Background Information

The Development Bank of Rwanda (BRD) Plc is Rwanda’s only National Development Bank mandated to support Rwanda’s Vision 2050 development agenda. Over the past five years, the bank has registered exponential growth contributing to socio-economic development, strengthening institutional and human capacity, fostering corporate governance and risk management practices.

The Bank is implementing the revised strategic plan for 2024-2028 which is appropriately aligned to the country’s strategic direction enabling the Bank to unlock better value creation for its stakeholders by supporting entrepreneurs, addressing market failures, and impactful socioeconomic development.

To deliver on its bold vision and impactful objectives, the Bank’s expanded and refocused mandate is underpinned on four strategic focus areas:

• Availing transformational finance.
• Increasing green financing for a resilient future.
• Driving scale and impact.
• Fostering innovation and technology.

To achieve its strategic mandate, BRD recognizes the importance of strengthening its human and institutional capital to drive sustainable development and ensure the Bank remains a center of excellence in the financial sector.

BRD is committed to respecting gender equality and disability norms. We promote gender-responsive practices. Qualified candidates particularly females and persons living with disabilities are encouraged to apply.

To help accomplish this ambitious and exciting vision, the Development Bank of Rwanda (BRD) would like to recruit suitable qualified candidates to fill the following positions:

1. Senior Information Security Analyst

Background Information

Job Title: Senior Information Security Analyst

Current Grade: JG F- Senior Specialist

Divisions/ Department: CEO’s Office

Reporting to: Head of Information Security and Risk

Contract Terms – Open Ended

Purpose of the Job

The Senior Information Security Analyst is responsible for guiding Security Operations Center (SOC) activities, including enhancement of threat detection, incident analysis, and security investigations.

The role is responsible for operating, tuning, and optimizing SIEM and security monitoring tools to enhance threat visibility and reduce false positives. Oversees third-party application security monitoring, and works closely with vendors to remediate security issues and strengthen the Bank’s overall security posture.

Main Responsibilities of the Job

• Coordinating and operating Security Operation Center (SOC) infrastruture and tools optimization
• Assessing and managing security risks associated with third-party and internally developed applications by conducting application security reviews, vendor risk assessments, and control validations
• Perform and oversee the threat analysis, alert triage, and root cause investigation
• Oversee and ensure preparedness protection of bank’s infrastructure against cyber threats, breaches, crimes and ensure emergency response preparedness
• Review and enforce the implementation of operational procedure for the SOC facilities
• Drive the application security reviews for new applications to be developed and services.
• Providing DevOps security solution integration with various security test tools
• Conduct effective vulnerability management through VAPTs for all bank’s applications whether newly acquired and existing to ensure vulnerabilities are timely detected and managed.
• Perform source-code reviews and threat modelling the SDLC of the applications
• Participate in the architecture of mobile and web applications including interface and database design, process and API flows.
• Simulating an attack on the system and IT infrastructure to find exploitable weaknesses
• Perform detailed analysis of incidents and implement recommended mitigation

Performance indicators

• Advanced knowledge in using VAPT tools like Kali Linux tools and other Web Vulnerability and security scanning tools
• Experience working with Web Applications, Web Services, and Service Oriented Architectures
• Familiarity with the OWASP framework and application security best practices
• Strong understanding of SDLC principles.
• Strong analytical, documentation, and interpersonal skills
• Knowledge of encryption technologies (web, database, and file).
• Knowledge of identity and access management and its application in an enterprise
• Understanding of information security risks in financial services.

