Job Purpose\n\nThe role holder is responsible for ensuring information systems developed and deployed meet the organization's cybersecurity policies, standards, and requirements, as well as complying with applicable cybersecurity regulations and industry standards.\n\nThe role holder will ensure that security requirements are properly captured and embedded within the Software Development Life Cycle (SDLC) for all technology initiatives, secure coding practices are adhered to, and secure software and application configurations are maintained.\n\nThe specialist will carry out security testing across all technology stacks (mobile, web applications, APIs/microservices, source code, web servers, containers, servers, databases, virtualization environments, network devices, and connectivity) within assigned scrum teams and projects.\n\n### Key Responsibilities\n\n* Work with scrum and project teams to ensure that security requirements are adequately captured during the requirements analysis phase.\n* Provide input into the secure design of information systems architecture throughout the project lifecycle.\n* Ensure that access to systems during the project lifecycle by staff, contractors, and vendors is secure and based on the principle of least privilege.\n* Enforce the implementation and adoption of minimum security baseline standards across all technologies in use.\n* Facilitate the identification of security vulnerabilities by performing or coordinating security assessments, vulnerability assessments, and penetration testing (VAPT).\n* Ensure security tools and controls are operating as expected within development and deployment pipelines and review security reports generated from them.\n* Report security gaps identified within scrum teams and projects and follow up on remediation in accordance with organizational standards and procedures.\n* Identify security violations and incidents during the project lifecycle and coordinate the response process.\n* Ensure effective integration of security tools to protect, detect, and respond to attempted intrusions before and during project go-live.\n* Collaborate with project teams to ensure user access matrices are properly defined and aligned with established roles and responsibilities.\n* Participate in deployment activities and conduct post-implementation reviews (PIR) to ensure security configurations are implemented and identified gaps do not progress into production environments.\n* Embed cybersecurity awareness initiatives throughout the project lifecycle, with a focus on secure coding practices.\n* Provide scheduled security reports to cybersecurity leadership, project teams, and steering committees on the progress of security workstream activities.\n\n### Requirements, Skills, and Experience\n\n* Education: Bachelor’s degree in Computer Science, Information Technology, or other STEM-related discipline. A Master’s degree in Information Security, Cyber Security, or related field will be an added advantage.\n* Certifications: Professional information security certifications such as CISA, CISM, CISSP, CRISC, or Security+, as well as application/security testing certifications such as CSSLP, CEH, OSCP, CPT, GPEN, GWAPT, or eJPT.\n* Overall Experience: 3+ years of experience in technology roles with 1+ years specifically in information security.\n* Specialized Experience: 1+ years of experience in Application Security within Secure SDLC and DevSecOps environments.\n* Technical Skills: Strong technical expertise in DevSecOps toolchains (e.g., Ansible, Jenkins, GitLab, Azure DevOps, Trivy, SonarQube, Terraform, Git/version control systems). Familiarity with information security frameworks and standards (e.g., PCI-DSS, ISO 27001, SABSA), API security, container security, and cloud security principles.\n* Interpersonal Skills: Ability to multitask, work effectively under pressure and tight deadlines, influence stakeholders, and operate both independently and within cross-functional teams. Strong verbal, written, analytical, and problem-solving skills.\n\n### How to Apply\n\nInterested and qualified candidates should apply online by visiting the FinSense Africa Zoho Recruit Portal.