Standard Bank Group Jobs Oct. 2018

Posted on :

3 Oct, 2018

Category :

Security Jobs in Ghana

Information Technology: systems development, business analysis, architecture, project management, data warehousing, infrastructure, maintenance and production

Job Description

Job Title: Specialist, Application Security

Job Purpose

The Application Security Specialist will be tasked with identifying vulnerabilities in applications developed either in-house or by externally and their supporting infrastructure while assisting the software engineers and IT teams in the remediation efforts as well as researching threats and attack vectors that impact web, enterprise and mobile applications

Key Responsibilities/Accountabilities

Penetration Testing and Vulnerability Assessment

  • Perform penetration testing and vulnerability assessment on web, enterprise and mobile applications.
  • Assist software engineering teams with the configuration, tuning and operation of SAST and DAST tools, and their integration into the development process.
  • Help to validate and interpret SAST, DAST and penetration test findings, demonstrate identified vulnerabilities, assess risks, evaluate possible fixes, and verify successful remediation.
  • Help to develop and collect metrics to measure the success of the application security program.
  • Assist with the incident response procedures.

Policy and Security Awareness Training

  • Contribute to the development/delivery of awareness training and general Information Security education.
  • Assist in creating and training for software engineering team members on secure code development, and other security literacy topics.

Access Controls Review

Perform periodic reviews on rules and processes used for granting and revoking access to applications.
Reporting

  • Report the results of technical IT Security assessments with conclusions, recommendations for improvement, follow-up status to Manager – Information Security.
  • Incident Response Management
  • Assist in investigating all identified security breaches, or concentrated attempts at breaching security controls.
  • Investigate reported breaches of security, potential abuses or intrusions or interference with the bank’s infrastructure and coordinate mitigation or responses as needed for the purpose of ensuring the bank’s sensitive data is kept secure

Research and Development

  • Research threats and attack vectors that may impact applications and infrastructure. Stay up-to-date with current offensive and defensive tactics, techniques and procedures.
  • Research and report on emerging cyber threats and coordinate proactive internal counter measures

Key performance measures

Advertisement
  • Number and severity of vulnerabilities found in web applications.
  • Number of resolved security vulnerabilities
  • Number of security flashpoints identified
  • Compliance level of country application security
  • Number of awareness sessions held with software engineers

Number of security reports to senior management and the Board
IT Audit rating by Internal Audit, Routine Control, and external audit

Important Relationships

Maintain a supportive, co-operative working relationship with software development engineers, business unit heads, Risk, Routine Control, and Internal Audit departments.

Problem solving, planning and decision making

  • Required to draw on information security expertise to assess issues and problem areas, and advice on the best solution(s).
  • Able to take the initiative within limits of authority.
  • Required to follow laid-down policies and procedures at all times.

Planning

  • Required to develop a strategic security plan, with supporting short-term plans for daily security activities and periodic assessments/reviews.
  • Able to deal efficiently with work volumes while remaining focused on priorities.
  • Ability to note, document and follow up on issues at all times.

Preferred Qualification and Experience

Experience in writing and testing web applications and web services in the following

  • programming languages; C/C++, Java, JavaScript
  • Should be familiar with variety of development and testing tools including Eclipse, GIT, GCC, JIRA, Subversion, Maven, HP/Fortify SCA, IBM AppScan
  • A minimum of 2 years experience in Web Application development and a minimum of 1-year experience in Information security/technology risk reviews across enterprise operating systems, databases, applications and networks.

Knowledge/Technical Skills/Expertise

A degree in Computer Science, Management Information Systems or Computer Engineering

Relevant certifications include: Certified Ethical Hacking (CEH); Certified Information Systems Security Professional (CISSP) or Certified Information Security Manager(CISM)

Candidates must be able to explain all vulnerabilities and weaknesses in the OWASP Top 10, WASC TCv2, CWE 25 to any audience to discuss effective defensive techniques.

Comment on this Job - Please Post Your Comments Below:

Jobs in Ghana | Current Jobs in Ghana | Companies | Job Vacancies in Ghana

Latest News from BuzzGhana.com

No items