IHS Towers is the largest independent mobile telecommunications infrastructure provider in Europe, Africa and the Middle East. Founded in 2001, IHS provides services across the full tower value chain – colocation on owned towers, deployment and managed services.

Today IHS Towers has operations in Nigeria, Cameroon, Côte d’Ivoire, Zambia and Rwanda. Following the recent acquisitions of MTN and Etisalat’s tower portfolios in Nigeria, IHS owns over 23,300 towers in Africa.

We are recruiting to fill the position below:

Job Title: Specialist, Enterprise Application Security

Location: Lagos
Employment Type: Full-time

Job Description

• Safeguard the organization by predicting, detecting, preventing, and mitigating information security threats to Applications and Network elements.
• Support cybersecurity initiatives in conjunction with Group Cybersecurity team.
• Design and implement security controls to safeguard and monitor events for information systems, enterprise applications and data.
• Support the implementation of Information Security projects,
• Responsible for vulnerability assessment of web applications covering
  • Unvalidated Input
  • secure Configuration Management
  • Broken Access Control
  • Broken Authentication and Session Management
  • Cross Site Scripting
  • Buffer Overflow
  • Injection Flaws:
  • SQL Injection testing
  • Command injection testing
  • Improper Error Handling
  • Insecure Storage
  • Application Denial of Service
• Responsible for carrying out source code reviews for applications to be deployed within the business
• Responsible for network and router vulnerability assessments
• Identification and blocking of command and control threats
• Identify and respond to security threats on the platform.
• Responsible for carrying out regular security assessments on applications, networks, and databases
• Carrying out application security architecture reviews on all solutions before deployment, to identify control lapses, and provide recommendations to address missing controls.
• Review of visible application source code, including decompiling plugin code for Java Applets, etc.
• Regularly review baselines for Windows operating systems, Azure, VMWare, etc.
• Continuous monitoring of external points of presence.
• Serving as the first responder to security events and incidents.
• Carry out incident responsiveness assessments to identify how well IHS can readily respond to security incidents.
• Document and catalog all existing security vulnerabilities.

Qualifications

• A minimum of 4 years relevant experience in Information Security, vulnerability management, web application security.
• Strong background in application security, including devices such as firewalls, VPN, intrusion/extrusion detection, vulnerability & risk assessment tools, encryption technologies, virus/worm/malware prevention, E-business and web application technologies, Data Loss Prevention, whole disk & device encryption solutions, two-factor authentication, common Windows (desktop & server) platforms,
• Knowledge of source code security including SAST & DAST practices and scanning solutions such as Veracode, SonarQube.
• Working knowledge of web application vulnerability scanners such as Acunetix, Webscarab, Netsparker, BurpSuite, IronWASP.
• Knowledge of network scanning tools such as Nessus, Nexpose.
• Knowledge of security best practices such as defense in-depth, least privileges, need-to-know, separation of duties, access controls, encryption, SSO.
• Experience with various languages and frameworks including, JAVA, Python, C, C#, and network monitoring tools.
• Experience with DevSecOps, CI/CD pipelines and API security.

Application Closing Date
Not Specified.