Vulnerability Management Analyst at Moniepoint

<h3><strong>Who we are</strong></h3> <p>Moniepoint Inc. is Africa’s all-in-one financial ecosystem, helping 10 million businesses and individuals access seamless payments, banking, credit, and business management tools since 2019.</p> <p>As Nigeria’s largest merchant acquirer, it powers most of the country’s Point of Sale (POS) transactions. Through its subsidiaries, Moniepoint Inc. processes $22 billion monthly for its customers while operating profitably.</p> <p>Curious about what makes Moniepoint an incredible place to work?&nbsp;<a href="https://moniepoint.com/blog"><em>Check out posts on how we cultivate a culture of innovation, teamwork, and growth.</em></a></p> <p><strong>Role Overview:<br></strong></p> <p>We are seeking a motivated and detail-oriented&nbsp; Vulnerability Management Engineer to join our Information Security team. This role is responsible for executing key functions across the vulnerability management lifecycle - from discovery and assessment to remediation tracking and reporting - to enhance the organization’s overall security posture.</p> <p>This is an entry-level role designed for candidates looking to build hands-on experience in vulnerability management, working closely with senior security engineers, IT teams, and product teams.</p> <h3><strong>Key Responsibilities</strong></h3> <h4><strong>Vulnerability Discovery and Assessment</strong></h4> <ul> <li>Execute and monitor periodic vulnerability scans across internal infrastructure and cloud platforms.</li> <li>Conduct periodic scans to support compliance requirements.</li> <li>Perform External Attack Surface Assessments on internet-facing assets.</li> <li>Assist in validating scan results and identifying false positives.</li> </ul> <h4><strong>Analysis, Prioritization, and Reporting</strong></h4> <ul> <li>Analyze Vulnerability scan results to identify security gaps and potential threats.</li> <li>Prioritise Vulnerability scan report based on risk severity and business impact.</li> <li>Report findings to asset owners and relevant stakeholders for timely remediation.</li> </ul> <h4><strong>Remediation and Tracking</strong></h4> <ul> <li>Collaborate with IT, System Administrators, and Product Teams to ensure vulnerabilities are remediated within defined Service Level Agreements (SLAs).</li> <li>Track remediation progress and follow up on outstanding vulnerabilities.</li> <li>Support implementation of mitigation strategies where immediate remediation is not possible.</li> </ul> <h4><strong>Risk Management</strong></h4> <ul> <li>Assist in performing risk assessments related to identified vulnerabilities.</li> <li>Support documentation of risks and contribute to mitigation planning.</li> <li>Maintain awareness of evolving risk posture across systems.</li> </ul> <h4><strong>Security Tools and Technologies</strong></h4> <ul> <li>Support the operation and maintenance of vulnerability management tools.</li> <li>Assist in scan configuration, execution, result interpretation and reporting.</li> </ul> <h4><strong>Compliance and Standards</strong></h4> <ul> <li>Support vulnerability management activities aligned with standards such as PCI-DSS, ISO 27001, and NIST.</li> <li>Assist with audit preparation, including evidence gathering and documentations.</li> <li>Ensure scanning and remediation practices meet compliance requirements.</li> </ul> <h4><strong>Reporting and Metrics</strong></h4> <ul> <li>Assist in creating dashboards and reports to visualize vulnerability trends, risk posture, and remediation performance.</li> <li>Maintain accurate records of vulnerabilities, remediation status, and scan history.</li> <li>Communicate findings clearly to both technical and non-technical stakeholders.</li> </ul> <ul> <li>Suggest improvements to scanning, reporting, and remediation workflows.</li> </ul> <p><strong>Support Incident Response &amp; Threat Intelligence Units</strong></p> <ul> <li>Assist in Incident Response tasks and post-incident analysis when needed.</li> </ul> <ul> <li>Assist in Threat Intelligence tasks from internal and external sources when needed.</li> <li>Track emerging threats, vulnerabilities, and tactics used by relevant threat actors.</li> <li>Contribute to threat briefings and recommendations for security controls.</li> </ul> <h4><strong>Continuous Learning and Improvement</strong></h4> <ul> <li>Stay current with emerging vulnerabilities, threats, and cybersecurity trends.</li> <li>Participate in training, labs, and knowledge-sharing sessions.</li> <li>Continuously develop technical skills in security tools and methodologies.</li> </ul> <h3><strong>Qualifications</strong></h3> <ul> <li>Bachelor’s degree in Cybersecurity, Computer Science, Information Technology, or a related field.</li> <li>Good understanding of vulnerability management lifecycle, vulnerability scanning/patch management tools, SIEM, EDR, CSPM&nbsp; is an advantage.</li> <li>Understanding of networking fundamentals, operating systems, and cloud concepts.</li> <li>Strong analytical and problem-solving skills.</li> <li>Ability to work collaboratively and willingness to learn.</li> </ul> <h3><strong>Preferred (Nice to Have)</strong></h3> <ul> <li>Entry-level certifications such as CompTIA Security+, ISC2 (CC), BTL1, eJPT</li> <li>Familiarity with Linux/Windows environments and cloud platforms (AWS, or GCP).</li> <li>Hands-on lab, internship, or project experience in security operations or vulnerability assessment.</li> </ul> <p><strong>What we can offer you</strong></p> <ul> <li style="font-weight: 400;"><span style="font-weight: 400;">Culture -We put our people first and prioritize the well-being of every team member. We’ve built a company where all opinions carry weight and where all voices are heard. We value and respect each other and always look out for one another. Above all, we are human.</span></li> <li style="font-weight: 400;"><span style="font-weight: 400;">Learning - We have a learning and development-focused environment with an emphasis on knowledge sharing, training, and regular internal technical talks.</span></li> <li style="font-weight: 400;"><span style="font-weight: 400;">Compensation - You’ll receive an attractive salary, pension, health insurance,, Employee Stock Options, annual bonus, plus other benefits.<br></span></li> </ul> <p><strong>What to expect in the hiring process</strong></p> <ul> <li style="font-weight: 400;"><span style="font-weight: 400;">A preliminary phone call with the recruiter</span></li> <li style="font-weight: 400;"><span style="font-weight: 400;">A technical interview with a Team Lead</span></li> <li style="font-weight: 400;"><span style="font-weight: 400;">A behavioural and technical interview with a member of the Executive team.&nbsp;</span></li> </ul>