Specialist, Enterprise Application Security at IHS Towers

Job Description

• Safeguard the organization by predicting, detecting, preventing, and mitigating information security threats to Applications and Network elements.
• Support cybersecurity initiatives in conjunction with Group Cybersecurity team.
• Design and implement security controls to safeguard and monitor events for information systems, enterprise applications and data.
• Support the implementation of Information Security projects,
• Responsible for vulnerability assessment of web applications covering
  • Unvalidated Input
  • secure Configuration Management
  • Broken Access Control
  • Broken Authentication and Session Management
  • Cross Site Scripting
  • Buffer Overflow
  • Injection Flaws:
  • SQL Injection testing
  • Command injection testing
  • Improper Error Handling
  • Insecure Storage
  • Application Denial of Service
• Responsible for carrying out source code reviews for applications to be deployed within the business
• Responsible for network and router vulnerability assessments
• Identification and blocking of command and control threats
• Identify and respond to security threats on the platform.
• Responsible for carrying out regular security assessments on applications, networks, and databases
• Carrying out application security architecture reviews on all solutions before deployment, to identify control lapses, and provide recommendations to address missing controls.
• Review of visible application source code, including decompiling plugin code for Java Applets, etc.
• Regularly review baselines for Windows operating systems, Azure, VMWare, etc.
• Continuous monitoring of external points of presence.
• Serving as the first responder to security events and incidents.
• Carry out incident responsiveness assessments to identify how well IHS can readily respond to security incidents.
• Document and catalog all existing security vulnerabilities.

Qualifications

• A minimum of 4 years relevant experience in Information Security, vulnerability management, web application security.
• Strong background in application security, including devices such as firewalls, VPN, intrusion/extrusion detection, vulnerability & risk assessment tools, encryption technologies, virus/worm/malware prevention, E-business and web application technologies, Data Loss Prevention, whole disk & device encryption solutions, two-factor authentication, common Windows (desktop & server) platforms,
• Knowledge of source code security including SAST & DAST practices and scanning solutions such as Veracode, SonarQube.
• Working knowledge of web application vulnerability scanners such as Acunetix, Webscarab, Netsparker, BurpSuite, IronWASP.
• Knowledge of network scanning tools such as Nessus, Nexpose.
• Knowledge of security best practices such as defense in-depth, least privileges, need-to-know, separation of duties, access controls, encryption, SSO.
• Experience with various languages and frameworks including, JAVA, Python, C, C#, and network monitoring tools.
• Experience with DevSecOps, CI/CD pipelines and API security.