Security Engineer

JUMIA | Posted 9-06-2020

Porto (General IT)

Job expired

At JUMIA (Permanent), in Porto, Portugal
Expires at: 2020-06-21

  • Build out a roadmap for the workforce training, penetration testing and company security policies.
  • Perform security reviews and risk assessments as required.
  • Recommend and implement changes to enhance systems security and prevent unauthorized access.
  • Automate tasks on managing and configuring security-related services.
  • Deliver practical awareness training of the workforce on information security standards, policies and best practices.
  • Manage security policies and procedures by reviewing and auditing security policies.
  • Help to maintain information security policies and company-wide information security controls to protect the integrity of company's assets.
  • Help monitor infrastructure compliance of legal requirements and internal policies.
  • Exercise and execute incident response plans in response to suspected security incidents.
  • Develop, augment or implement open-source and third-party controls to assist in detection, prevention and analysis of security threats.
  • Coordinate incident response, including steps to minimize the impact and then conducting a technical and forensic investigation into how the breach happened and the extent of the damage.
  • Coach and mentor junior team members.

Main requirements


  • Degree in Computer Science or higher in an Information Security field.
  • Background in software development or systems administration.
  • 5 or more years in a similar position.
  • Display strong technical and thought leadership skills.
  • Good understanding of network protocols, design, and operations.
  • Working knowledge of Security principles, techniques, and technologies.
  • Knowledgeable of programming languages like Python, Go, Ruby, etc.
  • Comfortable with Web Application Firewalls, SIEM, IDS/IPS.
  • Experience with defining and enforcing hardening and other security standards.
  • Knowledge of open security testing standards and projects, including OWASP..
  • Certifications on Information Security (CISSP, CISA, OSCP, OSWE, OSCE, GPEN, GXPN, GREM, GNFA, GCFA or similar).
  • Fluency in English, both written and spoken.

Nice to have


  • Experience with Cloud environments (AWS, Azure, GCP) is a plus.
  • Experience in Identity Management projects or Cloud Access Security Brokers is a plus.
  • Working knowledge of PCI-DSS and/or ISO 27001, policy and procedure review and document management, gap analysis, etc is a plus.
  • Good understanding of risk-assessment methodologies (OCTAVE, NIST SP 800-30) is a plus.
  • Experience in Data Privacy impact assessment (GDPR) is a plus.
  • CCP (ex-CAP) is a plus.
  • Fluency in French, both written and spoken is a plus.

Benefits & Perks

We offer:

  • A unique experience in an entrepreneurial, yet structured environment.
  • The opportunity to become part of a highly professional and dynamic team working around the world.
  • An unparalleled personal and professional growth as our longer-term objective is to train the next generation of leaders for our future internet ventures.