Job Vacancies at Konga

Job Category: Senior Level

Role Summary

• The System and Network Security Manager will provide support in the development, implementation and assurance of technical security strategies across the enterprise.
• He/She should have extensive technical knowledge and experience in multiple core technology areas, including TCP/IP, IEEE 802.X and other communication protocols, along with strong planning and analytical skills.
• The job holder will also be responsible for working closely with other teams at Konga, while testing their application and infrastructure environments.
• He/She will exhibit a strong sense of customer obsession while working with those teams in a consulting facility, providing deep security expertise and insights to correctly identify and reflect the security risks and vulnerabilities while working with them on remediation strategies.

Role Responsibilities

• Assists in the development and integration of the technical security strategy and architectural standards for the organization; assists in the implementation, communication, and promotion of strategic and tactical plans.
• Develop, review and recommend security guidelines, standards and procedures that will be implemented across the enterprise.
• Develop security controls and testing requirements for new implementations; research and development of emerging security technologies.
• Design and implement security tools and reporting mechanisms to support testing and information assurance. Conduct and/or supervise intrusion and vulnerability testing.
• Identify and implement vulnerability scanning tools; coordinate penetration testing and manage security reporting process.
• Perform security risk assessments, develop baselines and review technical risk analysis results for projects and new implementations; provide options for security controls to mitigate risk.
• Provides oversight for security incident investigations and reviews or prepares appropriate documentation.
• Provides oversight for security assurance of intrusion detection systems, firewalls, gateways, virus protection devices, network infrastructure, content filtering, web development, application and database systems, business systems and account administration.
• Develops and manages a computer security incident response process to include monitoring, tracking, notification, containment, resolution, escalation and reporting.
• Design and implement security awareness training for employees.
• Design, develop and execute security test plans and cases, vulnerability reports, and remediation summaries
• Understand the scope of large-scale data-driven projects and focus on corporate goals
• Conduct software security testing, research new techniques and provide input to development team for securing web applications
• Develop a security testing strategy to test complicated system changes by working with development
• Notify development of all identified security issues and bugs found as a result of security testing
• Retest all remediated problems corrected by development
• Liaising with developers and managers on security issues, impact and risk areas
• Overseeing software bugs tracking and vulnerabilities for identified project releases.

Professional Skills & Qualifications Required

• A good first degree or MSc. in Computer Science or related discipline
• Professional Certifications in Application security such as: OSCP, GWAPT, SANS, etc. will be an added advantage
• A minimum of 5 years post NYSC experience in a similar role
• Minimum two years’ experience in a web or mobile security testing role
• Hands-on experience in white- and black-box testing, with a proven track record detecting and writing bug reports
• Extensive technical knowledge of security tools to include NMAP, Nessus, Samspade, Ethereal, Airsnort, Snort, Netstumbler.
• Extensive technical knowledge of router protocols and security weakness of these protocols, IGRP, EIGRP, RIP, OSPF.
• Extensive technical knowledge of Operating Systems and Programming languages, Linux, UNIX, Microsoft.
• Detailed knowledge of the Firewalls and IDS systems configurations in include Cisco PIX, Snort, Cisco IDS, Checkpoint firewalls.
• Extensive technical knowledge of Security Monitoring.
• Understanding of web application security concepts (ex. OWASP/SANS).
• Experience performing penetration testing on web, mobile, and enterprise systems
• Ability to detect & assist developers in fixing typical application security issues (i.e. OWASP Top 10)
• Familiarity with web proxy tools such as Burp, Paros, and Fiddler
• Experience looking for security issues such as Cross Site Scripting, SQL Injection, Cookie Manipulation, Buffer Overflows, etc
• Familiarity with penetration testing tools and tool suites such as Burp Suite Pro, Kali Linux, nmap, Metasploit, Nessus, tcpdump, wireshark, Nikto, etc
• Knowledge of current web application security technologies and best practices
• Ability to write detailed detection guidance for vulnerabilities
• Experience working in an Agile or DevOps environment
• Strong background in cloud and virtualization technologies
• A passion for testing enterprise software products
• Strong problem solving and troubleshooting skills
• Reasonable knowledge of Windows, Android, MAC OS X and iOS platforms
• Working experience with development environments based on Java, API, Web Services is desirable
• Experience and familiarity with JIRA, Jenkins, Bamboo and GitHub
• Experience configuring and employing automated penetration testing tools such as the following: OWASP ZAP, Nikto, Vega, Arachni SoapUI, w3af, or NetSparker
• Experience with iOS & Android testing tools such as apktool, dex2jar, Cydia Substrate, and IDB
• Ability to write iOS and Android applications to demonstrate vulnerabilities.
• Prior knowledge of relational database systems using standalone SQL
• Prior knowledge of languages and technologies such as PHP, Nodejs, Javascript, jQuery, HTML and CSS
• Understanding of Android and iOS security landscape.
• Excellent planning & Organizational skills
• Problem solving & Analytical skills
• Leadership skills

Why work with Konga?

