1. Senior Information Security Analyst

2. Background Information

Job Title: Senior Information Security Analyst

Current Grade: JG F- Senior Specialist

Divisions/ Department: CEO’s Office

Reporting to: Head of Information Security and Risk

3. Contract Terms – Open Ended

4 .Purpose of the Job

The Senior Information Security Analyst is responsible for guiding Security Operations Center (SOC) activities, including enhancement of threat detection, incident analysis, and security investigations.

The role is responsible for operating, tuning, and optimizing SIEM and security monitoring tools to enhance threat visibility and reduce false positives. Oversees third-party application security monitoring, and works closely with vendors to remediate security issues and strengthen the Bank’s overall security posture.

5. Main Responsibilities of the Job

• Coordinating and operating Security Operation Center (SOC) infrastruture and tools optimization
• Assessing and managing security risks associated with third-party and internally developed applications by conducting application security reviews, vendor risk assessments, and control validations 
• Perform and oversee the threat analysis, alert triage, and root cause investigation
• Oversee and ensure preparedness protection of bank’s infrastructure against cyber threats, breaches, crimes and ensure emergency response preparedness
• Review and enforce the implementation of operational procedure for the SOC facilities
• Drive the application security reviews for new applications to be developed and services.
• Providing DevOps security solution integration with various security test tools 
• Conduct effective vulnerability management through VAPTs for all bank’s applications whether newly acquired and existing to ensure vulnerabilities are timely detected and managed.
• Perform source-code reviews and threat modelling the SDLC of the applications 
• Participate in the architecture of mobile and web applications including interface and database design, process and API flows. 
• Simulating an attack on the system and IT infrastructure to find exploitable weaknesses 
• Perform detailed analysis of incidents and implement recommended mitigation

6. Performance indicators

• Advanced knowledge in using VAPT tools like Kali Linux tools and other Web Vulnerability and security scanning tools 
• Experience working with Web Applications, Web Services, and Service Oriented Architectures 
• Familiarity with the OWASP framework and application security best practices
• Strong understanding of SDLC principles. 
• Strong analytical, documentation, and interpersonal skills? 
• Knowledge of encryption technologies (web, database, and file). 
• Knowledge of identity and access management and its application in an enterprise 
• Understanding of information security risks in financial services.

7. Working relationships 

• Information Security team 
• Required to liaise and work closely with the other departments as may be necessary such as Risk, Audit and Compliance 
• External Assessor/Tester
• Regulatory body 

8. Professional, academic qualifications and experience

• Bachelor’s degree in computer science, computer engineering,?information?systems or any other relevant degree.
• Relevant master’s degree from a recognized institution is an added value 
• At least 4 years of experience in information security 
• Good understanding banking information security infrastructure
• Information security certifications is an added advantage like ISO Lead Implementer, Lead Auditor, CEH or any other related professional recognized certifications
• Strong knowledge of secure design practices 
• Extensive experience leading application security across the full SDLC within Agile and CI/CD environments, embedding security controls from design through deployment and operations in cloud-based platforms.
• Experience in implementing and operating Security Operation Center (SOC) tools including use-case development, tuning, and log source onboarding 
• Experience in integration and data sharing with other Security Operation Center (SOC) is added value
• Experience working with Web Applications, Mobile Applications and Service Oriented Architectures
• Experience with multiple programming languages (such as, Java, C++, Ruby, Python, Perl, etc.)

9. Core competencies

• Familiarity with and hands-on experience with SOC tools 
• Understanding of information security principles, standards, and frameworks (e.g., ISO 27001, NIST Cybersecurity Framework).
• Knowledge of network protocols, system vulnerabilities, and attack vectors.
• Proficiency in risk assessment and management methodologies.
• Knowledge of applicable laws, regulations, and compliance requirements.
• Excellent communication and interpersonal skills to effectively collaborate with stakeholders across the bank.
• Security threat analysis, alert triage, incident detection, root cause investigation, and response, 

Application Guidelines:

Interested candidate should apply online (https://www.brd.rw/careers/ ) and upload application
documents including Curriculum Vitae, copies of degree certificates and professional certificates, motivation letter, names of three previous supervisors (as one document) as well as their emails and telephone. Please be informed that you will receive a notification pop up message after successfully uploading your application.

Only online applications shall be considered.

Email-only for inquiries (not application): recruitment@brd.rw

Address all applications to the Director, People, Culture and Corporate Services of BRD.

Deadline for application: May 27, 2026.

The employment package is highly competitive and attractive.

Only Candidates with the right qualifications and relevant experience shall be shortlisted and contacted for Interviews.