Cyber Security Analyst (DevSecOps)

Company Details
Industry: Telecommunications
Description: FinSense Africa was founded in 2017 to solve a growing challenge in the financial sector; integrating legacy systems with modern technologies. We began by connecting critical systems through secure APIs and middleware solutions, helping institutions improve efficiency and reduce complexity. As clien… FinSense Africa was founded in 2017 to solve a growing challenge in the financial sector; integrating legacy systems with modern technologies. We began by connecting critical systems through secure APIs and middleware solutions, helping institutions improve efficiency and reduce complexity. As client needs evolved, so did we, expanding into bespoke solutions, expert resourcing, DevOps, and Agile coaching to strengthen delivery capability. Today, FinSense partners with leading banks and enterprises across Africa to simplify transformation, modernize operations, and turn technology into measurable business value. View more View less
Job Details
Job Type: Full Time
Workplace Type: On-site
Qualification: Diploma
Job Experience: Mandatory
Job Location: Nairobi County, Kenya
Closing Date: Undisclosed
Salary: KES Unspecified / month
Other Pay: Benefits
Job Category: Telecommunications
Job Description

Job Title: Application Security Specialist

Job Purpose

The role holder is responsible for ensuring that information systems developed and deployed meet the organization’s cybersecurity policies, standards, and requirements, as well as comply with applicable cybersecurity regulations and industry standards. The role holder will ensure that security requirements are properly captured and embedded within the Software Development Life Cycle (SDLC) for all technology initiatives, that secure coding practices are adhered to, and that secure software and application configurations are maintained. The specialist will carry out security testing across all technology stacks (mobile, web applications, APIs/microservices, source code, web servers, containers, servers, databases, virtualization environments, network devices, and connectivity) within assigned scrum teams and projects.

Responsibilities

  • Work with scrum and project teams to ensure that security requirements are adequately captured during the requirements analysis phase.
  • Provide input into the secure design of information systems architecture throughout the project lifecycle.
  • Ensure that access to systems during the project lifecycle by staff, contractors, and vendors is secure and based on the principle of least privilege.
  • Enforce the implementation and adoption of minimum security baseline standards across all technologies in use.
  • Facilitate the identification of security vulnerabilities by performing or coordinating security assessments, vulnerability assessments, and penetration testing (VAPT).
  • Ensure security tools and controls are operating as expected within development and deployment pipelines and review security reports generated from them.
  • Report security gaps identified within scrum teams and projects and follow up on remediation in accordance with organizational standards and procedures.
  • Identify security violations and incidents during the project lifecycle and coordinate the response process.
  • Ensure effective integration of security tools to protect, detect, and respond to attempted intrusions before and during project go-live.
  • Collaborate with project teams to ensure user access matrices are properly defined and aligned with established roles and responsibilities.
  • Participate in deployment activities and conduct post-implementation reviews (PIR) to ensure security configurations are implemented and identified gaps do not progress into production environments.
  • Embed cybersecurity awareness initiatives throughout the project lifecycle, with a focus on secure coding practices.
  • Provide scheduled security reports to cybersecurity leadership, project teams, and steering committees on the progress of security workstream activities.

Qualifications

Skills and Experience

  • Bachelor’s degree in Computer Science, Information Technology, or other STEM-related discipline.
  • Master’s degree in Information Security, Cyber Security, or related field will be an added advantage.
  • Professional information security certifications such as CISA, CISM, CISSP, CRISC, or Security+, as well as application/security testing certifications such as CSSLP, CEH, OSCP, CPT, GPEN, GWAPT, or eJPT.
  • 3+ years of experience in technology roles.
  • 1+ years of experience in information security.
  • 1+ years of experience in Application Security within Secure SDLC and DevSecOps environments.
  • Strong technical expertise in DevSecOps toolchains, including tools such as Ansible, Jenkins, GitLab, Azure DevOps, Trivy, SonarQube, Terraform, Git/version control systems, or similar technologies.
  • Familiarity with information security frameworks and standards such as PCI-DSS, ISO 27001, and SABSA.
  • Knowledge of API security, container security, and cloud security principles.
  • Experience in project implementation and user training.
  • Ability to multitask, work effectively under pressure and tight deadlines, influence stakeholders, and operate both independently and within cross-functional teams.
  • Strong verbal and written communication skills.
  • Strong analytical and problem-solving skills with the ability to collaborate effectively across teams.
465 open positions on Semasocial right now · 7679 open positions in Nairobi County, Kenya · 49 posted in the last 7 days
Contact Information
CV Job Description Matcher See how well your CV matches this job and get tips to improve your chances AI Tool

This tool helps you see how closely your CV matches a job description. It also gives you simple suggestions on what to improve so you have a better chance of getting shortlisted.

Similar Jobs

Solvo Global Nairobi County, Kenya
View Job Jul 17, 2026
FinSense Africa Nairobi County, Kenya
View Job Jul 17, 2026
View Job Jul 17, 2026
Beware of Fraudsters!
Never pay anyone for job applications, interview tests, or job interviews. A genuine employer will never ask you for payment under any circumstances.
Disclaimer & TOS: We do not guarantee the authenticity of every single job posting and are not responsible for any fraudulent activity or misrepresentation by third parties. We are not involved in any stage of the interview or recruitment process and do not charge any fees from job seekers. For further details, please read the rest of the Terms of Service.