• A unique opportunity to work in a fast paced, structured and technologically driven environment
• The opportunity to become part of a highly professional and dynamic team growing the ecommerce space in Nigeria
• An unparalleled personal and professional growth as our longer-term objective is to train the next generation of leaders for our fast growing businesses.

go to method of application »

Job Category: Senior Level

Role Summary

• The Information Systems Auditor will be responsible for assessing information systems for areas such as physical security, access, logging, and systems continuity.
• He or she will develop and implement audit plans on diverse computer applications and providing assurance for systems reliability and quality of information; analyzing information technology processes, businesses controls, and programs; identifying internal control risks and recommending their solutions; providing training to audit team members and preparing audit reports.
• Also, the Information Systems Auditor will perform detailed evaluation and internal control and audit reviews of computer information systems. Develops and maintains audit software. Consults with administrators, faculty, and staff on computer information systems operational issues.

Role Responsibilities

• Evaluate and review a range of mainframe, PC, and distributed production and applications computer systems.
• Review system backup, disaster recovery and maintenance procedures.
• Performs general and application control reviews for simple to complex computer information systems.
• Performs information control reviews to include system development standards, operating procedures, system security, programming controls, communication controls, backup and disaster recovery, and system maintenance.
• Directs and/or performs reviews of internal control procedures and security for systems under development and/or enhancements to current systems.
• Maintains and develops computerized audit software.
• Prepares audit finding memoranda and working papers to ensure that adequate documentation exists to support the completed audit and conclusions.
• Prepares and presents written and oral reports and other technical information in a pertinent, concise, and accurate manner for distribution to management.
• Consults with and advises administrators, faculty, and staff on various operational issues related to computerized information systems, and on general business operations as needed.
• Follows up on audit findings to ensure that management has taken corrective action(s).
• Coordinates and interacts with external auditors, administrators, faculty, staff and law enforcement officials as appropriate.
• Assists and trains other audit staff in the use of computerized audit techniques, and in developing methods for review and analysis of computerized information systems.
• Maintains currency of knowledge with respect to relevant state-of-the-art technology, equipment, and/or systems.
• Conduct operational, compliance, financial and investigative audits, as assigned.
• Execute a risk-based IS audit strategy in compliance with IS audit standards to ensure that key risk areas are audited.
• Plan specific audits to determine whether information systems are protected, controlled and provide value to the organization.
• Conduct audits in accordance with IS audit standards to achieve planned audit objectives.
• Communicate audit results and make recommendations to key stakeholders through meetings and audit reports to promote change when necessary.
• Conduct audit follow-ups to determine whether appropriate actions have been taken by management in a timely manner.
• Evaluate the IT strategy, including IT direction, and the processes for the strategy’s development, approval, implementation, and maintenance for alignment with the organization’s strategies and objectives.
• Evaluate the effectiveness of the IT governance structure to determine whether IT decisions, directions and performance support the organization’s strategies and objectives.
• Evaluate the organization’s IT policies, standards and procedures, and the processes for their development, approval, release/publishing, implementation and maintenance to determine whether they support the IT strategy and comply with regulatory and legal requirements.
• Evaluate risk management practices to determine whether the organization’s IT-related risk is identified, assessed, monitored, reported and managed.
• Evaluate the organization’s business continuity plan (BCP), including alignment of the IT disaster recovery plan (DRP) with the BCP, to determine the organization’s ability to continue essential business operations during the period of an IT disruption.
• Evaluate the information security and privacy policies, standards and procedures for completeness, alignment with generally accepted practices and compliance with applicable external requirements.
• Evaluate the design, implementation, maintenance, monitoring, and reporting of physical and environmental controls to determine whether information assets are adequately safeguarded.
• Evaluate the design, implementation, maintenance, monitoring and reporting of system and logical security controls to verify the confidentiality, integrity, and availability of information.

Professional Skills & Qualifications Required

• A Bachelor's degree in Information Systems, Information Technology, MIS, or accounting related discipline
• Professional Certifications in Application security such as: CPA, CISA, CISM, ACA, and/or CIA may also help find a suitable position.
• Knowledge working with audit analysis software, SAP, Oracle, Sybase, or UNIX is an advantage.
• A minimum of 5 years post NYSC experience in a similar role
• Excellent knowledge of current technological developments/trends in area of expertise.
• Knowledge of auditing concepts and principles.
• Ability to evaluate and review a range of mainframe, PC, and distributed production and applications computer systems.
• Ability to gather data, compile information, and prepare reports.
• Ability to perform control reviews on systems development, operation, programming, control, and security procedures and standards.
• Ability to review system backup, disaster recovery and maintenance procedures.
• Ability to communicate with and understand the requirements of professional staff in area of specialty.
• Ability to create, compose, and edit written materials.
• Knowledge of software requirements for the auditing of computing systems and procedures.
• Knowledge of computer systems development and programming.
• Knowledge of general accounting principles.
• Knowledge of public auditing policies, standards, and procedures.
• Knowledge of federal, state, and local laws, regulations, and standards governing all aspects of the utilization of computer systems.
• Excellent planning & Organizational skills
• Problem solving, Analytical skills and Leadership skills