DEVSECOPS SENIOR ANALYST / SENIOR ANALYST

Commercial International Bank

JOB PURPOSE

Ensure the confidentiality, integrity, and availability of an organization's information systems and data and effective implementation of security measures within development processes through integrating security into the operational and development processes to support the organization in streamlining and enhancing the development processes In addition, work closely with cross-functional teams to integrate security practices into their workflows and ensure that security is considered throughout the software development lifecycle, collaborate with stakeholders, manage security initiatives, and provide guidance on secure coding practices. responsible for identifying and mitigating security risks, conducting security assessments, and ensuring compliance with relevant regulations and standards to help improve software reliability, security, and quality.

4. KEY ACCOUNTABILITIES

Description

1. Collaborate with cross-functional teams to integrate security practices into development processes and create seamless flow of work.

2. Provide guidance and support on secure coding practices, secure design principles, and security risk mitigation.

3. Develop and maintain security documentation and guidelines for Continuous Integration / Continuous Development CI/CD pipeline tools and processes. Additionally, Design and implement secure (CI/CD) pipelines for building, testing and deploying software, incorporating security testing tools such as Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST) and Software Composition Analysis (SCA)

4. Evaluate and recommend the implementation of security tools and technologies to enhance the security posture of the organization within the CI/CD pipeline.

5. Responsible for the security of the software development process, including automating scans, code verification, and developing security protocol to protect sensitive data and ensure proper prevention against cyber threats.

6. Review and enhance containers security measures within the bank IT environment (e.g. Kubernetes, OpenShift, etc)

7. Collaborate with both development and operations teams to create a seamless flow of work and maintain an agile workflow.

8. Ensure continuous integration and delivery (CI/CD) processes are followed, promoting the speedy release of high-quality software

9. Support the implementation of the key strategic business initiatives and projects through following the secure software development life cycle including specifying the confidentiality, integrity, and availability requirements, addressing security requirements throughout the development of new systems and performing proper risk assessment prior to releasing new systems to production.

10. Review new technologies and changes to existing technologies for in house developed applications to ensure proper information security requirements/controls and compliance with relevant security policies and compliance mandates.

11. Conduct the annual review and update of the area s processes, procedures and recommend updates to relevant policies with the adherence to the developed SLAs.

Policies, Processes and Procedures

12. Participate, develop and recommend improvements to policies, processes and procedures and manage their implementation to ensure all relevant procedural / legislative requirements are fulfilled.

Day-to-day management

13. Follow the day-to-day operations related to own jobs in the Information Security Management department to ensure continuity of work.

Compliance

14. Ensure compliance with relevant laws, regulations, and industry standards (e.g., CBE, PCI-DSS, ISO 27001).