Konga is a leading player in the Nigerian ecommerce space, with over a thousand (1000) employees across the country, over 30 offline retail stores and many growing business subsidiaries such as KongaPay, Konga Travels and Tours, Konga Express etc.
We are currently looking for a talented person with a passion for the ecommerce space to join our team and embark on our exciting journey in the position below:
Job Title: System and Network Security Manager
Location: Lagos, Nigeria
Job Category: Senior Level
Type: Full Time
- The System and Network Security Manager will provide support in the development, implementation and assurance of technical security strategies across the enterprise.
- He/She should have extensive technical knowledge and experience in multiple core technology areas, including TCP/IP, IEEE 802.X and other communication protocols, along with strong planning and analytical skills.
- The job holder will also be responsible for working closely with other teams at Konga, while testing their application and infrastructure environments.
- He/She will exhibit a strong sense of customer obsession while working with those teams in a consulting facility, providing deep security expertise and insights to correctly identify and reflect the security risks and vulnerabilities while working with them on remediation strategies.
- Assists in the development and integration of the technical security strategy and architectural standards for the organization; assists in the implementation, communication, and promotion of strategic and tactical plans.
- Develop, review and recommend security guidelines, standards and procedures that will be implemented across the enterprise.
- Develop security controls and testing requirements for new implementations; research and development of emerging security technologies.
- Design and implement security tools and reporting mechanisms to support testing and information assurance. Conduct and/or supervise intrusion and vulnerability testing.
- Identify and implement vulnerability scanning tools; coordinate penetration testing and manage security reporting process.
- Perform security risk assessments, develop baselines and review technical risk analysis results for projects and new implementations; provide options for security controls to mitigate risk.
- Provides oversight for security incident investigations and reviews or prepares appropriate documentation.
- Provides oversight for security assurance of intrusion detection systems, firewalls, gateways, virus protection devices, network infrastructure, content filtering, web development, application and database systems, business systems and account administration.
- Develops and manages a computer security incident response process to include monitoring, tracking, notification, containment, resolution, escalation and reporting.
- Design and implement security awareness training for employees.
- Design, develop and execute security test plans and cases, vulnerability reports, and remediation summaries
- Understand the scope of large-scale data-driven projects and focus on corporate goals
- Conduct software security testing, research new techniques and provide input to development team for securing web applications
- Develop a security testing strategy to test complicated system changes by working with development
- Notify development of all identified security issues and bugs found as a result of security testing
- Retest all remediated problems corrected by development
- Liaising with developers and managers on security issues, impact and risk areas
- Overseeing software bugs tracking and vulnerabilities for identified project releases.
Professional Skills & Qualifications Required
- A good first degree or MSc. in Computer Science or related discipline
- Professional Certifications in Application security such as: OSCP, GWAPT, SANS, etc. will be an added advantage
- A minimum of 5 years post NYSC experience in a similar role
- Minimum two years’ experience in a web or mobile security testing role
- Hands-on experience in white- and black-box testing, with a proven track record detecting and writing bug reports
- Extensive technical knowledge of security tools to include NMAP, Nessus, Samspade, Ethereal, Airsnort, Snort, Netstumbler.
- Extensive technical knowledge of router protocols and security weakness of these protocols, IGRP, EIGRP, RIP, OSPF.
- Extensive technical knowledge of Operating Systems and Programming languages, Linux, UNIX, Microsoft.
- Detailed knowledge of the Firewalls and IDS systems configurations in include Cisco PIX, Snort, Cisco IDS, Checkpoint firewalls.
- Extensive technical knowledge of Security Monitoring.
- Understanding of web application security concepts (ex. OWASP/SANS).
- Experience performing penetration testing on web, mobile, and enterprise systems
- Ability to detect & assist developers in fixing typical application security issues (i.e. OWASP Top 10)
- Familiarity with web proxy tools such as Burp, Paros, and Fiddler
- Experience looking for security issues such as Cross Site Scripting, SQL Injection, Cookie Manipulation, Buffer Overflows, etc
- Familiarity with penetration testing tools and tool suites such as Burp Suite Pro, Kali Linux, nmap, Metasploit, Nessus, tcpdump, wireshark, Nikto, etc
- Knowledge of current web application security technologies and best practices
- Ability to write detailed detection guidance for vulnerabilities
- Experience working in an Agile or DevOps environment
- Strong background in cloud and virtualization technologies
- A passion for testing enterprise software products
- Strong problem solving and troubleshooting skills
- Reasonable knowledge of Windows, Android, MAC OS X and iOS platforms
- Working experience with development environments based on Java, API, Web Services is desirable
- Experience and familiarity with JIRA, Jenkins, Bamboo and GitHub
- Experience configuring and employing automated penetration testing tools such as the following: OWASP ZAP, Nikto, Vega, Arachni SoapUI, w3af, or NetSparker
- Experience with iOS & Android testing tools such as apktool, dex2jar, Cydia Substrate, and IDB
- Ability to write iOS and Android applications to demonstrate vulnerabilities.
- Prior knowledge of relational database systems using standalone SQL
- Understanding of Android and iOS security landscape.
- Excellent planning & Organizational skills
- Problem solving & Analytical skills
- Leadership skills
Why work with Konga?
- A unique opportunity to work in a fast paced, structured and technologically driven environment
- The opportunity to become part of a highly professional and dynamic team growing the ecommerce space in Nigeria
- An unparalleled personal and professional growth as our longer-term objective is to train the next generation of leaders for our fast growing businesses.
Application Closing Date
10th June, 2020.
YOU MAY WANT TO APPLY FOR:
Method of Application
Interested and qualified candidates should forward their updated word doc CV to: firstname.lastname@example.org using the “Job Title” as the subject of the email.