Application Security Specialist at Equity Bank Rwanda : Deadline27th july 2025
Equity Bank is one of the region’s leading Banks whose purpose is to transform the lives and livelihoods of the people of Africa socially and economically by availing them modern, inclusive nancial services that maximize their opportunities. With a strong footprint in Kenya, Uganda, Tanzania, Rwanda, DRC and South Sudan, Equity Bank is home to more than 20 million customers – the largest customer base in Africa. Currently the Bank is seeking additional talent to serve in the role outlined below.
APPLICATION SECURITY
SPECIALIST
Job Summary
The main responsibility of an Application Security Specialist
to ensure the security of Equity Bank Rwanda Plc applications throughout their
development lifecycle. The candidate will work closely with developers, Project
Management, and other stakeholders to identify and mitigate vulnerabilities,
implement secure coding practices, and enhance overall security posture.
Key Responsibilities
and Accountabilities
• Conduct security assessments, penetration testing, and
code reviews to identify vulnerabilities in applications.
• Implement secure coding practices and provide guidance to
development teams.
• Perform threat modeling and risk analysis to assess
application security risks.
• Develop, maintain, and enforce application security
policies and standards.
• Collaborate with DevOps teams to integrate security tools
into CI/CD pipelines.
• Implement DevSecops policies, processes and procedures and
enforce compliance.
• Work with Project Management team to perform security
reviews of Projects and Change Requests
• Research and stay up-to-date with emerging security threats,
vulnerabilities, and best practices.
• Conduct security training sessions for developers and IT
sta‑.
• Assist in
compliance e‑orts with standards and regulatory requirements (e.g., OWASP, ISO
27001, NIST, BNR, etc.).
• Any other
responsibilities that may be delegated by the line manager.
Qualication,
Experience, Skills and Attributes
• Bachelor’s/Master’s degree in Computer Science,
Cybersecurity, or a related eld.
• At least 2 years of
Experience in application security, penetration testing, or secure software
development.
• Security certications
such as CEH, OSWA, OSCP, CSSLP, GWAPT, or relevant certication.
• Strong knowledge of web, mobile, and cloud security
principles.
• Familiarity with OWASP Top 10, SANS CWE, and other
security frameworks.
• Hands-on experience with SAST, DAST, IAST, and RASP
security tools.
• Prociency in programming languages (e.g., Java, C#,C++,
JavaScript).
• Experience with DevSecOps practices and integrating
security into CI/CD pipelines.
• Understanding of cryptography, authentication mechanisms,
and access controls.
• Experience with cloud security (Azure).
• Knowledge of container security (Docker, Kubernetes).
Core competencies
- Knowledge of SDLC
- Cognizant of relevant application security frameworks
- Secure coding practices
- Knowledge of Threat Modelling
- Ability to communicate ndings clearly both in technical and non-technical terms
- Attention to detail
If you meet the above requirements, submit your application
quoting the job opportunity you are applying for as subject of your email
through the email address below by 27th
July 2025. Please include detailed Curriculum
Vitae, copies of the relevant certicates, testimonials, and daytime
telephone contact and email address. Only
short-listed candidates will be contacted.
Email to: jobsrwanda@equitybank.co.rw
Equity Bank is an equal opportunity employer. We value the diversity of
individuals, ideas, perspectives, insights, values and what they bring to the
workplace.
TIPS TO WIN THIS JOB:
1. become fluent in security-speak: Know your tools like a warrior knows his weapons:
·
OWASP Top
10
·
SAST,
DAST, and IAST
·
Burp
Suite, Nessus, Metasploit, Fortify, SonarQube
·
DevSecOps, CI/CD security, Zero Trust
Understand threats like XSS, SQLi, CSRF, SSRF, RCE and how to block
them.
2. code like a defender: You must not just find vulnerabilities — you must understand
the code that creates them.
3. earn the badges of honor (certifications): These light up your CV
like medals on a general’s chest:
·
CEH
(Certified Ethical Hacker)
·
OSCP
(Offensive Security Certified Professional)
·
CISSP (if
experienced)
·
CSSLP (if targeting software security lifecycle)
4. master the sdlc + shift left
mindset: Prove you understand how security
integrates from design to deployment.
5. build a brag-worthy portfolio: Share:
·
CTF
(Capture The Flag) victories
·
Vulnerability
write-ups
·
Bug bounty
programs you’ve participated in
·
Security
blogs, GitHub repos, or open-source patches
6. practice whiteboard warfare
(interview prep)
Nail technical questions:
·
“How do you prevent SQL injection in
modern apps?”
·
“How would you secure a RESTful
API?”
·
“What is your response process after
detecting a breach in production?”
Be ready to walk through code line by line.
7. understand business risk – speak
the board’s language: It’s not
just about patches and firewalls — it’s about risk management. Show you
understand how to prioritize based on impact, likelihood, and compliance
needs (e.g. GDPR, PCI-DSS).
8. study the company like you’re
hacking it (ethically!): Research
their tech stack, industry, recent breaches, and product lifecycle.
9. practice red team thinking – but live blue team values: Think like an
attacker. Defend like a guardian. Show your ability to anticipate exploits,
simulate attacks, and report responsibly.
10. demonstrate soft skills – yes,
really: You’ll need to train developers,
write security policies, and brief execs.
0 Comments