DEVSECOPS SENIOR ANALYST / SENIOR ANALYST
Job Description Roles & Responsibilities JOB PURPOSE Ensure the confidentiality, integrity, and availability of an organization's information systems and data and effective implementation of security measures within development processes through integrating security into the operational and development processes to support the organization in streamlining and enhancing the development processes In addition, work closely with cross-functional teams to integrate security practices into their workflows and ensure that security is considered throughout the software development lifecycle, collaborate with stakeholders, manage security initiatives, and provide guidance on secure coding practices. responsible for identifying and mitigating security risks, conducting security assessments, and ensuring compliance with relevant regulations and standards to help improve software reliability, security, and quality. 4. KEY ACCOUNTABILITIES Description 1. Collaborate with cross-functional teams to integrate security practices into development processes and create seamless flow of work. 2. Provide guidance and support on secure coding practices, secure design principles, and security risk mitigation. 3. Develop and maintain security documentation and guidelines for Continuous Integration / Continuous Development CI/CD pipeline tools and processes. Additionally, Design and implement secure (CI/CD) pipelines for building, testing and deploying software, incorporating security testing tools such as Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST) and Software Composition Analysis (SCA) 4. Evaluate and recommend the implementation of security tools and technologies to enhance the security posture of the organization within the CI/CD pipeline. 5. Responsible for the security of the software development process, including automating scans, code verification, and developing security protocol to protect sensitive data and ensure proper prevention against cyber threats. 6. Review and enhance containers security measures within the bank IT environment (e.g. Kubernetes, OpenShift, etc) 7. Collaborate with both development and operations teams to create a seamless flow of work and maintain an agile workflow. 8. Ensure continuous integration and delivery (CI/CD) processes are followed, promoting the speedy release of high-quality software 9. Support the implementation of the key strategic business initiatives and projects through following the secure software development life cycle including specifying the confidentiality, integrity, and availability requirements, addressing security requirements throughout the development of new systems and performing proper risk assessment prior to releasing new systems to production. 10. Review new technologies and changes to existing technologies for in house developed applications to ensure proper information security requirements/controls and compliance with relevant security policies and compliance mandates. 11. Conduct the annual review and update of the area s processes, procedures and recommend updates to relevant policies with the adherence to the developed SLAs. Policies, Processes and Procedures 12. Participate, develop and recommend improvements to policies, processes and procedures and manage their implementation to ensure all relevant procedural / legislative requirements are fulfilled. Day-to-day management 13. Follow the day-to-day operations related to own jobs in the Information Security Management department to ensure continuity of work. Compliance 14. Ensure compliance with relevant laws, regulations, and industry standards (e.g., CBE, PCI-DSS, ISO 27001). Desired Candidate Profile QUALIFICATIONS, EXPERIENCE, & SKILLS Qualifications & Experience Bachelor's degree in Computer Science, Information Security, or a related field. A master's degree is preferred. 3-6 years of proven experience in a similar security-focused role. (5-8 years for Sr. analyst) Proven experience as a DevSecOps Engineer or similar role, with strong background in software development lifecycle and security Strong knowledge of secure coding practices, secure design principles, and common security vulnerabilities. Familiarity with agile development methodologies and experience integrating security into agile processes. Knowledge of industry regulations and standards such as ISO 27001, NIST, OWASP, etc. Abroad understanding of security practices such as penetration testing, threat modelling, vulnerability management and static & dynamic application security testing Experience with CI/CD tools such as Gitlab CI/CD, version control systems, code repositories, etc. Experience with containerization and orchestration tools (e.g. Docker, Kubernetes, Helm, ArgoCD) Knowledge of scripting languages (e.g. Bash, Python, Go) Experience conducting security assessments, vulnerability testing, and risk assessments. Familiarity with security tools and technologies such as vulnerability scanners, code analysis tools, etc. Recommended Certification: CISSP CISM CSSLP GIAC Cloud Security Automation (GCSA) Certified DevSecOps Engineer (CDSOE) Certified DevSecOps Professional (CDP) DevSecOps Engineering (DSOE) Certified Ethical Hacker (CEH) Offensive Security Defense Analyst (OSDA) Skills Excellent communication and collaboration skills Strong problem-solving and analytical skills Proficient verbal and written English Ability to manage and prioritize tasks Knowledge of top-level cybersecurity subjects and issues Ability to research threats and draw up logical conclusions through well-thought-out, unbiased processes Ability to troubleshoot and solve problems Ability to learn new technologies quickly Ability to bring together data from diverse sources and articulate it into simple and concise information Company Industry BankingFinancial ServicesBroking Department / Functional Area Administration Keywords DEVSECOPS SENIOR ANALYST / SENIOR ANALYST Get real-time job updates only on our App
Ready to apply?
You are viewing this role on JobSphere AI. Applications are completed on the original employer / source website.
Apply on original siteOpens the employer's site in a new tab
- CompanyCommercial International Bank
- LocationRiyadh - Saudi Arabia
- CategoryCybersecurity
- SourceNaukrigulf
- Listed3 weeks ago
Related Cybersecurity jobs
SOC Engineer
Security Monitoring & Threat Detection • Administration, management, and Support deployment and tuning of OT security tools (Nozomi, Forescout). Monitor OT/ICS…
Priority Banking - Customer Service Representative
1. Client Relationship Management ▸ Resolve customer issues efficiently while ensuring first-contact resolution whenever possible. ▸ Manage customer complaints…
Secretary
Manage executive schedules, ensuring optimal time allocation for meetings, deadlines, and travel, to facilitate smooth operations. Prepare and edit…
Senior Full Stack Developer
We are seeking an experienced Full Stack Engineer with strong Java expertise and modern front-end capabilities to design, build and deliver scalable enterprise…