Role notes

This position provides independent assurance over software application security and the Software Development Life Cycle, with a strong focus on Web Application and API Vulnerability Assessments and Penetration Testing.

Key duties include:

• Reviewing SDLC methodologies, including Agile, DevOps, and secure-by-design principles.
• Assessing application and API security concepts, common vulnerabilities, and secure coding practices.
• Reviewing cybersecurity fundamentals, access control, encryption, vulnerability management, and secure system architectures.
• Applying industry standards and best practices relevant to application security, SDLC, and cybersecurity assurance.
• Conducting risk-based audits, control assessments, and audit reporting.
• Presenting complex technical information to technical and non-technical stakeholders.
• Managing multiple priorities and deadlines in a fast-paced environment.

Knowledge and skills:

• Strong SDLC and cybersecurity knowledge.
• Good understanding of application and API security.
• Strong analytical and problem-solving skills.
• Excellent written and verbal communication skills.
• Ability to work independently and in a team.

Qualifications and experience:

• Bachelor’s degree in Computer Science, Information Technology, or related fields.
• Relevant professional certifications such as CIA, CISA, CISSP, CEH, etc. will be an added advantage.
• At least 3 years’ experience in Cybersecurity, Software Development, Security, Internal/External Audit, ICT Audits, Data Analytics, or a related field.
• Experience in software development and security reviews or audits.
• Experience with security tools such as vulnerability scanners and penetration testing tools.

• Reviewing SDLC methodologies, including Agile, DevOps, and secure-by-design principles.
• Assessing application and API security concepts, common vulnerabilities, and secure coding practices.
• Reviewing cybersecurity fundamentals, access control, encryption, vulnerability management, and secure system architectures.
• Applying industry standards and best practices relevant to application security, SDLC, and cybersecurity assurance.
• Conducting risk-based audits, control assessments, and audit reporting.
• Presenting complex technical information to technical and non-technical stakeholders.
• Managing multiple priorities and deadlines in a fast-paced environment.

• Strong SDLC and cybersecurity knowledge.
• Good understanding of application and API security.
• Strong analytical and problem-solving skills.
• Excellent written and verbal communication skills.
• Ability to work independently and in a team.

• Bachelor’s degree in Computer Science, Information Technology, or related fields.
• Relevant professional certifications such as CIA, CISA, CISSP, CEH, etc. will be an added advantage.