Cybersecurity Engineer at 54gene

Zip / Postal Code: 105102
Department: Cybersecurity
Reports to: Sr Director, Cybersecurity
Industry: Biotechnology

Job Description

• We are looking for a Cybersecurity Engineer who will work directly with the Senior Director of Cybersecurity.
• This role will take the traditional vulnerability assessment and build upon it. Evaluate the security of 54gene’s networks, applications, sensitive internal systems, mobile application and data coding standards.
• Our engineer will need to go beyond the typical enumerating vulnerabilities through scanning and need to look at exploiting identified issues or discovering issues not picked up by scans.

Duties and Responsibilities

• Network, System, Application, Mobile, traditional web and wireless penetration testing.
• Testing and exploiting web app and web services security vulnerabilities including cross-site scripting, cross site request forgery, SQL injection, DoS attacks, XML/SOAP and API attacks.
• Managing/facilitating security due diligence activities throughout the Application Software Development Life Cycle (SDLC) to ensure that security risks are identified and controls are implemented to mitigate risk.
• Designing and developing Cloud-specific security policies, standards and procedures e.g. Identity and Access Management (SSO, SAML), and Privilege Management, Firewall management, SSL/IPSec, Encryption Key Management (BYOK), Security incident and event management (SIEM), Data protection (DLP, encryption), Vulnerability Management in partnership with Infrastructure Services, and Application Development.
• Be a subject matter expert on security controls applicable to rapid software development methodologies and DevOps automation.
• Recommend or automate approach to streamline and integrate technological processes and/or systems to improve operational efficiency and effectiveness.
• Spread awareness and knowledge of good Information Security practices in development teams.

Requirements
Qualifications:

• Bachelor's degree in an IT related field is preferred, but not mandatory
• 4+ years of relevant experience
• CEH, OSWE or equivalents very strongly preferred.

Knowledge, Experience and Skills:

• Strong technical acumen with an understanding of cloud security, and familiarity with security tools and processes.
• Experience with penetration testing and code reviews highly desired.
• Wireless, Network and TCP/IP skills along with Unix command, bash scripting, and / or python coding required.
• A knowledge of adversarial activities in cyberspace with an understanding of intrusion set tactics, techniques, and procedures (TTP) with the ability to emulate these TTP to assess vulnerability and risk desired.
• Familiarity with Advanced Persistent Threat (APT) activity.
• In depth knowledge of Application Security, API testing, Information Security risk and industry best practices.
• Knowledge based on hands-on experience in implementing security in rapid software development methodologies (like, Agile) and DevOps automation.
• Microservice architecture expertise and best practices in securing APIs across multi-cloud environments.

Other:

• Authorization to work in Nigeria
• The duties stated are intended to describe the general nature and level of work to be performed. They are not to be construed as an exhaustive list of all duties, responsibilities and skills required. Other related duties may be assigned within scope of ability.