The Development Bank of Rwanda (BRD) Plc is Rwanda’s only National Development Bank mandated to support Rwanda’s Vision 2050 development agenda. Over the past five years, the bank has registered exponential growth contributing to socio-economic development, strengthening institutional and human capacity, fostering corporate governance and risk management practices.
INFORMATION SECURITY ANALYST (1)
1. Background Information
Job Title: Information Security Analyst Job Grade: 6
Department: CEO’s Office
Reports to: Senior Manager Information Security and Risk
2. Contract Terms: Open-ended
3. Purpose of the Job:
The Information Security Analyst Job function will more into performing penetration tests, manual
and automated vulnerability assessment scans on applications and IT infrastructure, risk
assessments and code reviews. S/he will also be responsible for implementing remediation of
the identified vulnerabilities in applications and supporting infrastructure. will conduct researchon threats and attack vectors that impact web applications, bank’s IT infrastructure and mobile
applications.
4. Key Responsibilities:
• Provide security guidance to the application development team on various areas including
secure coding techniques, process and tools, security testing support and release.
• Drive and perform application security training, requirements & standards, static & dynamic
security testing?
• Lead the application security design reviews for new applications to be developed and
services.
• Providing DevOps security solution integration with various security test tools
• Conduct effective vulnerability management through VAPTs for all bank’s applications
whether newly acquired and existing to ensure vulnerabilities are timely detected and
managed.
• Perform source-code reviews and threat modelling the SDLC of the applications
• Assessing application security solutions proof of value through conducting proof of concept
• Participate in the architecture of mobile and web applications including interface and
database design, process and API flows, networking, cloud infrastructure, protocol
communication, security and appropriate technology use.
• Support the operationalization of the Security Operation Center (SOC) and implementation
of ISO 27001:2022 ISMS
• Simulating an attack on the system and IT infrastructure to find exploitable weaknesses
• Establish and manage relations with vendors and related equipment suppliers
• Develop and communicate the Security Service catalogue
• Administer network and system monitoring tools and report attempted attacks to inform
recommendations on further mitigation measures
• Perform detailed analysis of incidents and implement recommended mitigation
• Conduct monitoring controls on the Applications and Databases to ensure access
management is based on the least privilege principle.
• Perform security reviews for access management of core banking and applications hosted
on cloud
• Develop and review policies and procedures for applications/software development
5. Performance Indicators
• Advanced knowledge in using VAPT tools like Kali Linux tools and other Web Vulnerability
and security scanning tools
• Experience working with Web Applications, Web Services, and Service Oriented
Architectures
• Experience with multiple programming languages (such as, Java, C++, Ruby, Python, Perl,
etc.)
• Familiarity with the OWASP framework and application security best practices
• Strong understanding of SDLC principles.
• Strong analytical, documentation, and interpersonal skills?
• Knowledge of encryption technologies (web, database, and file).
• Knowledge of identity and access management and its application in an enterprise
• Understanding of information security risks in financial services.
6. Professional, academic qualifications and experience
• Bachelor’s degree in computer science, computer engineering,?information?systems or any
other relevant degree.
• Master’s degree in information security field is an added value
• Information security certifications is an added advantage like ISO Lead Implementer, Lead
Auditor, CEH or any other related professional recognized certifications
• At least 1 years of experience in conducting VAPT
7. Other Competencies
• Good communication & analytical skills
• Good time management & team player
• High level of ownership of the assignments
• Flexible to work under changing environment
Application Guidelines:
Interested candidate should apply online (https://www.brd.rw/careers/ ) and upload
application documents including Curriculum Vitae, copies of degree certificates and professional
certificates, motivation letter, names of three previous supervisors (as one document) as well
as their emails and telephone. Please be informed that you will receive a notification pop up
message after successfully uploading your application.
Only online applications shall be considered.
Email only for inquiries (not application): recruitment@brd.rw
Address all applications to the Head, Human Capital, and Corporate Services of the
Development Bank of Rwanda.
Deadline for application: 19th July 2024
The employment package is highly competitive/attractive.
Due to expected high volume of applications, ONLY shortlisted applicants will be contacted.
Done in Kigali, Friday 5th July 2024