IT Security Specialist- Applications job at DFCU Bank

DFCU Bank is hiring an IT Security Specialist- Applications responsible for ensuring the security and integrity of software applications by implementing, monitoring, and managing security measures to protect against vulnerabilities, threats, and unauthorized access.

Reporting to the Manager- Applications Security

KEY ACCOUNTABILITIES:

• Conduct vulnerability assessments and penetration testing on applications.
• Identify and remediate security weaknesses in application designs, code, and configurations. This is for both new implementations and also for those undergoing changes.
• Collaborate with developers to integrate security into the Software Development Life Cycle (SDLC).
• Promote secure coding practices, such as input validation, encryption, and authentication mechanisms.
• Investigate and respond to application security incidents, such as breaches or malware infections.
• Perform root cause analysis and recommend preventative measures.
• Ensure applications comply with security standards (e.g., OWASP Top 10, ISO 27001, or PCI-DSS).
• Develop and enforce application security policies and guidelines.
• Deploy and manage tools like Web Application Firewalls (WAFs), Static and Dynamic Application Security Testing (SAST/DAST) tools, and runtime protection tools.
• Continuously monitor application activity for anomalies or suspicious behaviour.
• Educate developers and stakeholders on application security risks and best practices.
• Conduct workshops or create resources to build a security-first mindset within development teams.

KNOWLEDGE, SKILLS, AND EXPERIENCE REQUIRED:

• A minimum qualification of a Bachelor’s Degree in Computer Science, Information Technology, or a related numerical Sciences Degree.
• A master’s degree specializing in digital security is an added advantage.
• Professional information and cyber security certifications in relevant technologies such as Cisco, Microsoft, Unix / Linux will be an added advantage.
• At least one information security certification e.g. CISSP, CISM, CEH, CCSP etc.
• At least 5 years’ experience in systems / network administration role or information and cyber security role.
• Work experience in the banking industry will be an added advantage.
• Experience and qualifications in Ethical Hacking.
• Working Knowledge of systems architecture and systems development.
• Knowledge and experience in Applications penetrations testing.
• Skills and training in internet applications design and security.
• Experience with Web Application Firewalls Proficiency in security technologies such as firewalls, intrusion detection systems, and encryption.
• Knowledge and Experience in Cyber Defense techniques and technologies.
• Experience in UNIX and Windows server administration is an added advantage.
• Technical skills in Unix and Windows and Python scripting skills.
• Demonstrate experience in writing technical reports and management reports for stakeholders is a must.
• Must possess above average problem-solving skills, organization skills, excellent and communication skills.
• Considered an out of the box thinker and displays a willingness to learn.
• Ability to maintain robust stakeholder engagements, a strong work ethic, and is a team player with the ability to work well independently.
• Experience with security frameworks and regulations such as PCI-DSS & ISO 27001.
• Ability to respond immediately to security incidents and provide post incident analysis.
• Ability to perform security systems testing both in-house and external systems before production deployment.
• Ability to educate employees on security is best practice and promote a culture of security awareness.
• Advanced Business Architectural & IT Security skills.
• Analytical Thinking & Inductive Reasoning.
• Planning and Organization.
• Strategic Perspective – Establish priorities, challenging goals and measurements consistent with these goals and organizational vision.
• Critical Judgement and Decision-Making – Define issues and focus on achieving workable solutions to obstacles.
• Good Communicator – Presents ideas effectively, clearly and concisely both orally and in writing.
• Leadership and Interpersonal Skills – Create a culture of continuous development and ownership with self and the team.
• Inspire Commitment –Actions and behaviours are consistent with words.
• Self-Development – Pursues positive change in self and organization. Drives own personal development plan.

• Conduct vulnerability assessments and penetration testing on applications.
• Identify and remediate security weaknesses in application designs, code, and configurations. This is for both new implementations and also for those undergoing changes.
• Collaborate with developers to integrate security into the Software Development Life Cycle (SDLC).
• Promote secure coding practices, such as input validation, encryption, and authentication mechanisms.
• Investigate and respond to application security incidents, such as breaches or malware infections.
• Perform root cause analysis and recommend preventative measures.
• Ensure applications comply with security standards (e.g., OWASP Top 10, ISO 27001, or PCI-DSS).
• Develop and enforce application security policies and guidelines.
• Deploy and manage tools like Web Application Firewalls (WAFs), Static and Dynamic Application Security Testing (SAST/DAST) tools, and runtime protection tools.
• Continuously monitor application activity for anomalies or suspicious behaviour.
• Educate developers and stakeholders on application security risks and best practices.
• Conduct workshops or create resources to build a security-first mindset within development teams.

