Responsible for providing independent assurance over the security of software applications and the Software Development Life Cycle (SDLC), including the review of general SDLC best practices, governance, and process effectiveness, with a strong and explicit focus on conducting Web Application and API Vulnerability Assessments and Penetration Testing (VAPT).
The role is accountable for actively identifying, validating, and assessing security weaknesses in web applications and APIs through hands-on technical testing, and for evaluating whether security best practices are effectively embedded throughout the SDLC to mitigate cybersecurity risks. This includes assessing secure-by-design implementation, secure coding practices, and security controls integrated within development, testing, and deployment processes.
Main Responsibilities:
- Strong knowledge of software development life cycle (SDLC) methodologies, including Agile, DevOps, and secure-by-design principles.
- Good understanding of application and API security concepts, common vulnerabilities, and secure coding practices.
- Solid knowledge of cybersecurity fundamentals, including access control, encryption, vulnerability management, and secure system architectures.
- Working knowledge of industry standards, frameworks, and best practices relevant to application security, SDLC, and cybersecurity assurance.
- Knowledge of internal auditing practices, including risk-based auditing, control assessment, and audit reporting.
- Excellent written and verbal communication skills, with the ability to present complex information to both technical and non-technical stakeholders.
- Strong analytical and problem-solving skills, with the ability to identify and address software development and security risks.
- Ability to work independently and as part of a team.
- Ability to manage multiple priorities and meet deadlines in a fast-paced environment
Knowledge and Skills:
- Bachelor's degree in Computer Science, Information technology, or related fields.
- Relevant professional certifications such as Certified Internal Auditor (CIA), Certified Information Systems Auditor (CISA), CISSP, CEH etc. will be an added advantage.
- At least 3 years' experience in Cybersecurity, Software development, Security, Internal/external audit, ICT Audits, data analytics, or a related field.
- Experience in performing software development and security reviews or audits, including reviewing software designs and codes.
- Experience with security tools, such as vulnerability scanners and penetration testing tools.
NMB Bank Plc is an Equal Opportunity Employer. We are committed to creating a diverse environment and achieving gender balanced workforce.
Female candidates and people living with disabilities are strongly encouraged to apply for this position.NMB Bank Plc does not charge any fee in connection with the application or recruitment process. Should you receive a solicitation for the payment of a fee, please disregard it.
Only shortlisted candidates will be contacted.
Job opening date : 22-May-2026
Job closing date : 05-Jun-2026
NMB Bank Tanzania is a commercial bank in Tanzania. It is licensed by the Bank of Tanzania, the central bank and national banking regulator. NMB Bank Tanzania offers a variety of banking services, including savings and checking accounts, loans, credit cards, and investment products. The bank is also known for its strong commitment to corporate social responsibility and its focus on supporting the growth of small and medium-sized businesses in Tanzania.
- Founded
- 1997
- Size
- Leading companies in Tanzania By Market Capitalization
- Location
- Dar es salaam
- Website
- www.nmbbank.co.tz/