Latest Recruitment at Stratostaff

ROLE PURPOSE   

The Cyber Security Analyst (DevSecOps) is responsible for supporting the Bank’s cybersecurity strategy by embedding security controls across the software development lifecycle and technology implementation processes.

The role holder will work closely with scrum teams, developers, infrastructure teams, and project stakeholders to confirm that systems developed and deployed comply with the Bank’s cybersecurity policies, regulatory requirements, and industry standards.

The role is responsible for supporting secure coding practices, application security testing, vulnerability management, and secure configuration management across technology environments including mobile applications, web applications, APIs, microservices, servers, databases, cloud infrastructure, containers, and network environments.

DUTIES AND RESPONSIBILITIES   

Secure SDLC and Security Architecture

• Work with scrum and project teams to confirm that security requirements are adequately captured during the requirements analysis phase.
• Provide input into secure architecture and solution design throughout the project lifecycle.
• Support the implementation of secure software development lifecycle practices across all technology initiatives.
• Promote secure coding standards and application security best practices within development teams.
• Embed cybersecurity awareness initiatives during project implementation with a focus on secure coding practices.

Vulnerability Management and Security Testing

• Conduct and coordinate vulnerability assessments and penetration testing activities across applications, APIs, infrastructure, databases, cloud environments, containers, and related technologies.
• Review reports generated from DevSecOps security tools and support remediation activities.
• Monitor security checks within deployment pipelines and confirm that security tools are functioning effectively.
• Identify, document, and follow up on security vulnerabilities and project related security gaps through to closure.
• Participate in deployment sessions and post implementation reviews to confirm that security configurations are implemented appropriately.

Security Compliance and Access Management

• Support secure access management during the project lifecycle in line with the principle of least privilege.
• Work with project teams to define and review user access matrices aligned to approved roles and responsibilities.
• Support compliance with cybersecurity frameworks and standards including PCI DSS, ISO 27001, and SABSA.
• Facilitate implementation of the Bank’s minimum security baseline standards across all technologies.
• Support integration of security controls and tools to strengthen threat detection, prevention, and incident response capabilities.

Security Operations and Reporting

• Identify security incidents and policy violations during project implementation and coordinate response activities.
• Provide scheduled security updates and reports to the Cybersecurity Project Lead, project teams, and steering committees.
• Support project implementation activities and end user security awareness initiatives.
• Collaborate with internal and external stakeholders to strengthen security controls and operational resilience.

MEASURABLE OUTCOME

• Maintain compliance with internal cybersecurity standards and regulatory requirements across assigned projects.
• Achieve timely identification and remediation of security vulnerabilities and configuration gaps.
• Maintain secure and effective DevSecOps pipeline controls across technology initiatives.
• Reduce security incidents and vulnerabilities introduced during system development and deployment.
• Maintain effective reporting and closure of identified security risks and gaps.
• Support successful implementation of secure technology projects within approved timelines and standards.

KEY COMPETENCIES

• Cybersecurity Risk Management
• Security Monitoring and Incident Response
• Stakeholder Collaboration and Communication
• Problem Solving and Analytical Thinking
• Attention to Detail and Technical Accuracy
• Project Coordination and Reporting

Requirements

QUALIFICATIONS & EXPERIENCE

• Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or any other STEM related discipline.
• Master’s degree in Information Security, Cybersecurity, or a related field will be an added advantage.
• Professional certifications such as CISA, CISM, CISSP, CRISC, Security+, CSSLP, CEH, OSCP, CPT, GPEN, GWAPT, EWPT, or EJPT will be an added advantage.
• Minimum of 3 years’ experience in technology related roles.
• At least 1 year of experience within information security environments.
• At least 1 year of experience in Application Security, Secure SDLC, or DevSecOps environments.
• Experience working with DevSecOps and automation tools such as Ansible, Jenkins, GitLab, Azure DevOps, Trivy, SonarQube, Terraform, Git, or similar technologies.
• Familiarity with API Security, Container Security, and Cloud Security environments.
• Experience supporting technology implementation projects and user training initiatives

go to method of application »

Job Description

• Monitor and adjust temperature settings on refrigeration units to maintain compliance with temperature guidelines.
• Safely transport temperature sensitive goods, ensuring the cargo remains within the specified temperature range during transit
• Ensure all deliveries are made on time and in full and in the right quality (quantity, quality, packaging etc)
• Effectively plan routes and manage time to ensure punctuality
• Maintain a clean sanitized truck, both inside and out.
• Regularly inspect and clean the vehicle to ensure it is ready for transport of sensitive goods
• Ensure all the necessary licenses ,certifications, and documents are up to date i.e. Speed Governor, NTSA Motor vehicle inspection, branding license, county distribution Licenses, drivers license, Vehicle insurance etc.
• Follow company guidelines for efficient fuel usage and consumption
• Ensure optimal fuel management through timely refueling and fuel efficient driving practices.
• Adhere to all health & safety protocols, ensuring safe operation of the truck at all times
• Follow all safe driving practices and report any accidents ,damages or safety hazards immediately
• Maintain awareness of and avoid environmental hazards, ensuring that the vehicle is parked and operated in a safe location.
• Adhere to best practices in reducing emissions and operating the vehicle in an environmentally friendly manner.
• Perform other driving -related duties as required by the company ,including assisting with loading and unloading of goods
• Communicate effectively with dispatch, warehouse staff, and customers to ensure smooth deliveries
• Keep accurate records of deliveries ,vehicle inspections, fuel consumption, and any other required documentation.

Requirements

• Valid Commercial driver’s license - Class BCE
• Secondary level certification
• Mandatory Defensive driver training
• Proven experience in Cold Chain or temperature -sensitive logistics preferred
• Familiarity with Cold Chain Logistics
• Understanding of local traffic laws, road safety regulations and company policies
• Knowledge of vehicle maintenance procedures and the importance of hygiene standards
• Strong time management and route planning skills
• Excellent driving skills with focus on safety and efficiency
• Ability to operate refrigerated vehicles and understand the workings of the refrigeration units
• Good communication skills
• Ability to manage documentation delivery logs, inspection records and fuel usage
• Ability to work independently and manage daily driving tasks efficiently
• Ability to handle temperature -sensitive products with care and attention
• Ability to work well with others
• Understanding of health and safety
• Knowledge of the Kenya Highway code and the Kenya geographical regions.