• Application Deadline:
• Position: Specialist, Enterprise Application Security


• Job Type Full Time


• Qualification BA/BSc/HND


• Experience 4 years


• Location Lagos


• Job Field ICT / Computer 
  

Job Description

• Safeguard the organization by predicting, detecting, preventing, and mitigating information security threats to Applications and Network elements.


• Support cybersecurity initiatives in conjunction with Group Cybersecurity team.


• Design and implement security controls to safeguard and monitor events for information systems, enterprise applications and data.


• Support the implementation of Information Security projects,


• Responsible for vulnerability assessment of web applications covering
  
  
  
  • Unvalidated Input
  
  
  • secure Configuration Management
  
  
  • Broken Access Control
  
  
  • Broken Authentication and Session Management
  
  
  • Cross Site Scripting
  
  
  • Buffer Overflow
  
  
  • Injection Flaws:
  
  
  • SQL Injection testing
  
  
  • Command injection testing
  
  
  • Improper Error Handling
  
  
  • Insecure Storage
  
  
  • Application Denial of Service
  
  
  
  


• Responsible for carrying out source code reviews for applications to be deployed within the business


• Responsible for network and router vulnerability assessments


• Identification and blocking of command and control threats


• Identify and respond to security threats on the platform.


• Responsible for carrying out regular security assessments on applications, networks, and databases


• Carrying out application security architecture reviews on all solutions before deployment, to identify control lapses, and provide recommendations to address missing controls.


• Review of visible application source code, including decompiling plugin code for Java Applets, etc.


• Regularly review baselines for Windows operating systems, Azure, VMWare, etc.


• Continuous monitoring of external points of presence.


• Serving as the first responder to security events and incidents.


• Carry out incident responsiveness assessments to identify how well IHS can readily respond to security incidents.


• Document and catalog all existing security vulnerabilities.

Qualifications

• A minimum of 4 years relevant experience in Information Security, vulnerability management, web application security.


• Strong background in application security, including devices such as firewalls, VPN, intrusion/extrusion detection, vulnerability & risk assessment tools, encryption technologies, virus/worm/malware prevention, E-business and web application technologies, Data Loss Prevention, whole disk & device encryption solutions, two-factor authentication, common Windows (desktop & server) platforms,


• Knowledge of source code security including SAST & DAST practices and scanning solutions such as Veracode, SonarQube.


• Working knowledge of web application vulnerability scanners such as Acunetix, Webscarab, Netsparker, BurpSuite, IronWASP.


• Knowledge of network scanning tools such as Nessus, Nexpose.


• Knowledge of security best practices such as defense in-depth, least privileges, need-to-know, separation of duties, access controls, encryption, SSO.


• Experience with various languages and frameworks including, JAVA, Python, C, C#, and network monitoring tools.


• Experience with DevSecOps, CI/CD pipelines and API security.