System and Network Security Manager at Konga Online Shopping Limited

Job Category: Senior Level

Role Summary

• The System and Network Security Manager will provide support in the development, implementation and assurance of technical security strategies across the enterprise.
• He/She should have extensive technical knowledge and experience in multiple core technology areas, including TCP/IP, IEEE 802.X and other communication protocols, along with strong planning and analytical skills.
• The job holder will also be responsible for working closely with other teams at Konga, while testing their application and infrastructure environments.
• He/She will exhibit a strong sense of customer obsession while working with those teams in a consulting facility, providing deep security expertise and insights to correctly identify and reflect the security risks and vulnerabilities while working with them on remediation strategies.

Role Responsibilities

• Assists in the development and integration of the technical security strategy and architectural standards for the organization; assists in the implementation, communication, and promotion of strategic and tactical plans.
• Develop, review and recommend security guidelines, standards and procedures that will be implemented across the enterprise.
• Develop security controls and testing requirements for new implementations; research and development of emerging security technologies.
• Design and implement security tools and reporting mechanisms to support testing and information assurance. Conduct and/or supervise intrusion and vulnerability testing.
• Identify and implement vulnerability scanning tools; coordinate penetration testing and manage security reporting process.
• Perform security risk assessments, develop baselines and review technical risk analysis results for projects and new implementations; provide options for security controls to mitigate risk.
• Provides oversight for security incident investigations and reviews or prepares appropriate documentation.
• Provides oversight for security assurance of intrusion detection systems, firewalls, gateways, virus protection devices, network infrastructure, content filtering, web development, application and database systems, business systems and account administration.
• Develops and manages a computer security incident response process to include monitoring, tracking, notification, containment, resolution, escalation and reporting.
• Design and implement security awareness training for employees.
• Design, develop and execute security test plans and cases, vulnerability reports, and remediation summaries
• Understand the scope of large-scale data-driven projects and focus on corporate goals
• Conduct software security testing, research new techniques and provide input to development team for securing web applications
• Develop a security testing strategy to test complicated system changes by working with development
• Notify development of all identified security issues and bugs found as a result of security testing
• Retest all remediated problems corrected by development
• Liaising with developers and managers on security issues, impact and risk areas
• Overseeing software bugs tracking and vulnerabilities for identified project releases.

Professional Skills & Qualifications Required

• A good first degree or MSc. in Computer Science or related discipline
• Professional Certifications in Application security such as: OSCP, GWAPT, SANS, etc. will be an added advantage
• A minimum of 5 years post NYSC experience in a similar role
• Minimum two years’ experience in a web or mobile security testing role
• Hands-on experience in white- and black-box testing, with a proven track record detecting and writing bug reports
• Extensive technical knowledge of security tools to include NMAP, Nessus, Samspade, Ethereal, Airsnort, Snort, Netstumbler.
• Extensive technical knowledge of router protocols and security weakness of these protocols, IGRP, EIGRP, RIP, OSPF.
• Extensive technical knowledge of Operating Systems and Programming languages, Linux, UNIX, Microsoft.
• Detailed knowledge of the Firewalls and IDS systems configurations in include Cisco PIX, Snort, Cisco IDS, Checkpoint firewalls.
• Extensive technical knowledge of Security Monitoring.
• Understanding of web application security concepts (ex. OWASP/SANS).
• Experience performing penetration testing on web, mobile, and enterprise systems
• Ability to detect & assist developers in fixing typical application security issues (i.e. OWASP Top 10)
• Familiarity with web proxy tools such as Burp, Paros, and Fiddler
• Experience looking for security issues such as Cross Site Scripting, SQL Injection, Cookie Manipulation, Buffer Overflows, etc
• Familiarity with penetration testing tools and tool suites such as Burp Suite Pro, Kali Linux, nmap, Metasploit, Nessus, tcpdump, wireshark, Nikto, etc
• Knowledge of current web application security technologies and best practices
• Ability to write detailed detection guidance for vulnerabilities
• Experience working in an Agile or DevOps environment
• Strong background in cloud and virtualization technologies
• A passion for testing enterprise software products
• Strong problem solving and troubleshooting skills
• Reasonable knowledge of Windows, Android, MAC OS X and iOS platforms
• Working experience with development environments based on Java, API, Web Services is desirable
• Experience and familiarity with JIRA, Jenkins, Bamboo and GitHub
• Experience configuring and employing automated penetration testing tools such as the following: OWASP ZAP, Nikto, Vega, Arachni SoapUI, w3af, or NetSparker
• Experience with iOS & Android testing tools such as apktool, dex2jar, Cydia Substrate, and IDB
• Ability to write iOS and Android applications to demonstrate vulnerabilities.
• Prior knowledge of relational database systems using standalone SQL
• Prior knowledge of languages and technologies such as PHP, Nodejs, Javascript, jQuery, HTML and CSS
• Understanding of Android and iOS security landscape.
• Excellent planning & Organizational skills
• Problem solving & Analytical skills
• Leadership skills

Why work with Konga?

• A unique opportunity to work in a fast paced, structured and technologically driven environment
• The opportunity to become part of a highly professional and dynamic team growing the ecommerce space in Nigeria
• An unparalleled personal and professional growth as our longer-term objective is to train the next generation of leaders for our fast growing businesses.