Offensive Security Analyst at Appzone Limited

AppZone is a response to the growing need in emerging markets for financial services accessibility to the masses. The company was formed with a genuine belief in Africa’s latent ability to support the home grown production and delivery of world class IT Software for the enhancement of key sectors of the budding economy. AppZone started off primarily as a developer of custom e-Banking and payment software for leading commercial Banks in Nigeria. In less than 3 years, AppZone had accumulated a remarkable asset-base of e-payment software products and intellectual property. In a bid to extend existing payment solutions to smaller scale Financial institutions, AppZone observed the absolute dearth of basic IT infrastructure and commenced a 2 year project to develop a world class yet affordable core Banking platform for Microfinance Banks (MFBs) and other small scale retail financial institutions. The culmination of this project saw AppZone in full ownership of an entire integrated suite of IT infrastructure required for the effective functioning of any modern retail Bank. Today AppZone has consolidated these platforms into a shared and entirely managed Banking and payment automation IT infrastructure under the brand BankOne. AppZone was incorporated in July 2006 as Price and Networks Limited and commenced full operations in June 2008 with a knife edged focus on creating a world class organization and defacto provider of IT software for the financial services industry. The young, dynamic and driven co-founders of AppZone decided to bring together their wealth of technical, administrative and entrepreneurial experience as well as key leadership competences to create a winning team comprising the best in brains and character. The end point being to transform the financial services industry in Africa and emerging markets around the globe thereby creating immense value for the respective economies and facilitating their overall growth and development.

Job Description

• Identify vulnerabilities and exposure within enterprise networks, systems, and applications.
• Lead or enable exploitation operations in support of organization objectives and target requirements.
• Perform technical (evaluation of technology) and nontechnical (evaluation of people and operations) risk and vulnerability assessments of relevant technology focus areas (e.g., local computing environment, network and infrastructure, enclave boundary, supporting infrastructure, and applications).
• Provide recommendations regarding the selection of cost-effective security controls to mitigate risk (e.g., protection of information, systems, and processes).
• Provide technical documents, incident reports, video recorded descriptions, findings from computer examinations, summaries, and other situational awareness information to relevant stakeholders.
• Conduct and/or support authorized penetration testing on enterprise network assets.
• Perform penetration testing as required for new or updated applications.
• Review the security status of a system (including the effectiveness of security controls) on an ongoing basis to determine whether the risk remains acceptable.
• Provide recommendations for how to improve the controls based on test scenario findings.
• Create and conduct custom tabletop exercises.
• Partner with other teams on alert development to create new alerts and identify gaps in alerting.
• Analyze Threat Trends to identify indicators of compromise (IOCs)
• Develop your own test scenarios by performing threat hunts and ethical hack tests.
• Identify control gaps that allow threats to enter our network.
• Design and develop new tools/technologies related to cybersecurity.
• Develop specific cybersecurity countermeasures and risk mitigation strategies for systems and/or applications.
• Exploit network devices, security devices, and/or terminals or environments using various methods or tools.
• Create comprehensive exploitation strategies that identify exploitable technical or operational vulnerabilities.
• Test and evaluate locally developed tools for operational use.
• Identify functional- and security-related features to find opportunities for new capability development to exploit or mitigate vulnerabilities.
• Perform analysis for target infrastructure exploitation activities.
• Conduct exploitation of wireless computer and digital networks.
• Analyze identified malicious activity to determine weaknesses exploited, exploitation methods, effects on system and information.

Requirements

What will you bring?

• Bachelor's Degree in Computer Science, Information Technology, Electrical & Electronic Engineering, or a related discipline from a reputable university
• 3 years experience in a similar role, preferably in a Fintech
• Planning, organization, & problem-solving skills

Method of Application