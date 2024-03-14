Job Description

Applications are invited from suitably qualified persons to fill the above mentioned post within the Zimbabwe Revenue Authority (ZIMRA) – an equal opportunity employer.

Duties and Responsibilities

Conduct periodic internal vulnerabilities assessment and penetration tests on all ZIMRA ICT systems.

Performing web application penetration tests on target applications, providing reports documenting the issues including actionable recommendations for remediation.

Working closely with development teams to provide input and education on identified security issues.

Produce, review, and document information, processes, and procedures pertaining to Secure SDLC work (e.g. DAST process).

Assist in the development and maintenance of application security standards.

Conduct application security testing and quality assurance (QA) throughout the SDLC lifecycle to validate testing processes.

Monitor application security threat landscape and incorporate leading practices into testing approach.

Participate in the investigation of information security incidents and development of remediation/prevention mechanisms.

Proactively identify opportunities for improvements in the application security program and communicate those to the global Information Security function.

Staying current on Application Security testing industry vulnerabilities, technologies, tools, and skills, and make recommendations for use based on business value.

Any other duties as may be assigned by the Information Assets Manager.

Qualifications and Experience

A graduate Degree in Computer Science or Information & Communication Technology or equivalent qualification

Minimum of three (3) years' experience in ICT Services, of which two (2) years should be in ICT

Security or equivalent experience in areas such as Information Security and Application Development.

Certification in Java or Web Services, ICT Control and Management (COBIT), ISO 27001 certification or comparable security certification is required.

Additional certification that must be obtained within 12 - 24 months of employment: Certified Secure Software Lifecycle Professional (CSSLP) or Certified Information Systems Security Professional (CISSP) is required.

Proven effectiveness in collaborating across teams/disciplines, including but not limited to software developers, testers, and others outside the security organization.

Self-starter with ability to work under pressure and beyond stipulated hours.

Unquestionable integrity.

Good communication and interpersonal skills.

Ability to work with minimum supervision.

Good organizational, people and time management skills.

Team player who is innovative and analytical.

Strong communication and presentation skills along with the ability to work in a highly collaborative environment.

Other

How to Apply

Interested candidates should submit applications, accompanied by a detailed Curriculum Vitae, All applications should be emailed to: ZimraRecruitment@zimra.co.zw, clearly stating the position applied for and addressed to:

The Director, Human Capital