Application Security Testing specialist at Equity Bank Kenya

Job Purpose: 

The role holder will be responsible for performing application, API, and overall vulnerability management for all Group applications. In addition, collaboration will be required with pre-deployment application testing team to ensure that issues are identified and remediated in a timely manner.

Key responsibilities

• Perform application vulnerability assessments including regular scanning and penetration testing activities in terms of post deployment security testing on Web based, APIs, Mobile, Cloud application, Robotics, IOT etc
• Performing cyber vulnerability assessment across the Enterprise and maintain vulnerability tracker.
• Develop risk-based vulnerability assessment plan.
• Conduct comprehensive post penetration test of web-based application, mobile application, network infrastructure, databases, ICT servers to assess the effectiveness of the cybersecurity framework implemented.
• Maintaining proactive approach to cyber security risk and vulnerability assessment through market intelligence, continuous engagement with stakeholders to understand business dynamics.
• Assessing threats and vulnerabilities regarding information assets and recommend appropriate security controls.
• Identifying cyber threats, evaluating controls and make recommendations to improve internal controls and operational effectiveness and efficiency.
• Monitoring the banks compliance to InfoSec security policies, standards, guidelines and procedures.
• Engage stakeholders in the remediation of vulnerabilities identified by both internal and external parties.
• Ensure that application security is an embedded and critical part of the software delivery lifecycle (including during the early stages of projects) regardless of delivery methodology and tool sets used (e.g., static code analysis).
• Train and educate developers and teams in secure coding techniques including use of supporting toolsets and enable them to self-service.
• Perform application vulnerability assessments including regular scanning and penetration testing activities in terms of post deployment security testing on Web based, Mobile, Cloud application, Robotics, IOT etc.
• Perform secure code review across a variety of programming languages.
• Develop functional security testing scripts and procedures and identify opportunities to automate security testing and processes.
• Identify inherent vulnerabilities and information security risks within systems and applications.
• Proactively follow up on vulnerability remediation for all assessments performed.

 Qualifications
 
Knowledge and Experience

• Bachelor’s degree in information technology, Information Security/Assurance, Engineering, or similar area of study
• At least 2 years’ experience in vulnerability management and penetration testing (application and API testing).
• Certifications such as CEH. Any other related certifications will be an added advantage.
• Cloud experience will be an added advantage.
• In-depth knowledge of security concepts such as cyber-attacks and techniques, threat vectors, risk management, incident management etc.
• Expertise with industry standard frameworks (ISO, NIST, PCI)
• Excellent communication and presentation skills, both verbal and in writing and an ability to build a network and to collaborate with various teams.

Key Critical Competencies

• Good Analytical skills, Problem solving and Interpersonal skills.
• Deep knowledge of Bank’s infrastructure, networks, and systems.
• Proficient in preparation of reports, dashboards, and documentation.
• Ability to handle high pressure situations with key stakeholders.