| JOB NAME |
Information Security Analyst [Kigali, Rwanda]
POSTED BY: Development Bank of Rwanda
REF:DBR 2001
Date Published:Wednesday, July 10, 2024
Date of Expiration:Monday, January 6, 2025
RECOMMEND THIS JOB ON FACEBOOK
|
|
|
| LOCATION OF THIS JOB |
 Rwanda | KIGALI in Rwanda |
| INDUSTRY |
| DEVELOPMENT FINANCE INSTITUTIONS
|
| JOB TYPE |
| Full-Time |
| MAIN JOB DESCRIPTION |
BACKGROUND INFORMATION
Job Grade: 6
Department: CEO’s Office
Reports to: Senior Manager Information Security and Risk
Contract Terms: Open-ended
Date Posted Friday 5th July 2024
Deadline for application: 19th July 2024
PURPOSE OF THE JOB
1. The Information Security Analyst Job function will more into performing penetration tests, manual and automated vulnerability assessment scans on applications and IT infrastructure, risk assessments and code reviews.
2. S/he will also be responsible for implementing remediation of the identified vulnerabilities in applications and supporting infrastructure. will conduct research on threats and attack vectors that impact web applications, bank’s IT infrastructure and mobile applications.
KEY RESPONSIBILITIES:
1. Provide security guidance to the application development team on various areas including secure coding techniques, process and tools, security testing support and release.
2. Drive and perform application security training, requirements & standards, static & dynamic security testing
3. Lead the application security design reviews for new applications to be developed and services.
4. Providing DevOps security solution integration with various security test tools
5. Conduct effective vulnerability management through VAPTs for all bank’s applications whether newly acquired and existing to ensure vulnerabilities are timely detected and managed.
6. Perform source-code reviews and threat modelling the SDLC of the applications
7. Assessing application security solutions proof of value through conducting proof of concept
8. Participate in the architecture of mobile and web applications including interface and database design, process and API flows, networking, cloud infrastructure, protocol communication, security and appropriate technology use.
9. Support the operationalization of the Security Operation Center (SOC) and implementation of ISO 27001:2022 ISMS
10. Simulating an attack on the system and IT infrastructure to find exploitable weaknesses
11. Establish and manage relations with vendors and related equipment suppliers
12. Develop and communicate the Security Service catalogue
13. Administer network and system monitoring tools and report attempted attacks to inform recommendations on further mitigation measures
14. Perform detailed analysis of incidents and implement recommended mitigation
15. Conduct monitoring controls on the Applications and Databases to ensure access management is based on the least privilege principle.
16. Perform security reviews for access management of core banking and applications hosted on cloud
17. Develop and review policies and procedures for applications/software development
Performance Indicators
1. Advanced knowledge in using VAPT tools like Kali Linux tools and other Web Vulnerability and security scanning tools
2. Experience working with Web Applications, Web Services, and Service Oriented Architectures
3. Experience with multiple programming languages (such as, Java, C++, Ruby, Python, Perl,
etc.)
4. Familiarity with the OWASP framework and application security best practices
5. Strong understanding of SDLC principles.
6. Strong analytical, documentation, and interpersonal skills
7. Knowledge of encryption technologies (web, database, and file).
8. Knowledge of identity and access management and its application in an enterprise
9. Understanding of information security risks in financial services.
|
| REQUIREMENTS FOR THIS JOB |
PROFESSIONAL, ACADEMIC QUALIFICATIONS AND EXPERIENCE
1. Bachelor’s degree in computer science, computer engineering, information systems or any other relevant degree.
2. Master’s degree in information security field is an added value
3. Information security certifications is an added advantage like ISO Lead Implementer, Lead Auditor, CEH or any other related professional recognized certifications
4. At least 1 years of experience in conducting VAPT
Other Competencies
1. Good communication & analytical skills
2. Good time management & team player
3. High level of ownership of the assignments
4. Flexible to work under changing environment
Application Guidelines:
Interested candidate should apply online (https://www.brd.rw/careers/ ) and upload application documents including Curriculum Vitae, copies of degree certificates and professional certificates, motivation letter, names of three previous supervisors (as one document) as well as their emails and telephone. Please be informed that you will receive a notification pop up message after successfully uploading your application.
Only online applications shall be considered.
Email only for inquiries (not application): recruitment@brd.rw
Address all applications to the Head, Human Capital, and Corporate Services of the Development Bank of Rwanda.
Deadline for application: 19th July 2024
The employment package is highly competitive/attractive.
Due to expected high volume of applications, ONLY shortlisted applicants will be contacted.
Done in Kigali, Friday 5th July 2024
|
|
English 
FRENCH
