System and Network Security Manager at Konga Online Shopping Limited

  • ICT & Software
  • Full time
  • 8 months ago
  • Lagos
  • Job Qualifications BA/BSc/HND
  • Number of vacancies 1 opening
  • Job experience 5 years

Job Description

Job Category: Senior Level

Role Summary

  • The System and Network Security Manager will provide support in the development, implementation and assurance of technical security strategies across the enterprise.
  • He/She should have extensive technical knowledge and experience in multiple core technology areas, including TCP/IP, IEEE 802.X and other communication protocols, along with strong planning and analytical skills.
  • The job holder will also be responsible for working closely with other teams at Konga, while testing their application and infrastructure environments.
  • He/She will exhibit a strong sense of customer obsession while working with those teams in a consulting facility, providing deep security expertise and insights to correctly identify and reflect the security risks and vulnerabilities while working with them on remediation strategies.

Role Responsibilities

    • Assists in the development and integration of the technical security strategy and architectural standards for the organization; assists in the implementation, communication, and promotion of strategic and tactical plans.
    • Develop, review and recommend security guidelines, standards and procedures that will be implemented across the enterprise.
    • Develop security controls and testing requirements for new implementations; research and development of emerging security technologies.
    • Design and implement security tools and reporting mechanisms to support testing and information assurance. Conduct and/or supervise intrusion and vulnerability testing.
    • Identify and implement vulnerability scanning tools; coordinate penetration testing and manage security reporting process.
  • Perform security risk assessments, develop baselines and review technical risk analysis results for projects and new implementations; provide options for security controls to mitigate risk.
  • Provides oversight for security incident investigations and reviews or prepares appropriate documentation.
  • Provides oversight for security assurance of intrusion detection systems, firewalls, gateways, virus protection devices, network infrastructure, content filtering, web development, application and database systems, business systems and account administration.
  • Develops and manages a computer security incident response process to include monitoring, tracking, notification, containment, resolution, escalation and reporting.
  • Design and implement security awareness training for employees.
  • Design, develop and execute security test plans and cases, vulnerability reports, and remediation summaries
  • Understand the scope of large-scale data-driven projects and focus on corporate goals
  • Conduct software security testing, research new techniques and provide input to development team for securing web applications
  • Develop a security testing strategy to test complicated system changes by working with development
  • Notify development of all identified security issues and bugs found as a result of security testing
  • Retest all remediated problems corrected by development
  • Liaising with developers and managers on security issues, impact and risk areas
  • Overseeing software bugs tracking and vulnerabilities for identified project releases.

Professional Skills & Qualifications Required

  • A good first degree or MSc. in Computer Science or related discipline
  • Professional Certifications in Application security such as: OSCP, GWAPT, SANS, etc. will be an added advantage
  • A minimum of 5 years post NYSC experience in a similar role
  • Minimum two years’ experience in a web or mobile security testing role
  • Hands-on experience in white- and black-box testing, with a proven track record detecting and writing bug reports
  • Extensive technical knowledge of security tools to include NMAP, Nessus, Samspade, Ethereal, Airsnort, Snort, Netstumbler.
  • Extensive technical knowledge of router protocols and security weakness of these protocols, IGRP, EIGRP, RIP, OSPF.
  • Extensive technical knowledge of Operating Systems and Programming languages, Linux, UNIX, Microsoft.
  • Detailed knowledge of the Firewalls and IDS systems configurations in include Cisco PIX, Snort, Cisco IDS, Checkpoint firewalls.
  • Extensive technical knowledge of Security Monitoring.
  • Understanding of web application security concepts (ex. OWASP/SANS).
  • Experience performing penetration testing on web, mobile, and enterprise systems
  • Ability to detect & assist developers in fixing typical application security issues (i.e. OWASP Top 10)
  • Familiarity with web proxy tools such as Burp, Paros, and Fiddler
  • Experience looking for security issues such as Cross Site Scripting, SQL Injection, Cookie Manipulation, Buffer Overflows, etc
  • Familiarity with penetration testing tools and tool suites such as Burp Suite Pro, Kali Linux, nmap, Metasploit, Nessus, tcpdump, wireshark, Nikto, etc
  • Knowledge of current web application security technologies and best practices
  • Ability to write detailed detection guidance for vulnerabilities
  • Experience working in an Agile or DevOps environment
  • Strong background in cloud and virtualization technologies
  • A passion for testing enterprise software products
  • Strong problem solving and troubleshooting skills
  • Reasonable knowledge of Windows, Android, MAC OS X and iOS platforms
  • Working experience with development environments based on Java, API, Web Services is desirable
  • Experience and familiarity with JIRA, Jenkins, Bamboo and GitHub
  • Experience configuring and employing automated penetration testing tools such as the following: OWASP ZAP, Nikto, Vega, Arachni SoapUI, w3af, or NetSparker
  • Experience with iOS & Android testing tools such as apktool, dex2jar, Cydia Substrate, and IDB
  • Ability to write iOS and Android applications to demonstrate vulnerabilities.
  • Prior knowledge of relational database systems using standalone SQL
  • Prior knowledge of languages and technologies such as PHP, Nodejs, Javascript, jQuery, HTML and CSS
  • Understanding of Android and iOS security landscape.
  • Excellent planning & Organizational skills
  • Problem solving & Analytical skills
  • Leadership skills

Why work with Konga?

  • A unique opportunity to work in a fast paced, structured and technologically driven environment
  • The opportunity to become part of a highly professional and dynamic team growing the ecommerce space in Nigeria
  • An unparalleled personal and professional growth as our longer-term objective is to train the next generation of leaders for our fast growing businesses.

Method of Application

Interested and qualified candidates should forward their updated word doc CV to: using the “Job Title” as the subject of the email.

Job alerts

Receive emails for the latest jobs matching your search criteria!

Job skills