• Experience and qualifications in Ethical Hacking.
• Working Knowledge of systems architecture and systems development.
• Knowledge and experience in Applications penetrations testing.
• Skills and training in internet applications design and security.
• Experience with Web Application Firewalls Proficiency in security technologies such as firewalls, intrusion detection systems, and encryption.
• Knowledge and Experience in Cyber Defense techniques and technologies.
• Technical skills in Unix and Windows and Python scripting skills.
• Demonstrate experience in writing technical reports and management reports for stakeholders is a must.
• Must possess above average problem-solving skills, organization skills, excellent and communication skills.
• Considered an out of the box thinker and displays a willingness to learn.
• Ability to maintain robust stakeholder engagements, a strong work ethic, and is a team player with the ability to work well independently.
• Ability to respond immediately to security incidents and provide post incident analysis.
• Ability to perform security systems testing both in-house and external systems before production deployment.
• Ability to educate employees on security is best practice and promote a culture of security awareness.
• Advanced Business Architectural & IT Security skills.
• Analytical Thinking & Inductive Reasoning.
• Planning and Organization.
• Strategic Perspective – Establish priorities, challenging goals and measurements consistent with these goals and organizational vision.
• Critical Judgement and Decision-Making – Define issues and focus on achieving workable solutions to obstacles.
• Good Communicator – Presents ideas effectively, clearly and concisely both orally and in writing.
• Leadership and Interpersonal Skills – Create a culture of continuous development and ownership with self and the team.
• Inspire Commitment –Actions and behaviours are consistent with words.
• Self-Development – Pursues positive change in self and organization. Drives own personal development plan.

• A minimum qualification of a Bachelor’s Degree in Computer Science, Information Technology, or a related numerical Sciences Degree.
• A master’s degree specializing in digital security is an added advantage.
• Professional information and cyber security certifications in relevant technologies such as Cisco, Microsoft, Unix / Linux will be an added advantage.
• At least one information security certification e.g. CISSP, CISM, CEH, CCSP etc.
• Experience and qualifications in Ethical Hacking.
• Working Knowledge of systems architecture and systems development.
• Knowledge and experience in Applications penetrations testing.
• Skills and training in internet applications design and security.
• Experience with Web Application Firewalls Proficiency in security technologies such as firewalls, intrusion detection systems, and encryption.
• Knowledge and Experience in Cyber Defense techniques and technologies.
• Experience in UNIX and Windows server administration is an added advantage.
• Technical skills in Unix and Windows and Python scripting skills.
• Demonstrate experience in writing technical reports and management reports for stakeholders is a must.
• Must possess above average problem-solving skills, organization skills, excellent and communication skills.
• Considered an out of the box thinker and displays a willingness to learn.
• Ability to maintain robust stakeholder engagements, a strong work ethic, and is a team player with the ability to work well independently.
• Experience with security frameworks and regulations such as PCI-DSS & ISO 27001.
• Ability to respond immediately to security incidents and provide post incident analysis.
• Ability to perform security systems testing both in-house and external systems before production deployment.
• Ability to educate employees on security is best practice and promote a culture of security awareness.
• Advanced Business Architectural & IT Security skills.
• Analytical Thinking & Inductive Reasoning.
• Planning and Organization.
• Strategic Perspective – Establish priorities, challenging goals and measurements consistent with these goals and organizational vision.
• Critical Judgement and Decision-Making – Define issues and focus on achieving workable solutions to obstacles.
• Good Communicator – Presents ideas effectively, clearly and concisely both orally and in writing.
• Leadership and Interpersonal Skills – Create a culture of continuous development and ownership with self and the team.
• Inspire Commitment –Actions and behaviours are consistent with words.
• Self-Development – Pursues positive change in self and organization. Drives own personal development plan.