At JUMIA (Permanent), in Porto, PortugalResponsibilities:
Expires at: 2020-06-21
- Build out a roadmap for the workforce training, penetration testing and company security policies.
- Perform security reviews and risk assessments as required.
- Recommend and implement changes to enhance systems security and prevent unauthorized access.
- Automate tasks on managing and configuring security-related services.
- Deliver practical awareness training of the workforce on information security standards, policies and best practices.
- Manage security policies and procedures by reviewing and auditing security policies.
- Help to maintain information security policies and company-wide information security controls to protect the integrity of company's assets.
- Help monitor infrastructure compliance of legal requirements and internal policies.
- Exercise and execute incident response plans in response to suspected security incidents.
- Develop, augment or implement open-source and third-party controls to assist in detection, prevention and analysis of security threats.
- Coordinate incident response, including steps to minimize the impact and then conducting a technical and forensic investigation into how the breach happened and the extent of the damage.
- Coach and mentor junior team members.
- Degree in Computer Science or higher in an Information Security field.
- Background in software development or systems administration.
- 5 or more years in a similar position.
- Display strong technical and thought leadership skills.
- Good understanding of network protocols, design, and operations.
- Working knowledge of Security principles, techniques, and technologies.
- Knowledgeable of programming languages like Python, Go, Ruby, etc.
- Comfortable with Web Application Firewalls, SIEM, IDS/IPS.
- Experience with defining and enforcing hardening and other security standards.
- Knowledge of open security testing standards and projects, including OWASP..
- Certifications on Information Security (CISSP, CISA, OSCP, OSWE, OSCE, GPEN, GXPN, GREM, GNFA, GCFA or similar).
- Fluency in English, both written and spoken.
Nice to haveValued:
- Experience with Cloud environments (AWS, Azure, GCP) is a plus.
- Experience in Identity Management projects or Cloud Access Security Brokers is a plus.
- Working knowledge of PCI-DSS and/or ISO 27001, policy and procedure review and document management, gap analysis, etc is a plus.
- Good understanding of risk-assessment methodologies (OCTAVE, NIST SP 800-30) is a plus.
- Experience in Data Privacy impact assessment (GDPR) is a plus.
- CCP (ex-CAP) is a plus.
- Fluency in French, both written and spoken is a plus.
Benefits & PerksWe offer:
- A unique experience in an entrepreneurial, yet structured environment.
- The opportunity to become part of a highly professional and dynamic team working around the world.
- An unparalleled personal and professional growth as our longer-term objective is to train the next generation of leaders for our future internet ventures.