System and Network Security Manager at Konga Nigeria
Konga is a Nigerian e-commerce company founded in July 2012 with headquarters in Gbagada, Lagos State.
Konga is Nigeria’s Best Online Shopping Mall. Order online & pay on delivery! Grab amazing deals on Phones, Fashion, Electronics, and more quality products on Konga.com. 7-Day Free Returns. Super Fast Delivery.
We are currently looking for a talented person with a passion for the ecommerce space to join our team and embark on our exciting journey in the position below:
Job Title: System and Network Security Manager
Location: Lagos, Nigeria
Job Category: Senior Level
Type: Full Time
- The System and Network Security Manager will provide support in the development, implementation and assurance of technical security strategies across the enterprise.
- He/She should have extensive technical knowledge and experience in multiple core technology areas, including TCP/IP, IEEE 802.X and other communication protocols, along with strong planning and analytical skills.
- The job holder will also be responsible for working closely with other teams at Konga, while testing their application and infrastructure environments.
- He/She will exhibit a strong sense of customer obsession while working with those teams in a consulting facility, providing deep security expertise and insights to correctly identify and reflect the security risks and vulnerabilities while working with them on remediation strategies.
- Assists in the development and integration of the technical security strategy and architectural standards for the organization; assists in the implementation, communication, and promotion of strategic and tactical plans.
- Develop, review and recommend security guidelines, standards and procedures that will be implemented across the enterprise.
- Develop security controls and testing requirements for new implementations; research and development of emerging security technologies.
- Design and implement security tools and reporting mechanisms to support testing and information assurance. Conduct and/or supervise intrusion and vulnerability testing.
- Identify and implement vulnerability scanning tools; coordinate penetration testing and manage security reporting process.
- Perform security risk assessments, develop baselines and review technical risk analysis results for projects and new implementations; provide options for security controls to mitigate risk.
- Provides oversight for security incident investigations and reviews or prepares appropriate documentation.
- Provides oversight for security assurance of intrusion detection systems, firewalls, gateways, virus protection devices, network infrastructure, content filtering, web development, application and database systems, business systems and account administration.
- Develops and manages a computer security incident response process to include monitoring, tracking, notification, containment, resolution, escalation and reporting.
- Design and implement security awareness training for employees.
- Design, develop and execute security test plans and cases, vulnerability reports, and remediation summaries
- Understand the scope of large-scale data-driven projects and focus on corporate goals
- Conduct software security testing, research new techniques and provide input to development team for securing web applications
- Develop a security testing strategy to test complicated system changes by working with development
- Notify development of all identified security issues and bugs found as a result of security testing
- Retest all remediated problems corrected by development
- Liaising with developers and managers on security issues, impact and risk areas
- Overseeing software bugs tracking and vulnerabilities for identified project releases.
Professional Skills & Qualifications Required
- A good first degree or MSc. in Computer Science or related discipline
- Professional Certifications in Application security such as: OSCP, GWAPT, SANS, etc. will be an added advantage
- A minimum of 5 years post NYSC experience in a similar role
- Minimum two years’ experience in a web or mobile security testing role
- Hands-on experience in white- and black-box testing, with a proven track record detecting and writing bug reports
- Extensive technical knowledge of security tools to include NMAP, Nessus, Samspade, Ethereal, Airsnort, Snort, Netstumbler.
- Extensive technical knowledge of router protocols and security weakness of these protocols, IGRP, EIGRP, RIP, OSPF.
- Extensive technical knowledge of Operating Systems and Programming languages, Linux, UNIX, Microsoft.
- Detailed knowledge of the Firewalls and IDS systems configurations in include Cisco PIX, Snort, Cisco IDS, Checkpoint firewalls.
- Extensive technical knowledge of Security Monitoring.
- Understanding of web application security concepts (ex. OWASP/SANS).
- Experience performing penetration testing on web, mobile, and enterprise systems
- Ability to detect & assist developers in fixing typical application security issues (i.e. OWASP Top 10)
- Familiarity with web proxy tools such as Burp, Paros, and Fiddler
- Experience looking for security issues such as Cross Site Scripting, SQL Injection, Cookie Manipulation, Buffer Overflows, etc
- Familiarity with penetration testing tools and tool suites such as Burp Suite Pro, Kali Linux, Nmap, Metasploit, Nessus, tcpdump, wireshark, Nikto, etc
- Knowledge of current web application security technologies and best practices
- Ability to write detailed detection guidance for vulnerabilities
- Experience working in an Agile or DevOps environment
- Strong background in cloud and virtualization technologies
- A passion for testing enterprise software products
- Strong problem solving and troubleshooting skills
- Reasonable knowledge of Windows, Android, MAC OS X and iOS platforms
- Working experience with development environments based on Java, API, Web Services is desirable
- Experience and familiarity with JIRA, Jenkins, Bamboo and GitHub
- Experience configuring and employing automated penetration testing tools such as the following: OWASP ZAP, Nikto, Vega, Arachni SoapUI, w3af, or NetSparker
- Experience with iOS & Android testing tools such as apktool, dex2jar, Cydia Substrate, and IDB
- Ability to write iOS and Android applications to demonstrate vulnerabilities.
- Prior knowledge of relational database systems using standalone SQL
- Understanding of Android and iOS security landscape.
- Excellent planning & Organizational skills
- Problem solving & Analytical skills
- Leadership skills
Why work with Konga?
- A unique opportunity to work in a fast paced, structured and technologically driven environment
- The opportunity to become part of a highly professional and dynamic team growing the ecommerce space in Nigeria
- An unparalleled personal and professional growth as our longer-term objective is to train the next generation of leaders for our fast growing businesses.