Job Title: IT Security Specialist
Organisation: National Social Security Fund (NSSF)
Duty Station: Kampala, Uganda
Reports to: Manager IT Security
About US:
National Social Security Fund (NSSF) is positioning itself as the Social Security Provider of Choice in Uganda. With our shared purpose of being the Social Security Provider of choice, providing exceptional customer service and better operations with a well-motivated and skilled workforce, we are looking to recruit persons with high integrity and dedication to work with us.
Job Summary: We are looking for a passionate and experienced IT Security Specialist to join our team. This person will be responsible for implementing, monitoring, and maintaining our security systems, by preventing unauthorized access to our data and responding to privacy breaches.
Key Duties and Responsibilities:
- Ensure that application security is an embedded and critical part of the software delivery lifecycle (including during the early stages of projects) regardless of delivery methodology and toolsets used (e.g. static code analysis)
- Train and educate developers and teams in secure coding techniques including the use of supporting toolsets and enable them to self-service
- Conduct continuous vulnerability assessments on the Fund’s systems, including but not limited to source code libraries and runtime environments.
- Conduct compliance assessments by understanding business objectives, structure, policies and procedures, and internal and external regulatory controls.
- Identify and implement security requirements when developing applications, including when the development is outsourced.
- Document systems processes, and controls using narratives, flow charts, data flow diagrams, etc.
- Implement identity management and access control strategies, policies, procedures, standards, and guidelines.
- Collaborate with control owners to implement process changes and track to completion
- Act on privacy breaches and malware threats
- Understand and communicate the downstream impact of control deficiencies on the business.
- Monitor and Investigate security breaches and other cybersecurity incidents.
- Stay up to date on information technology trends and security standards.
- Implementation of IT security strategy
Qualifications, Skills and Experience:
- The ideal applicant must hold a Bachelor’s degree in Cybersecurity, Computer Science, software engineering, Information Technology, or related field
- Professional qualifications in Security (CEH, C-WAST, DLP, SIEM), or related certifications.
- At least three years with hands-on programming experience using relevant languages
- At least three years’ experience in IT/Information Security responsibilities in a fast-paced environment
- Any security configuration and/or automation experience is highly desirable
- Strong understanding of cryptography and SSL certificate lifecycle management
- Working knowledge and experience with web and application security would be added advantage.
Key Competences:
- Foundation experience and reasonable understanding of network stack (OSI model, TCP/IP), network ports and protocols, traffic flow, defence-in-depth, and common security elements.
- Understanding of network security (incl. Network and Host IDS/IPS, WAF, DAM, SIEM, Antimalware, DLP, URL filtering, others)
- Sound understanding and exposure to Application Penetration Testing
- Practical understanding of code analysis, security testing knowledge/techniques (SAST and DAST)
- Understanding of OWASP top ten web application security risks
- Practical understanding of SDLC
- Ability to learn on the job and a positive attitude towards learning and development.
- Motivated personality and ability to work in self-organized teams
- Ability to break down complex security issues to non-technical stakeholders.
- Strong analytical and problem-solving skills, plus the ability to think outside the box to anticipate possible threats
- Understanding of Cloud technologies and the associated risks
How to Apply:
All Interested individuals should Click Here to fill out the application form and also send copies of their application letter, curriculum vitae and academic qualifications, addressed to the Chief of People and Culture to recruitment@nssfug.org
Women are encouraged to apply. Please note that canvassing or lobbying will lead to automatic disqualification of the candidate.
Deadline: Friday 26th August 2022
For more of the latest jobs, please visit https://uganda.careerspot.xyz or find us on our facebook page https://uganda.careerspot.xyz