CyberSecurity and Secure Coding Vacancy at an Online Retail Company

Discussion in 'Looking To Hire' started by CryptPhi, Apr 19, 2017.


  1. Konga Online Shopping (konga.com) is Nigeria’s largest online retail store and we are looking for an innovative and resourceful Enterprise Security Engineer who will provides support in the development, implementation and assurance of technical security strategies across the enterprise. The Enterprise Security Engineer also has extensive technical knowledge and experience in multiple core technology areas, including TCP/IP, IEEE 802.X and other communication protocols, along with strong planning and analytical skills.


    The Enterprise Security Engineer is responsible for supporting the architecture, design and assurance of information security mechanisms and services throughout the enterprise. The Enterprise Security Engineer works as part of cross-functional teams that deal with the full spectrum of information management technology providing security-based direction in technical standards, planning, and strategy to other technical staff and management. The Enterprise Security Engineer supports the development and implementation of key security initiatives and global security parameters based upon level of risk for all enterprise IT platforms and infrastructure. The Enterprise Security Engineer provides internal consulting, analysis, and security review to project teams and business units in identifying secure solutions for attaining business goals and objectives. The Enterprise Security Engineer remains current on potential business threats and is proactive in recommending new security policies and modifications to current security policies. The Enterprise Security Engineer participates in project implementation and security-based training as needed.



    The candidate will also be actively involved in conducting penetration testing and source code review on Konga’s web and mobile applications. The scope of this role includes performing the full cycle of penetration testing engagements - from scoping, through threat modeling, information gathering, discovery, vulnerability assessment, active testing, pivoting and reporting. Your engagements will include internal, external, web, mobile, thick applications and additional environments. Also performs probes of networks, applications, and devices to determine if security vulnerabilities exist and/or if security and access control policies have been violated.


    As an Enterprise Security Engineer, you will be responsible for working closely with other teams at Konga, while testing their application and infrastructure environments. You will exhibit a strong sense of customer obsession while working with those teams in a consulting facility. You will be providing deep security expertise and insight to correctly identify and reflect the security risks and vulnerabilities while working with them on remediation strategies.



    RESPONSIBILITIES




      • Assists in the development and integration of the technical security strategy and architectural standards for the organization; assists in the implementation, communication, and promotion of strategic and tactical plans.
      • Develop, review and recommend security guidelines, standards and procedures that will be implemented across the enterprise.
      • Develop security controls and testing requirements for new implementations; research and development of emerging security technologies.
      • Design and implement security tools and reporting mechanisms to support testing and information assurance. Conduct and/or supervise intrusion and vulnerability testing.
      • Identify and implement vulnerability scanning tools; coordinate penetration testing and manage security reporting process.
      • Perform security risk assessments, develop baselines and review technical risk analysis results for projects and new implementations; provide options for security controls to mitigate risk.
      • Provides oversight for security incident investigations and reviews or prepares appropriate documentation.
      • Provides oversight for security assurance of intrusion detection systems, firewalls, gateways, virus protection devices, network infrastructure, content filtering, web development, application and database systems, business systems and account administration.
      • Develops and manages a computer security incident response process to include monitoring, tracking, notification, containment, resolution, escalation and reporting.
      • Design and implement security awareness training for employees.
      • Design and develop and execute security test plans and cases, vulnerability reports, and remediation summaries
      • Understand the scope of large-scale data-driven projects and focus on corporate goals
      • Conduct software security testing, research new techniques and provide input to development team for securing web applications
      • Build security testing suite based on design specifications, requirements, wireframes in an agile environment based on sprint planning and short release cycles
      • Develop a security testing strategy to test complicated system changes by working with development
      • Notify development of all identified security issues and bugs found as a result of security testing
      • Retest all remediated problems corrected by development
      • Liaising with developers and managers on security issues, impact and risk areas
      • Overseeing software bugs tracking and vulnerabilities for identified project releases.

    REQUIRED SKILLS



      • A BS or MS degree in Computer Science or related discipline
      • Minimum two years experience in a web or mobile security testing role
      • Hands-on experience in white- and black-box testing, with a proven track record detecting and writing bug reports
      • Extensive technical knowledge of security tools to include NMAP, Nessus, Samspade, Ethereal, Airsnort, Snort, Netstumbler.
      • Extensive technical knowledge of router protocols and security weakness of these protocols, IGRP, EIGRP, RIP, OSPF.
      • Extensive technical knowledge of Operating Systems and Programming languages, Linux, UNIX, Microsoft.
      • Detailed knowledge of the Firewalls and IDS systems configurations in include Cisco PIX, Snort, Cisco IDS, Checkpoint firewalls.
      • Extensive technical knowledge of Security Monitoring.
      • Understanding of web application security concepts (ex. OWASP/SANS).
      • Experience performing penetration testing on web, mobile, and enterprise systems
      • Ability to detect & assist developers in fixing typical application security issues (i.e. OWASP Top 10)
      • Familiarity with web proxy tools such as Burp, Paros, and Fiddler
      • Experience looking for security issues such as Cross Site Scripting, SQL Injection, Cookie Manipulation, Buffer Overflows, etc
      • Familiarity with penetration testing tools and tool suites such as Burp Suite Pro, Kali Linux, nmap, Metasploit, Nessus, tcpdump, wireshark, Nikto, etc
      • Knowledge of current web application security technologies and best practices
      • Ability to write detailed detection guidance for vulnerabilities
      • Experience working in an Agile or DevOps environment
      • Team player that has the ability to work well in a collaborative, team oriented environment, work hard and have fun
      • Able to prioritize, be flexible and handle multiple projects with varying deadlines in a multitask environment
      • Flexibility and ability to adapt to rapidly changing requirements
      • Extraordinary organizational skills and the ability to follow up on tasks
      • Superior attention to detail
      • Strong background in cloud and virtualization technologies
      • A passion for testing enterprise software products
      • Strong problem solving and troubleshooting skills
      • Reasonable knowledge of Windows, Android, MAC OS X and iOS platforms
      • Excellent oral and written communication skill
      • High standards of quality and personal integrity
    DESIRED SKILLS



      • Exposure to Linux and open source technologies is desirable
      • Working experience with development environments based on Java, API, Web Services is desirable
      • Experience and familiarity with JIRA, Jenkins, Bamboo and GitHub
      • One or more certifications in Application security such as OSCP, GWAPT, SANS.
      • Experience configuring and employing automated penetration testing tools such as the following: OWASP ZAP, Nikto, Vega, Arachni SoapUI, w3af, or NetSparker
      • Experience with iOS & Android testing tools such as apktool, dex2jar, Cydia Substrate, and IDB
      • Ability to write iOS and Android applications to demonstrate vulnerabilities.
      • Prior knowledge of relational database systems using standalone SQL
      • Prior knowledge of languages and technologies such as PHP, Nodejs, Javascript, jQuery, HTML and CSS
      • Understanding of Android and iOS security landscape.
    What's In It for You:



      • Be part of one of Nigeria’s fastest growing and most innovative tech start-ups
      • Excellent compensation - Base, bonus, Stock
      • Excellent benefits and perks.
      • Be part of a growing tech team where impossible was yesterday

    For qualified candidates, please send your resume to careers@konga.com (Please ensure that the email body of your application is not empty).
     

Share This Page