Information Security Engineer at One Acre Fund

About the Role

We believe that technology is a necessity in growing and building the most effective and impactful rural distribution network on the African continent. Today, we reach 1.5 million farm families and we aspire to serve more than 10 million annually in the coming decade. Reporting to the Information Security Manager, you will ensure technical security measures are implemented on applications, endpoints, email, and cloud infrastructure. You will also defend the information enterprise following established guidelines and practices.

Responsibilities

• Design, implement and support vulnerability assessment and penetration testing (VAPT) tools
• Build and conduct VAPTs and other security testing activities on all technology layers (containers, web & mobile applications, software code, database and OS), evaluating the criticality and prioritization to provide the most suitable remediation
• Provide technical support to system administrators and owners in analyzing, understanding, and remediating the reported vulnerability findings
• Develop, maintain and improve security policies, secure coding practices and guidelines, following industry best practices and regulatory requirements
• Collaborate with Dev and DevOps teams to implement application or software security improvements
• Collaborate with project and product management teams to provide technical security related support to technology projects
• Provide monitoring of our technical infrastructure & assets for cybersecurity threat indicators, assist to detect, report, and respond to security incidents
• Track emerging and realized threats such as investigating phishing campaigns, sensitive data leakage events using available tools.
• Manage communication and coordination with stakeholders during incident response
• Develop, update, and deliver Information security awareness material and training across departments

Qualifications

Across all roles, these are the general qualifications we look for. For this role specifically, you will have:

• 5+ years of experience in Information security or Cyber Security Field
• In-depth experience in vulnerability Management, security testing/penetration testing
• Working knowledge of security testing tools. Ex. Tenable/Nessus, Qualys, Burpsuite, Snyk, Sonarcloud
• In-depth experience in system and cloud infrastructure hardening
• University degree in Computer Science/Information Technology/Cyber Security
• Information Security certification in one or more as a: Certified Information Systems Auditor (CISA),Certified Information Systems Security Professional (CISSP),Certified Information Security Manager (CISM),Certified Ethical Hacker (CEH)
• Understanding of industry security frameworks & standards: NIST CSF or similar
• Collaboration & stakeholder coordination