The Cyber Security Analyst (DevSecOps) is responsible for supporting the Bank’s cybersecurity strategy by embedding security controls across the software development lifecycle and technology implementation processes. The role holder will work closely with scrum teams, developers, infrastructure teams, and project stakeholders to confirm that systems developed and deployed comply with cybersecurity policies, regulatory requirements, and industry standards. This position is central to supporting secure coding practices, application security testing, vulnerability management, and secure configuration across mobile, web, APIs, cloud, and containerized environments.
Duties and Responsibilities
Secure SDLC and Security Architecture: Collaborate with project teams to capture security requirements during the analysis phase. Provide input on secure architecture and solution design throughout the project lifecycle. Promote secure coding standards and embed cybersecurity awareness within development teams.
Vulnerability Management and Security Testing: Conduct and coordinate vulnerability assessments and penetration testing across applications, APIs, infrastructure, and cloud environments. Monitor security checks within deployment pipelines and ensure security tools are functioning effectively. Identify and document vulnerabilities through to closure.
Security Compliance and Access Management: Support secure access management following the principle of least privilege. Support compliance with frameworks including PCI DSS, ISO 27001, and SABSA. Facilitate the implementation of minimum security baseline standards.
Security Operations and Reporting: Identify security incidents and policy violations during project implementation. Provide scheduled security updates and reports to the Cybersecurity Project Lead and steering committees.
Requirements
Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or a STEM-related discipline.
A Master’s degree in Information Security or Cybersecurity is an added advantage.
Professional certifications such as CISA, CISM, CISSP, CRISC, Security+, CSSLP, CEH, OSCP, or equivalent are preferred.
Minimum of 3 years of experience in technology-related roles.
At least 1 year of experience in information security environments.
At least 1 year of experience in Application Security, Secure SDLC, or DevSecOps environments.
Experience with automation tools such as Ansible, Jenkins, GitLab, Azure DevOps, Trivy, SonarQube, Terraform, or Git.
Familiarity with API Security, Container Security, and Cloud Security.
Interested and qualified candidates should apply by visiting the application link on the Stratostaff portal: Stratostaff Jobs. You can also apply directly through the recruitment page for this specific role at https://www.myjobmag.co.ke/apply-now/1225622.
