Job Description
Job Purpose:Conduct Application Security Testing, Vulnerability Assessment and Penetration Testing and configuration review for network, web application, mobile application, payment gateway, API and thick -client applications.Perform manual/automated testing of Web/ Mobile/ Infra/Network/Wi-Fi/ ATM/ payment gateway/API applications.Contribute to design, development, and support of new/upgrade business/infrastructure application projects with security recommendations across the implementation life cycle.To ensure deployment of applications with appropriate security measures, including but not limited to, relevant technologies, architectures, policies, and compliance frameworks.Plan and execute periodic testing activities, and document findings and its remediation plans. Coordination with internal team for reporting and closure of reported findings.Staying current with latest trends, tools, techniques, etc. in application security and to keep abreast with current and emerging vulnerabilities / risks/ threats, in addition to understanding their appropriate counter measures. Work with and manage external security vendors / auditors during assessments.To support and promote a culture of awareness of information security throughout the bank, and hold training with staff members across different business units.Work with the Contracts, Vendor Management and Compliance/Business departments to ensure that third-party suppliers contracts and operating-level agreements meet information security requirements.Assist in executing information security and compliance reviews.Key Accountabilities: Act as a primary InfoSec SPOC for all SIB SubsidiariesConduct Application Security Testing, Vulnerability Assessment and Penetration Testing and configuration review for network, web application, mobile application, payment gateway, API and thick -client applications.Perform manual/automated testing of Web/ Mobile/ Infra/Network/Wi-Fi/ ATM/ payment gateway/API applications.Contribute to design, development, and support of new/upgrade business/infrastructure application projects with security recommendations across the implementation life cycle.Plan and execute periodic testing activities, and document findings and its remediation plans. Coordination with internal team for reporting and closure of reported findings.Qualifications, Experiences & Technical Skills: Bachelor’s Degree in Information Management, or a related field.Experience: 5+ years of relevant experienceTechnical Skills:Data Protection & Information Security: Knowledge of data privacy laws and best practices for protecting sensitive information.Research and Data Analysis: Ability to conduct information research and perform basic data analysis.