IT Application Security Analyst

Full time @Stanbic IBTC posted 3 years ago

Job Description

Job Purpose

  • Analyses information security systems and applications, recommends and develops security measures to protect information against unauthorized modification or loss
  • Ensuring that any software developed or acquired meets stringent standards while enabling rapid innovation to meet customer’s ever-changing needs
  • Management of, and provision of expert advice on, the selection, design, justification, implementation and operation of information security controls and management strategies to maintain the confidentiality, integrity, availability, accountability and relevant compliance of information systems.

Key Responsibilities / Accountabilities

  • Integrating security tools, standards and processes into the product life cycle (PLC)
  • Improving and supporting application security tool deployments including static analysis and runtime testing tools
  • Improving and maintaining secure development standards
  • Supporting the incident response / architecture review process whenever application security expertise is needed
  • Providing penetration testing and standards gap analysis services to internal business and technology partners
  • Managing penetration testing services, including both expert consulting and managed services
  • Integrating threat modeling practices into the product life cycle
  • Providing security requirements for test-driven design
  • Producing metrics reporting the state of application security programs and performance of development teams against requirements
  • Supporting vendor security activities to ensure 3rd party software and development meets security standards
  • Managing application framework and perimeter security improvement projects

Preferred Qualification and Experience
Qualifications and Experience

  • IT, Computer Science or other Science related courses
  • Minimum of 5 years experience in IT Security, Information Security Risk, Application development
  • Expert Knowledge of VAPT tools usage (e.g. Kali, Metasploit, Nessus, Qualys etc), secure coding, exploitation, Defence, Forensics, Reverse Engineering
  • Extensive Knowledge of TCP/IP protocol stacks, OWASP, PCI, ISO 27001 and Application Vulnerability Management and risk
  • Sound knowledge of risk assessment, code review, ethical hacking, reconnaissance, client server-side attack and countermeasures
  • Knowledge of programming (e.g Java, C, Python, php etc)
  • Relevant IT certifications, CEH, CISA, CISSP etc would be beneficial

Related Jobs

 
Required 'Candidate' login to applying this job. Click here to logout And try again
 
 
 
 

Apply for this Job

  • Drop a resume file or click to upload.
    To upload file size is (Max 5Mb) and allowed file types are (.doc, .docx, .pdf)
    or
    Upload Resume
  • Upload Cover Letter

    To upload file size is (Max 1Mb) and allowed file types are (.doc, .docx, .pdf)

  • By clicking checkbox, you agree to our Terms and Conditions and Privacy Policy

 

Answers

 

Account Activation

Before you can login, you must activate your account with the code sent to your email address. If you did not receive this email, please check your junk/spam folder. Click here to resend the activation email. If you entered an incorrect email address, you will need to re-register with the correct email address.