Working relationships

• Information Security team
• Required to liaise and work closely with the other departments as may be necessary such as Risk, Audit and Compliance
• External Assessor/Tester
• Regulatory body

Professional, academic qualifications and experience

• Bachelor’s degree in computer science, computer engineering, information systems or any other relevant degree.
• Relevant master’s degree from a recognized institution is an added value
• At least 4 years of experience in information security
• Good understanding banking information security infrastructure
• Information security certifications is an added advantage like ISO Lead Implementer, Lead Auditor, CEH or any other related professional recognized certifications
• Strong knowledge of secure design practices
• Extensive experience leading application security across the full SDLC within Agile and CI/CD environments, embedding security controls from design through deployment and operations in cloud-based platforms.
• Experience in implementing and operating Security Operation Center (SOC) tools including use-case development, tuning, and log source onboarding
• Experience in integration and data sharing with other Security Operation Center (SOC) is added value
• Experience working with Web Applications, Mobile Applications and Service Oriented Architectures
• Experience with multiple programming languages (such as, Java, C++, Ruby, Python, Perl, etc.)

Core competencies

• Familiarity with and hands-on experience with SOC tools
• Understanding of information security principles, standards, and frameworks (e.g., ISO 27001, NIST Cybersecurity Framework).
• Knowledge of network protocols, system vulnerabilities, and attack vectors.
• Proficiency in risk assessment and management methodologies.
• Knowledge of applicable laws, regulations, and compliance requirements.
• Excellent communication and interpersonal skills to effectively collaborate with stakeholders across the bank.
• Security threat analysis, alert triage, incident detection, root cause investigation, and response,

• Coordinating and operating Security Operation Center (SOC) infrastruture and tools optimization
• Assessing and managing security risks associated with third-party and internally developed applications by conducting application security reviews, vendor risk assessments, and control validations
• Perform and oversee the threat analysis, alert triage, and root cause investigation
• Oversee and ensure preparedness protection of bank’s infrastructure against cyber threats, breaches, crimes and ensure emergency response preparedness
• Review and enforce the implementation of operational procedure for the SOC facilities
• Drive the application security reviews for new applications to be developed and services.
• Providing DevOps security solution integration with various security test tools
• Conduct effective vulnerability management through VAPTs for all bank’s applications whether newly acquired and existing to ensure vulnerabilities are timely detected and managed.
• Perform source-code reviews and threat modelling the SDLC of the applications
• Participate in the architecture of mobile and web applications including interface and database design, process and API flows.
• Simulating an attack on the system and IT infrastructure to find exploitable weaknesses
• Perform detailed analysis of incidents and implement recommended mitigation

• Advanced knowledge in using VAPT tools like Kali Linux tools and other Web Vulnerability and security scanning tools
• Experience working with Web Applications, Web Services, and Service Oriented Architectures
• Familiarity with the OWASP framework and application security best practices
• Strong understanding of SDLC principles.
• Strong analytical, documentation, and interpersonal skills
• Knowledge of encryption technologies (web, database, and file).
• Knowledge of identity and access management and its application in an enterprise
• Understanding of information security risks in financial services.
• Familiarity with and hands-on experience with SOC tools
• Understanding of information security principles, standards, and frameworks (e.g., ISO 27001, NIST Cybersecurity Framework).
• Knowledge of network protocols, system vulnerabilities, and attack vectors.
• Proficiency in risk assessment and management methodologies.
• Knowledge of applicable laws, regulations, and compliance requirements.
• Excellent communication and interpersonal skills to effectively collaborate with stakeholders across the bank.
• Security threat analysis, alert triage, incident detection, root cause investigation, and response,

• Bachelor’s degree in computer science, computer engineering, information systems or any other relevant degree.
• Relevant master’s degree from a recognized institution is an added value
• Good understanding banking information security infrastructure
• Information security certifications is an added advantage like ISO Lead Implementer, Lead Auditor, CEH or any other related professional recognized certifications
• Strong knowledge of secure design practices
• Extensive experience leading application security across the full SDLC within Agile and CI/CD environments, embedding security controls from design through deployment and operations in cloud-based platforms.
• Experience in implementing and operating Security Operation Center (SOC) tools including use-case development, tuning, and log source onboarding
• Experience in integration and data sharing with other Security Operation Center (SOC) is added value
• Experience working with Web Applications, Mobile Applications and Service Oriented Architectures
• Experience with multiple programming languages (such as, Java, C++, Ruby, Python, Perl, etc.)