For 15 years we have been building and managing telecommunications towers that are the essential backbone of mobile telecommunications in Africa - the leapfrog technology driving economic development, prosperity and self-sufficiency across the continent. Right now, IHS is leading a new telecoms service sector driven by the growth of middle class business and consumer demand for mobile and data. We are the partner of choice for Africa’s and the world’s leading network operators because they demand the widest reach and highest reliability for their customers, and the highest standards of governance and operational excellence for themselves. Our long-term contracts and strong sustainable cash flows mean IHS is a unique, low risk entry point for investment in Africa. Over the last four years, IHS has brought over US$5 billion of investment to the continent. Our belief is that the future economic and social development of Africa will be exponentially accelerated by mobile connectivity, and our team of over 1,000 engineers in five countries is focused on making this happen. We are committed to developing our people and the communities we serve, and to help people and businesses across the region build a powerful, prosperous future - by Africa and for Africa. IHS is Africa’s leading mobile infrastructure company. Founded in 2001 by an experienced team of engineers and business people, IHS serves clients responsibly in the building and managing of effective telecommunications infrastructure and by employing the highest quality people, services and equipment.
Job Description
- Safeguard the organization by predicting, detecting, preventing, and mitigating information security threats to Applications and Network elements.
- Support cybersecurity initiatives in conjunction with Group Cybersecurity team.
- Design and implement security controls to safeguard and monitor events for information systems, enterprise applications and data.
- Support the implementation of Information Security projects,
- Responsible for vulnerability assessment of web applications coverin:
- Unvalidated Input
- secure Configuration Management
- Broken Access Control
- Broken Authentication and Session Management
- Cross Site Scripting
- Buffer Overflow
- Injection Flaws:
- SQL Injection testing
- Command injection testing
- Improper Error Handling
- Insecure Storage
- Application Denial of Service
- Responsible for carrying out source code reviews for applications to be deployed within the business
- Responsible for network and router vulnerability assessments
- Identification and blocking of command and control threats
- Identify and respond to security threats on the platform.
- Responsible for carrying out regular security assessments on applications, networks, and databases
- Carrying out application security architecture reviews on all solutions before deployment, to identify control lapses, and provide recommendations to address missing controls.
- Review of visible application source code, including decompiling plugin code for Java Applets, etc.
- Regularly review baselines for Windows operating systems, Azure, VMWare, etc.
- Continuous monitoring of external points of presence.
- Serving as the first responder to security events and incidents.
- Carry out incident responsiveness assessments to identify how well IHS can readily respond to security incidents.
- Document and catalog all existing security vulnerabilities.
Qualifications
- A minimum of 4 years relevant experience in Information Security, vulnerability management, web application security.
- Strong background in application security, including devices such as firewalls, VPN, intrusion/extrusion detection, vulnerability & risk assessment tools, encryption technologies, virus/worm/malware prevention, E-business and web application technologies, Data Loss Prevention, whole disk & device encryption solutions, two-factor authentication, common Windows (desktop & server) platforms,
- Knowledge of source code security including SAST & DAST practices and scanning solutions such as Veracode, SonarQube.
- Working knowledge of web application vulnerability scanners such as Acunetix, Webscarab, Netsparker, BurpSuite, IronWASP.
- Knowledge of network scanning tools such as Nessus, Nexpose.
- Knowledge of security best practices such as defense in-depth, least privileges, need-to-know, separation of duties, access controls, encryption, SSO.
- Experience with various languages and frameworks including, JAVA, Python, C, C#, and network monitoring tools.
- Experience with DevSecOps, CI/CD pipelines and API security.
- Professional certification: CEH, e-JPT, Security+, EC-Council Certified Security Analyst (ESCA), CISSP, CISM
Organizational Competencies:
- Customer Focus: People demonstrating this competency understand & exceed our customers’ needs. They develop trusted, reliable & collaborative relationships. They are consistently operating to the highest standards of service & delivery.
- Innovation: People demonstrating this competency constantly seek new & improved ways to deliver our products & services. They champion engineering & skills development, and work to create a collaborative and supportive operating environment.
- Integrity: People demonstrating this competency are open & honest in everything they do. They support financially & environmentally sustainable growth. They make socially responsible decisions and treat their stakeholders with respect.
- Be Bold: People demonstrating this competency are thorough in analyses & decision-making. They are courageous in expanding existing markets & developing new ones. They confidently pursue appropriate financial returns and are forward-thinking and ambitious.
- Sustainability: People demonstrating this competency are constantly seeking to create positive impact in the communities we serve.
Method of Application
Signup to view application details.
Signup Now
