Cyber Security Analyst

Job Purpose

The role holder is responsible for ensuring information systems developed and deployed meet the Bank's set cybersecurity policies, standards, and requirements as well as complying to applicable cybersecurity regulations and industry standards.

The role holder will ensure that security requirements are well captured and embedded in the SDLC process for all technology initiatives, secure coding practices are adhered to, and secure software and application configurations are maintained.

The specialist will carry out security testing across all technology stacks (mobile, web applications, APIs/ Microservices, code, web servers, containers, servers, databases, virtualization environments, network devices and connectivity) within assigned scrums and projects.

Responsibilities

·      Work with scrums and project teams to ensure that security requirements are adequately captured during requirements analysis phase.

·      Provide input into the secure design of information systems architecture during the project lifecycle.

·      Ensure that access to the Bank's systems during the project lifecycle by staff, contractors and vendors is secure and based on least privilege principle.

·      Enforce the implementation and adoption of the Bank's minimum security baseline standards across all technologies in use.

·      Facilitate the identification of security vulnerabilities through performing or coordinating security assessments or vulnerability assessment and penetration testing (VAPT).

·      Ensure security tools and checks are running as expected within all pipelines, review security reports from them.

·      Report any scrums & projects security gaps identified and follow up for closure as per the Bank's standards and procedures.

·      Identify any security violations and incidents during the project lifecycle and coordinate the response process.

·      Ensure effective integration of the Bank's security tools to protect, detect, and respond to any attempted intrusions prior to and during project go live.

·      Work together with scrums & projects units to ensure that user access matrices are well defined and in line with defined roles and responsibilities.

·      Participate in deployment sessions and perform post implementation review (PIR) to ensure that security configurations are done and gaps noted in testing do not permeate into production.

·      Embed the bank's cybersecurity awareness program during the project lifecycle, targeting secure coding training.

·      Provide scheduled security reports to the cybersecurity project lead, project team and steering committee on progress of security workstream activities.

Skills and Experience

·      Bachelor's degree in computer science, IT, or other STEM related Degree.

·      Master's degree in information security, Cyber Security or Related Fields will be an added advantage.

·      Information security certification in either of the following CISA/ CISM/ CISSP/CRISC/Security+; as well as testing certifications such as CSSLP/CEH/OSCP/ CPT/ GPEN/ GWAPT/eWPT/eJPT.

· years' experience in technology.

· years' experience in information security.

· years' experience in Application Security, within Secure SDLC and DevSecOps environments.

·      Comprehensive technical expertise in a variety of DevSecOps toolkits, including Ansible, Jenkins, Gitlab, Azure DevOps, Trivy, SonarQube, Terraform, Git/Version Control Software, or comparable technologies.

·      Familiarity with information security frameworks and standards such as PCI-DSS, ISO 27001, SABSA etc.

·      Familiarity with API Security, Container Security, Cloud Security

·      Experience in Project Implementation and user training.

·      Ability to multi-task, respond well to pressure and deadlines, influence others, work well individually and in a team environment.

·      Strong verbal and written communication skills.

·      Strong analytical and problem-solving skills, and the ability to work collaboratively with cross-functional teams.

Location: Nairobi

Terms
: Full Time, On site; Contract duration: 1 Year with possibility of extension

Please share your cv to:

Emai
l:

Subject
: Prefix the subject matter as –
Cyber Security Analyst (DevSecOps)

Format:
PDF ONLY (Any other format will be automatically disqualified)

Resume:
If sending via email, ensure your resume is clearly saved with your full names correctly indicated e.g. John Smith Cv not "Latest Cv" as this will lead to automatic disqualification

Deadline:
21
st
/ October /2025

N/B:
For this position, kindly
only
apply if your profile matches the above criteria and note the job is contract based