Skip to main content

Information Security Analyst

Development Bank of Rwanda (BRD)

The Development Bank of Rwanda is Rwanda’s only National Development Bank mandated to support Rwanda’s development goals. Over the last years, the bank has undergone substantial re-organization aimed at positioning it as an “innovative and sustainable provider of development finance for socio-economic impact”. 

Rate this employer
Average: 3.7 (97 votes)

Vacancy Announcement

The Development Bank of Rwanda (BRD) Plc is Rwanda’s only National Development Bank mandated to support Rwanda’s Vision 2050 development agenda. Over the past five years, the bank has registered exponential growth contributing to socio-economic development, strengthening institutional and human capacity, fostering corporate governance and risk management practices.

The Bank is implementing the revised strategic plan for 2024-2028 which is appropriately aligned to the country’s strategic direction enabling the Bank to unlock better value creation for its stakeholders by supporting entrepreneurs, addressing market failures, and impactful socioeconomic development.

To deliver on its bold vision and impactful objectives, the Bank’s expanded and refocused mandate is underpinned on four strategic focus areas:

  • Availing transformational finance.
  • Increasing green financing for a resilient future.
  • Driving scale and impact.
  • Fostering innovation and technology.

To achieve its strategic mandate, BRD recognizes the importance of strengthening its human and institutional capital to drive sustainable development, and ensure the Bank remains a center of excellence in the financial sector.

BRD is committed to respecting gender equality and disability norms. We promote gender responsive practices. Qualified candidates particularly females and persons living with disabilities are encouraged to apply.

To help accomplish this ambitious and exciting vision, the Development Bank of Rwanda (BRD) would like to recruit suitable qualified candidates to fill the following position:


Background Information

Job Title:  Information Security Analyst

Job Grade: 6

Department: CEO’s Office

Reports to: Senior Manager Information Security and Risk

Contract Terms: Open-ended

Purpose of the Job:

The Information Security Analyst Job function will more into performing penetration tests, manual and automated vulnerability assessment scans on applications and IT infrastructure, risk assessments and code reviews. S/he will also be responsible for implementing remediation of the identified vulnerabilities in applications and supporting infrastructure. will conduct research on threats and attack vectors that impact web applications, bank’s IT infrastructure and mobile applications.

Key Responsibilities:

  • Provide security guidance to the application development team on various areas including secure coding techniques, process and tools, security testing support and release.
  • Drive and perform application security training, requirements & standards, static & dynamic security testing 
  • Lead the application security design reviews for new applications to be developed and services.
  • Providing DevOps security solution integration with various security test tools
  • Conduct effective vulnerability management through VAPTs for all bank’s applications whether newly acquired and existing to ensure vulnerabilities are timely detected and managed. 
  • Perform source-code reviews and threat modelling the SDLC of the applications
  • Assessing application security solutions proof of value through conducting proof of concept
  • Participate in the architecture of mobile and web applications including interface and database design, process and API flows, networking, cloud infrastructure, protocol communication, security and appropriate technology use.
  • Support the operationalization of the Security Operation Center (SOC) and implementation of ISO 27001:2022 ISMS 
  • Simulating an attack on the system and IT infrastructure to find exploitable weaknesses
  • Establish and manage relations with vendors and related equipment suppliers
  • Develop and communicate the Security Service catalogue 
  • Administer network and system monitoring tools and report attempted attacks to inform recommendations on further mitigation measures
  • Perform detailed analysis of incidents and implement recommended mitigation 
  • Conduct monitoring controls on the Applications and Databases to ensure access management is based on the least privilege principle. 
  • Perform security reviews for access management of core banking and applications hosted on cloud
  • Develop and review policies and procedures for applications/software development

Performance Indicators

  • Advanced knowledge in using VAPT tools like Kali Linux tools and other Web Vulnerability and security scanning tools
  • Experience working with Web Applications, Web Services, and Service Oriented Architectures
  • Experience with multiple programming languages (such as, Java, C++, Ruby, Python, Perl, etc.)
  • Familiarity with the OWASP framework and application security best practices 
  • Strong understanding of SDLC principles.
  • Strong analytical, documentation, and interpersonal skills 
  • Knowledge of encryption technologies (web, database, and file).
  • Knowledge of identity and access management and its application in an enterprise
  • Understanding of information security risks in financial services.

Professional, academic qualifications and experience

  • Bachelor’s degree in computer science, computer engineering, information systems or any other relevant degree. 
  • Master’s degree in information security field is an added value
  • Information security certifications is an added advantage like ISO Lead Implementer, Lead Auditor, CEH or any other related professional recognized certifications 
  • At least 1 years of experience in conducting VAPT 

Other Competencies

  • Good communication & analytical skills
  • Good time management & team player
  • High level of ownership of the assignments
  • Flexible to work under changing environment

Application Guidelines:

Interested candidate should apply online ( and upload application documents including Curriculum Vitae, copies of degree certificates and professional certificates, motivation letter, names of three previous supervisors (as one document) as well as their emails and telephone. Please be informed that you will receive a notification pop up message after successfully uploading your application.

Only online applications shall be considered.

Email only for inquiries (not application): 

Address all applications to the Head, Human Capital, and Corporate Services of the Development Bank of Rwanda.

Deadline for application: 19th July 2024

The employment package is highly competitive/attractive.

Due to expected high volume of applications, ONLY shortlisted applicants will be contacted.

Done in Kigali, Friday 5th July 2024

Click on the APPLY button to send your application documents:
  • Your application will be sent to the employer immediately (Allowed formats: .doc .pdf .txt .docx)
  • A confirmation email will be sent to you few minutes afterwards
  • You can request any documents archived from our website (ex: a job description, a CV, a cover letter...)