Cyber Security Analyst (DevSecOps)
About FinSense Africa
a Nairobi-based technology consultancy specializing in digital transformation, core banking implementation, and financial technology solutions,
Description
Qualifications
Responsibilities
Work with scrum and project teams to ensure that security requirements are adequately captured during the requirements analysis phase.
Provide input into the secure design of information systems architecture throughout the project lifecycle.
Ensure that access to systems during the project lifecycle by staff, contractors, and vendors is secure and based on the principle of least privilege.
Enforce the implementation and adoption of minimum security baseline standards across all technologies in use.
Facilitate the identification of security vulnerabilities by performing or coordinating security assessments, vulnerability assessments, and penetration testing (VAPT).
Ensure security tools and controls are operating as expected within development and deployment pipelines and review security reports generated from them.
Report security gaps identified within scrum teams and projects and follow up on remediation in accordance with organizational standards and procedures.
Identify security violations and incidents during the project lifecycle and coordinate the response process.
Ensure effective integration of security tools to protect, detect, and respond to attempted intrusions before and during project go-live.
Collaborate with project teams to ensure user access matrices are properly defined and aligned with established roles and responsibilities.
Participate in deployment activities and conduct post-implementation reviews (PIR) to ensure security configurations are implemented and identified gaps do not progress into production environments.
Embed cybersecurity awareness initiatives throughout the project lifecycle, with a focus on secure coding practices.
Provide scheduled security reports to cybersecurity leadership, project teams, and steering committees on the progress of security workstream activities.
Requirements
Skills and Experience
Bachelor’s degree in Computer Science, Information Technology, or other STEM-related discipline.
Master’s degree in Information Security, Cyber Security, or related field will be an added advantage.
Professional information security certifications such as CISA, CISM, CISSP, CRISC, or Security+, as well as application/security testing certifications such as CSSLP, CEH, OSCP, CPT, GPEN, GWAPT, or eJPT.
3+ years of experience in technology roles.
1+ years of experience in information security.
1+ years of experience in Application Security within Secure SDLC and DevSecOps environments.
Strong technical expertise in DevSecOps toolchains, including tools such as Ansible, Jenkins, GitLab, Azure DevOps, Trivy, SonarQube, Terraform, Git/version control systems, or similar technologies.
Familiarity with information security frameworks and standards such as PCI-DSS, ISO 27001, and SABSA.
Knowledge of API security, container security, and cloud security principles.
Experience in project implementation and user training.
Ability to multitask, work effectively under pressure and tight deadlines, influence stakeholders, and operate both independently and within cross-functional teams.
Strong verbal and written communication skills.
Strong analytical and problem-solving skills with the ability to collaborate effectively across teams.