About the Job
As an IT Security Operations Specialist focusing on DevSecOps at our digital bank, you will play a critical role in embedding security within our continuous integration and deployment (CI/CD) pipelines. Your expertise will ensure the delivery of secure banking services, protecting customer data, and maintaining regulatory compliance. You will collaborate with cross-functional teams to promote security best practices in a fast-paced financial environment.
Key Responsibilities:
- Develop, implement, and manage security solutions within our DevOps infrastructure to safeguard digital banking platforms and services.
- Collaborate with software development, operations, and quality assurance teams to integrate security throughout the software development life cycle (SDLC).
- Perform security code reviews and application vulnerability assessments, including static and dynamic analysis.
- Oversee the configuration and management of security tools such as intrusion detection/prevention systems (IDPS), web application firewalls (WAF), and security information and event management (SIEM).
- Establish and enforce security policies and procedures that comply with financial regulations such as PCI DSS, UAE IA, and other relevant standards.
- Maintain and enhance container security practices, including image scanning and runtime protection.
- Conduct regular security audits and risk assessments to identify potential threats and develop mitigation strategies.
- Manage security incidents, coordinate response activities, and conduct post-mortem analysis to prevent future occurrences.
- Create and maintain comprehensive documentation regarding DevSecOps processes, security controls, and incident response plans.
- Train and mentor staff on security awareness, best practices, and secure coding techniques.
- Liaise with third-party vendors and partners to ensure their compliance with our security standards.
- Stay abreast of the latest cybersecurity trends, tools, and practices, especially within the financial technology (FinTech) sector.
Qualifications:
- Bachelor's or Master's degree in Computer Science, Cybersecurity, or a related field.
- A minimum of 5 years of experience in IT security, with at least 2 years focused on DevSecOps in the financial services industry.
- Professional security certifications such as CISSP, OSCP, GWAPT, or CCSK are highly desirable.
- Proven track record in implementing security in CI/CD pipelines and in cloud environments (AWS, Azure, GCP).
- Expertise in regulatory compliance and frameworks relevant to financial services such as FFIEC, SOX, etc.
- Strong understanding of encryption technologies, identity and access management (IAM), and network security protocols.
- Experience with infrastructure as code (IaC) and automation tools like Terraform, Ansible, or Chef.
- Knowledge of application security tools like Fortify, Checkmarx, or SonarQube.
- Excellent problem-solving skills, attention to detail, and the ability to work under pressure.
- Strong communication skills, both verbal and written, with the ability to articulate complex security concepts to a varied audience.
About the Company
Zand is a digital bank licensed by the Central Bank of the UAE, specializing in Corporate Banking and Fintech services. We aim to be a digital economic accelerator, providing the foundations for a broader generation of digital services. Our fully digital offerings make banking quicker and simpler, putting customers in control of their financial lives. Zand focuses on creating ecosystems and communities of businesses, enabling us to introduce innovative products and services.
