Background

At Stratostaff we design, implement and manage workforce solutions for large, specialized or routine staff complements giving you the opportunity to focus on your core business.

ROLE PURPOSE

The Cyber Security Analyst (DevSecOps) is responsible for supporting the Bank’s cybersecurity strategy by embedding security controls across the software development lifecycle and technology implementation processes.

The role holder will work closely with scrum teams, developers, infrastructure teams, and project stakeholders to confirm that systems developed and deployed comply with the Bank’s cybersecurity policies, regulatory requirements, and industry standards.

The role is responsible for supporting secure coding practices, application security testing, vulnerability management, and secure configuration management across technology environments including mobile applications, web applications, APIs, microservices, servers, databases, cloud infrastructure, containers, and network environments.

DUTIES AND RESPONSIBILITIES

Secure SDLC and Security Architecture

• Work with scrum and project teams to confirm that security requirements are adequately captured during the requirements analysis phase.
• Provide input into secure architecture and solution design throughout the project lifecycle.
• Support the implementation of secure software development lifecycle practices across all technology initiatives.
• Promote secure coding standards and application security best practices within development teams.
• Embed cybersecurity awareness initiatives during project implementation with a focus on secure coding practices.

Vulnerability Management and Security Testing

• Conduct and coordinate vulnerability assessments and penetration testing activities across applications, APIs, infrastructure, databases, cloud environments, containers, and related technologies.
• Review reports generated from DevSecOps security tools and support remediation activities.
• Monitor security checks within deployment pipelines and confirm that security tools are functioning effectively.
• Identify, document, and follow up on security vulnerabilities and project related security gaps through to closure.
• Participate in deployment sessions and post implementation reviews to confirm that security configurations are implemented appropriately.

Security Compliance and Access Management

• Support secure access management during the project lifecycle in line with the principle of least privilege.
• Work with project teams to define and review user access matrices aligned to approved roles and responsibilities.
• Support compliance with cybersecurity frameworks and standards including PCI DSS, ISO 27001, and SABSA.
• Facilitate implementation of the Bank’s minimum security baseline standards across all technologies.
• Support integration of security controls and tools to strengthen threat detection, prevention, and incident response capabilities.

Security Operations and Reporting

• Identify security incidents and policy violations during project implementation and coordinate response activities.
• Provide scheduled security updates and reports to the Cybersecurity Project Lead, project teams, and steering committees.
• Support project implementation activities and end user security awareness initiatives.
• Collaborate with internal and external stakeholders to strengthen security controls and operational resilience.

MEASURABLE OUTCOME

• Maintain compliance with internal cybersecurity standards and regulatory requirements across assigned projects.
• Achieve timely identification and remediation of security vulnerabilities and configuration gaps.
• Maintain secure and effective DevSecOps pipeline controls across technology initiatives.
• Reduce security incidents and vulnerabilities introduced during system development and deployment.
• Maintain effective reporting and closure of identified security risks and gaps.
• Support successful implementation of secure technology projects within approved timelines and standards.

KEY COMPETENCIES

• Cybersecurity Risk Management
• Security Monitoring and Incident Response
• Stakeholder Collaboration and Communication
• Problem Solving and Analytical Thinking
• Attention to Detail and Technical Accuracy
• Project Coordination and Reporting

QUALIFICATIONS & EXPERIENCE

• Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or any other STEM related discipline.
• Master’s degree in Information Security, Cybersecurity, or a related field will be an added advantage.
• Professional certifications such as CISA, CISM, CISSP, CRISC, Security+, CSSLP, CEH, OSCP, CPT, GPEN, GWAPT, EWPT, or EJPT will be an added advantage.
• Minimum of 3 years’ experience in technology related roles.
• At least 1 year of experience within information security environments.
• At least 1 year of experience in Application Security, Secure SDLC, or DevSecOps environments.
• Experience working with DevSecOps and automation tools such as Ansible, Jenkins, GitLab, Azure DevOps, Trivy, SonarQube, Terraform, Git, or similar technologies.
• Familiarity with API Security, Container Security, and Cloud Security environments.
• Experience supporting technology implementation projects and user training initiatives

• Work with scrum and project teams to confirm that security requirements are adequately captured during the requirements analysis phase.
• Provide input into secure architecture and solution design throughout the project lifecycle.
• Support the implementation of secure software development lifecycle practices across all technology initiatives.
• Promote secure coding standards and application security best practices within development teams.
• Embed cybersecurity awareness initiatives during project implementation with a focus on secure coding practices.
• Conduct and coordinate vulnerability assessments and penetration testing activities across applications, APIs, infrastructure, databases, cloud environments, containers, and related technologies.
• Review reports generated from DevSecOps security tools and support remediation activities.
• Monitor security checks within deployment pipelines and confirm that security tools are functioning effectively.
• Identify, document, and follow up on security vulnerabilities and project related security gaps through to closure.
• Participate in deployment sessions and post implementation reviews to confirm that security configurations are implemented appropriately.
• Support secure access management during the project lifecycle in line with the principle of least privilege.
• Work with project teams to define and review user access matrices aligned to approved roles and responsibilities.
• Support compliance with cybersecurity frameworks and standards including PCI DSS, ISO 27001, and SABSA.
• Facilitate implementation of the Bank’s minimum security baseline standards across all technologies.
• Support integration of security controls and tools to strengthen threat detection, prevention, and incident response capabilities.
• Identify security incidents and policy violations during project implementation and coordinate response activities.
• Provide scheduled security updates and reports to the Cybersecurity Project Lead, project teams, and steering committees.
• Support project implementation activities and end user security awareness initiatives.
• Collaborate with internal and external stakeholders to strengthen security controls and operational resilience.

• Cybersecurity Risk Management
• Security Monitoring and Incident Response
• Stakeholder Collaboration and Communication
• Problem Solving and Analytical Thinking
• Attention to Detail and Technical Accuracy
• Project Coordination and Reporting
• Experience working with DevSecOps and automation tools such as Ansible, Jenkins, GitLab, Azure DevOps, Trivy, SonarQube, Terraform, Git, or similar technologies.
• Familiarity with API Security, Container Security, and Cloud Security environments.

• Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or any other STEM related discipline.
• Master’s degree in Information Security, Cybersecurity, or a related field will be an added advantage.
• Professional certifications such as CISA, CISM, CISSP, CRISC, Security+, CSSLP, CEH, OSCP, CPT, GPEN, GWAPT, EWPT, or EJPT will be an added advantage.