The CBS Security Specialist is responsible for ensuring the confidentiality, integrity, and availability of the bank’s Core Banking System (CBS) and its supporting environments. The role safeguards the Core Banking System (CBS) and connected ecosystems (payments, channels, integrations) by designing, implementing, and monitoring robust security controls across the application, data, integration, and infrastructure layers. It also drives secure SDLC, threat modeling, vulnerability management, compliance, and incident response specifically for core banking platforms.

Principle Responsibilities

• Own CBS Security Architecture – define and maintain security patterns for CBS, ESB/API gateways, batch jobs, and downstream systems.
• Secure SDLC for CBS – embed security requirements for all the CBS changes.
• Threat Modeling & Risk Assessments – conduct modeling for CBS modules, interfaces, and new products; track respective risks to closure.
• Hardening & Configuration Baselines – implement hardening for OS, DB, app servers, and CBS modules.
• Database & Data Security – enforce encryption, key management, masking, auditing, and least privilege for all the CBS modules and schemas.
• Identity & Access Controls – enforce RBAC, SoD for CBS roles, privileged access management (PAM), and periodic access attestation and recertification.
• Vulnerability Management – coordinate scanning/patching for CBS stack, triage findings, and drive SLA-based remediation by criticality and business impact.
• Security Monitoring & Use Cases – develop CBS-specific SIEM detections.
• Incident Response (IR) – lead CBS-related Incident Response playbooks, including forensics and lessons learned.
• Change/Risk Governance – review CRs affecting CBS; sign-off on go-live security readiness.
• Compliance & Audit Readiness – ensure alignment with applicable standards and regulatory directives.
• Business Continuity – validate DR/BCP for CBS (RPO/RTO, backups, logs, failover, key recovery, reconciliation controls, etc.).
• Third-Party Risk – assess vendors, SLAs, secure configurations, and data processing agreements.
• Security Awareness (Targeted) – train CBS operations, developers, and product owners on secure change, access hygiene, and fraud-aware controls.
• Serve as the primary security expert to Core Banking Environment.

Qualifications Required

• Bachelor’s degree in Cybersecurity, computer science, Information Security, Engineering, or related field.
• Industry Certifications: CISA, CCSP, CISM, CRISC or CEH will be a plus.
• Experience with secure integration patterns (APIs, ESB, microservices), including authentication, authorization, tokenization, and TLS best practices.
• Adequate understanding of Core Banking Systems (CBS) architecture, including modules, integration points, and typical attack vectors in financial systems.
• Strong knowledge of database security (e.g., Oracle, MSSQL), including encryption, access control, auditing, and secure configurations.
• Familiarity with payment systems security such as SWIFT, ISO, card systems, digital channels, and related fraud-prevention controls.
• Understanding threat modeling and vulnerability assessment for banking applications, including secure SDLC, code review practices, and security testing tools.
• Risk-based decisioning, balancing security with availability in high-stakes banking operations.
• Core Banking Systems architecture, EOD/BOD, GL posting flows, batch jobs, and common attack vectors.
• Application Security: OWASP Top 10, secure coding patterns, code review, dependency & secret scanning.
• Infrastructure Security: OS hardening, virtualization, Oracle/MSSQL hardening, database encryption, data masking, fine-grained auditing (FGA), least privilege.
• Integration & API Security, Monitoring & Incidents Response.
• 4+ years in application or platform security within banking/financial services, with 3+ years hands-on securing CBS or equivalent mission-critical systems.

• Own CBS Security Architecture – define and maintain security patterns for CBS, ESB/API gateways, batch jobs, and downstream systems.
• Secure SDLC for CBS – embed security requirements for all the CBS changes.
• Threat Modeling & Risk Assessments – conduct modeling for CBS modules, interfaces, and new products; track respective risks to closure.
• Hardening & Configuration Baselines – implement hardening for OS, DB, app servers, and CBS modules.
• Database & Data Security – enforce encryption, key management, masking, auditing, and least privilege for all the CBS modules and schemas.
• Identity & Access Controls – enforce RBAC, SoD for CBS roles, privileged access management (PAM), and periodic access attestation and recertification.
• Vulnerability Management – coordinate scanning/patching for CBS stack, triage findings, and drive SLA-based remediation by criticality and business impact.
• Security Monitoring & Use Cases – develop CBS-specific SIEM detections.
• Incident Response (IR) – lead CBS-related Incident Response playbooks, including forensics and lessons learned.
• Change/Risk Governance – review CRs affecting CBS; sign-off on go-live security readiness.
• Compliance & Audit Readiness – ensure alignment with applicable standards and regulatory directives.
• Business Continuity – validate DR/BCP for CBS (RPO/RTO, backups, logs, failover, key recovery, reconciliation controls, etc.).
• Third-Party Risk – assess vendors, SLAs, secure configurations, and data processing agreements.
• Security Awareness (Targeted) – train CBS operations, developers, and product owners on secure change, access hygiene, and fraud-aware controls.
• Serve as the primary security expert to Core Banking Environment.

• Secure integration patterns (APIs, ESB, microservices), including authentication, authorization, tokenization, and TLS best practices.
• Core Banking Systems (CBS) architecture, including modules, integration points, and typical attack vectors in financial systems.
• Database security (e.g., Oracle, MSSQL), including encryption, access control, auditing, and secure configurations.
• Payment systems security such as SWIFT, ISO, card systems, digital channels, and related fraud-prevention controls.
• Threat modeling and vulnerability assessment for banking applications, including secure SDLC, code review practices, and security testing tools.
• Risk-based decisioning, balancing security with availability in high-stakes banking operations.
• Core Banking Systems architecture, EOD/BOD, GL posting flows, batch jobs, and common attack vectors.
• Application Security: OWASP Top 10, secure coding patterns, code review, dependency & secret scanning.
• Infrastructure Security: OS hardening, virtualization, Oracle/MSSQL hardening, database encryption, data masking, fine-grained auditing (FGA), least privilege.
• Integration & API Security, Monitoring & Incidents Response.

• Bachelor’s degree in Cybersecurity, computer science, Information Security, Engineering, or related field.
• Industry Certifications: CISA, CCSP, CISM, CRISC or CEH will be a plus.