Application Security & DevSecOp

About the job

Job Summary:

The Application Security & SecOps Manager provides Information Security expertise and contributes to the success of the Information Security function achieving Banque Misr Information Security baseline mandated requirements defined by Banque Misr including but not limited to implementing new Security layers and creating new powerful monitoring function plus insuring that security standards and requirements are implemented by all technology functions relevant to the job function.

Responsibilities

• Ensure the secure agile development standard by planning, designing, Implementing and evaluating security-focused tools and services including projects/POCs leadership roles to Banque Misr developed applications.
• Ensure code reviews awareness and validation for the developers across the Banque Misr.
• Develop an automated security framework for robust deployment tools and processes, leveraging various scripting languages and security solutions.
• Define Secure by Design blueprints, patterns and design principles.
• Evaluate and recommend new and emerging security products and technologies to enhance Banqur Misr Secure Development Life Cycle (SDLC).
• Evaluate, Design, Implement full security components for Banque Misr CI/CD pipelines.
• Provides consultancy and manage security requirements and provide them with recommendation, HLD, LLD and owns the implementation of security tools with business entities and development teams.
• Responsible for delivering technical presentations, (POCs).
• Ensure launched services follows latest security standards through the development life cycle & CBE framework.
• Ensure that right access/authority given to the right person.
• Contribute to the implementation of automated compliance and vulnerabilities scan mechanism for DevOps, DevSecOps & containers stream.
• Develop and implement software tools to monitor the Security systems and to provide useful statistics, Trend Analysis using Historical data to capture the Subscriber behavior/Profile across different seasons and occasions.
• Ensure abiding the relevant information security controls with the security standards (ISO 27001, PCI-DSS) & CBE framework.
• Study the effect of new service/promotion on systems security.
• Coordination remediation of vulnerabilities within established timeframes with the development teams and relevant stockholders.
• Generate Weekly, Monthly Report to keep track on Security KPI.
• Study of new Security Systems / Tools or Features.
• Have the knowledge and Familiarity with Information Security frameworks/standards (i.e. CIS, NIST .. etc)
• Participate in design/implementation session for public and private infrastructure technologies.
• Maintain deep Knowledge of computer networking and infrastructure systems.
• Assure latest security measures are applied on different infrastructure technologies (virtualization, containers, Infrastructure as Code (IaC), ...)
• Comprehension in the security areas of Key Management Systems, Certificate Management, Encryption, Penetration Testing, Vulnerability Scanning, Security and Monitoring tools, etc.
• Knowledge of Windows and Linux patch management and related information security functions (authentication, encryption, IP tables, SSL, Ciphers, etc)

Qualifications

• Degree: Bachelor or master Degree in Telecommunication/electronics/computer engineering.
• Experience: Minimum of 8 years’ experience in Systems and Information Security positions preferred at least 4 years’ experience in Application security/Penetration testing/DevOps/DecSecOps position.

s Manager