Offered Salary 0
Career Level Manager
Experience 3 Years
Qualifications Degree Bachelor
Job Title: Applications Security Officer
Department: Information Security
To handle all application security issues as a result of increased use of both internal and externally developed applications within the Bank and the rising threats to applications.
Duties and Responsibilities
1. Cyber and Information Security Management Framework
– Support the implementation and enforcement of secure design principles according to information security policies, standards, and patterns.
– Support the deployment of application and database security baselines
– Implement, test, and operate advanced software security techniques in compliance with the technical reference architecture.
– Complement the Maintenance and update policies and technical documentation in relation to applications.
2. Risk Assessment and Vulnerability Management
– Complement the application security risk and vulnerability assessment on projects prior to project kick start.
– Perform prospective merchant integration application security review for PCI DSS and track progress of remediations
3. Application Development
– Conduct web application security scans, analyze results for false positives, prioritize vulnerabilities, and research and propose remediation steps.
– Implement API security
4. Application Testing
– Troubleshoot and debug application issues that arise Bank wide
– Conduct awareness sessions on secure coding for software developers
– Consult team members on secure coding practices
– Develop a familiarity with new tools and best practices
– Analyze application logs and audit trails for suspicious activities.
– Perform proactive research to detect new attack vectors
5. Security Architecture and Designing
– Maintain the inventory architecture of all applications within the organization.
– Work with security product vendors and service providers to evaluate security offerings, including product evaluations, proof of concept, and pilot installations.
– Advocate for security requirements during all phases of the SDLC.
6. Information Security Incident Management
– Support incident response when a security event occurs.
– Issue reports on assigned applications and system scans.
7. Information Security Projects
– Support the implementation of DevOps within the Bank.
– Support application integrations in the PIM deployment project.
– Support the implementation of automated platform for the secure software development process.
– Participate in preparatory activities for the ISO27001 surveillance audit.
– Participate and provide software security guidance in the SOC project
– Participate in PCI DSS re-certification activities.
– Participate in the Azure Information Protection (AIP) implementation project.
– Support the social media security process (applications based on social media)
Qualification and Experience
· Bachelor’s degree in Computer Science/Engineering, Information Technology, Electrical Eng., or a related field of study. A Master’s degree is an advantage.
· Minimum professional certificate of CEH, CISM, CRISC or CISA.
· Knowledge of information security standards such as ISO 27001, IS0 27035, and PCI-DSS.
· Background in application development.
· 3+ years’ experience in application development.
· Knowledge of information security standards/frameworks such as ISO 27001, OWASP, and CIS.
· Industry certification on any systems or network infrastructure required e.g. MCITP/CCNA, etc.
Skills, Capabilities & Attributes
· Knowledge of Information security and risk management frameworks/best practices.
· Experience with Programming and implementation of technical controls.
· Knowledge in IT Service Management (ITIL)
· Knowledge of Cyber and Information Security standards such as NIST, ISO 27001, PCI-DSS, etc
· Knowledge of network and security devices and platforms, including firewalls.
· Good understanding of security solutions and how they fit together to address business risk
· Working experience with performing security assessments and network vulnerability assessments
· Basic knowledge of IT regulatory and compliance requirements