Application Security Specialist at KCB Bank Kenya

KEY RESPONSIBILITIES

• Define, document, and implement software security policy, secure coding practices, and guidelines in line with industry best practices and regulatory requirements.
• Develop and maintain a software security assurance framework to guide security and risk assessments of applications and provide security requirements for developers and third parties.
• Ensure Information Security involvement in all software and application implementation projects to meet security requirements before production deployment.
• Collaborate with Enterprise Architecture and Business Services teams to improve application security and integrate security controls in DevOps tools.
• Conduct regular training on secure coding, software security, and application security practices for development and technology teams.
• Continuously monitor and defend critical applications, such as core banking and digital channels, against cybersecurity threats and report on security measures taken.
• Integrate and maintain security tools, such as SAST and DAST, within the Software Development Life Cycle (SDLC) and CI/CD pipelines.
• Perform risk assessments for business solutions, identify inherent security risks, and provide recommendations to mitigate them.
• Generate and deliver software/application security compliance reports and relevant metrics to Senior Management.
• Protect the bank’s applications and systems by defining access privileges and implementing security control structures.

MINIMUM POSITION QUALIFICATION REQUIREMENTS

Academic & Professional

Education

• Bachelor’s Degree in BSc. Information Technology, Computer Science, Telecommunications, Engineering (Electrical, Electronic, or equivalent) (RQ)
• Master’s Degree in MBA/MSc (AA)

Professional Qualifications

• At least one Information Security certification is required:
  • CDP: Certified DevSecOps Professional
  • CEH: Certified Ethical Hacker
  • CSSLP: Certified Secure Software Lifecycle Professional
  • CISM: Certified Information Security Manager
  • CISA: Certified Information Systems Auditor
  • CISSP: Certified Information Systems Security Professional
• More than one certification is an added advantage (AA)

Experience

• Total Minimum Years of Experience Required – 5 years (ES)
  • Experience in Information Security – 2 years (ES)
  • Strong Application Security knowledge, Secure SDLC, and DevSecOps – 1 year (ES)
  • Experience in Banking Operations – 1 year (ES)
  • Experience in software development or scripting – 1 year (DE)
  • Experience in Project Implementation and user training – 1 year (DE)