About Afreximbank: African Export-Import Bank (Afreximbank) is a Pan-African multilateral financial institution mandated to finance and promote intra-and extra-African trade.
For 30 years, the Bank has been deploying innovative structures to deliver financing solutions that support the transformation of the structure of Africa’s trade, accelerating industrialization and intra-regional trade, thereby boosting economic expansion in Africa. A stalwart supporter of the African Continental Free Trade Agreement (AfCFTA), Afreximbank has launched a Pan-African Payment and Settlement System (PAPSS) that was adopted by the African Union (AU) as the payment and settlement platform to underpin the implementation of the AfCFTA. Working with the AfCFTA Secretariat and the AU, the Bank is setting up a US$10 billion Adjustment Fund to support countries to effectively participate in the AfCFTA. At the end of December 2023, Afreximbank’s total assets and guarantees stood at over US$37.3 billion, and its shareholder funds amounted to US$6.1 billion. The Bank disbursed more than US$104 billion between 2016 and 2023. Afreximbank has investment grade ratings assigned by GCR (international scale) (A), Moody’s (Baa1), Japan Credit Rating Agency (JCR) (A-) and Fitch (BBB). Afreximbank has evolved into a group entity comprising the Bank, its impact fund subsidiary called the Fund for Export Development Africa (FEDA), and its insurance management subsidiary, AfrexInsure, (together, “the Group”). The Bank is headquartered in Cairo, Egypt.
Main Responsibilities
• Coordinate Application Security projects and services delivered,
• Participate on other Security projects in the Bank and its subsidiaries.
• Provide leadership in the DevSecOps areas of Vulnerability Scanning, Certificate Management, Password Policy Management, Data Analysis of security monitoring outputs, coordination of Remediation Patching, and other daily Security and Compliance efforts.
• Assist in developing an automated security framework for robust deployment tools and processes, leveraging various scripting languages and open source solutions.
• Perform VA & PT on web applications and other newly developed applications
• Automation of security controls
• Be part of development teams to deliver secure end-to-end automation of deployment, monitoring, and infrastructure management in a cloud environment.
• Coordinate teams, projects and participate in discussions with clients on daily basis
• Design & implement secure software development life cycle solutions based on various tools
• Contribute to tool evaluation, selection and recommendation internally
• Provide advisory to different internal groups
• Define secure software development life cycle for projects and teams
• Define applications security architecture elements• Define documentation of security requirements for applications (web, mobile, host, SOA, etc.).
• Assistance with KPIs and KRIs related to security in applications
• Coordinate the construction of labs and PoC to improve project and service delivery
• Work with senior management on defining roadmaps, needs and provide short and mid-term forecasting
• Collaborate with teams to define best approach to maximize the security posture
• Contribute to R&D activities as a Subject Matter Expert & internal professional community Compliance
Responsibilities
• Understand and adhere to the Bank's AML, Regulatory and Conduct Compliance policies and procedures.
• Report any suspicious or non-compliant activities or matters relating to the Bank’s staff or the customers to the Compliance Department.
• Complete the Annual Compliance Training/Assessment.
A Master Degree and /or Bsc (Hons) Degree in Computer Science, Telecommunications or Information Security.
• Certifications in cloud are preferred
• Certifications from Penetration Testing vendors (OSCP, CEH,…) are preferred
• SAST & DAST tools related education and certificates are beneficial
Years & Nature of Experience
• A minimum of 5 years’ experience in a multinational organisation.
• Has a passion for Security, Agile, and DevOps
•
Experience coordinating and performing vulnerability assessments using automated and manual tools (Tenable, NMAP, etc).
• Experience in management and definition of security in the software development lifecycle (SDLC)
• Working knowledge of Waterfall, Agile and primarily DevOps development methodologies
• Experience in software development and SDLC in Java, Python, C#, etc…
• Experience with Automation in testing or orchestration Selenium, Maven, Ant, Msbuild, Npm, Yarn, Jenkins, Team City, etc…
• Knowledge of conducting security checks (static and dynamic code analysis, vulnerability analysis in applications and penetration tests, security component analysis)
• Understanding or virtualization and container technologies (Docker, Kubernetes, OpenShift, …)
• Experience with OWASP Testing Guide v3 / 4 and OWASP TOP 10
• Knowledge of securing APIs
• Experience in Web and/or Mobile applications and common vulnerabilities
• Knowledge of security in micro-services is beneficial
• Ability to work alone and bring results
• Proficiency in C/C++ Programming and Bash, Python or other scripting languages.
•Familiarity with Information Security frameworks/standards (i.e. CIS, NIST, RFC2196, etc).Comprehension in the security areas of Key Management Systems, Certificate Management, Encryption, Penetration Testing, Vulnerability Scanning, Security and Monitoring tools, etc.
•Knowledge of Windows and Linux patch management and related information security functions (authentication, encryption, iptables, SSL, Ciphers, etc)
•
Ability to work with APIs and Plugins to integrate security tools into established CI/CD pipelines.
•
Familiarity with Amazon AWS Policy, Configuration, and Security Management tools.
•
Experience with security automation and machine learning.
PROFICIENCY
Experience working with Developers, DevOps, and Engineering teams in a dynamic environment to promote/implement the DevSecOps program throughout the organization
• Operates autonomously and is generally responsible for an end-to-end process within DevSecOps.
• Acts as a first escalation point across the area of DevOps and DevSecOps queries in its own area and is expected to
LEADERSHIP SKILLS
• Acts as a subject matter expert in DevSecOps providing technical guidance to colleagues across Afreximbank while maintaining required integrity.
• Coaches, motivates and mentors other colleagues.
• Identifies and addresses training needs for the team, including preparing and delivering training programmes as directed by Senior Management.
INTERPERSONAL SKILLS
Builds and manages effective working relationships both internally and externally at different organisational levels.
• Influences decisions at functional level and support external negotiations.
• Presents complex technical information to diverse audiences in a clear and concise manner for purposes of driving results.
PROBLEM SOLVING & BUSINESS IMPACT
Solves non-routine and occasionally complex problems based on sound critical analysis, technical knowledge and prior experience.
• Acts with flexibility as an escalation point for technical issues encountered by colleagues.
• Impacts its own function by managing a specific area or sub-function, including inputting to functional strategy and policies and providing technical expertise, advice and guidance
SUPPORTING AFREXIMBANK MANDATE
Has a solid understanding of Afreximbank’s products and services and how their own area contributes to Afreximbank’s values and mission.
• Has a good knowledge of the Continent’s political, economic and trade landscape and is able to offer well informed opinions on the subject internally and to external counterparts.
• Identifies practical ways in which Afreximbank’s values and mission can be cascaded to
