with DevSecOps and automation tools such as Ansible, Jenkins, GitLab, Azure DevOps, Trivy, SonarQube, Terraform, Git, or similar technologies.
\n\tFamiliarity with API Security, Container Security, and Cloud Security environments.
\n\tExperience supporting technology implementation projects and user training initiatives<\/p>\n
go to method of application \u00bb<\/p>\n
Use the link(s) below to apply on company website. \u00a0<\/p>\n
Apply Through:<\/p>\n","protected":false},"author":2,"featured_media":0,"template":"","meta":{"_promoted":"","_job_location":"","_application":"","_company_name":"Stratostaff","_company_website":"http:\/\/www.stratostaff.co.ke","_company_tagline":"At Stratostaff we design, implement and manage workforce solutions for large, specialized or routine staff complements giving you the opportunity to focus on your core business.","_company_twitter":"","_company_video":"","_filled":0,"_featured":0,"_remote_position":0,"_job_salary":"","_job_salary_currency":"","_job_salary_unit":""},"job_listing_region":[692],"job-categories":[704,693,700,702],"job-types":[687],"class_list":{"0":"post-95899","1":"job_listing","2":"type-job_listing","3":"status-publish","4":"hentry","5":"job_listing_region-nairobi","7":"job-type-full-time"},"jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/jobs.dataaxisnode.com\/kenya\/wp-json\/wp\/v2\/job-listings\/95899","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/jobs.dataaxisnode.com\/kenya\/wp-json\/wp\/v2\/job-listings"}],"about":[{"href":"https:\/\/jobs.dataaxisnode.com\/kenya\/wp-json\/wp\/v2\/types\/job_listing"}],"author":[{"embeddable":true,"href":"https:\/\/jobs.dataaxisnode.com\/kenya\/wp-json\/wp\/v2\/users\/2"}],"wp:attachment":[{"href":"https:\/\/jobs.dataaxisnode.com\/kenya\/wp-json\/wp\/v2\/media?parent=95899"}],"wp:term":[{"taxonomy":"job_listing_region","embeddable":true,"href":"https:\/\/jobs.dataaxisnode.com\/kenya\/wp-json\/wp\/v2\/job_listing_region?post=95899"},{"taxonomy":"job_listing_category","embeddable":true,"href":"https:\/\/jobs.dataaxisnode.com\/kenya\/wp-json\/wp\/v2\/job-categories?post=95899"},{"taxonomy":"job_listing_type","embeddable":true,"href":"https:\/\/jobs.dataaxisnode.com\/kenya\/wp-json\/wp\/v2\/job-types?post=95899"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}