The Information Security team at One Acre Fund safeguards
systems and data across a diverse, distributed, and technology-driven
environment. As an Information Security Specialist, you will help
maintain and improve our security operations. This role is ideal for someone
with hands-on cybersecurity experience who is eager to work across cloud
infrastructure, applications, and devices — helping us proactively manage
threats and improve our security posture.
The department is looking for an Information Security
Specialist with 2–4 years of experience to support and strengthen security
operations across our systems, applications, and infrastructure. You will
report to the Head of Information Security.
Responsibilities
- Implement
and maintain security tools and processes, including SIEM platforms,
vulnerability scanners, and endpoint protection systems.
- Conduct
regular vulnerability assessments, penetration testing (VAPT), and support
remediation tracking across infrastructure and applications.
- Monitor
security alerts from systems such as SIEM platforms, cloud services, and
administrative consoles; triage potential incidents and coordinate
appropriate incident response efforts.
- Support
IAM processes, including user access reviews and recertifications.
- Collaborate
with IT and engineering teams to secure systems, applications, and cloud
environments through technical advice and configuration reviews.
- Roll
out security awareness programs, including phishing simulations, training
campaigns, and content development.
- Help
roll out security awareness programs, including phishing simulations and
training.
- Keep
documentation, tool configurations, and asset inventories accurate and
up-to-date.
- Contribute
to improvements in automation, monitoring, and process optimization.
Career Growth and Development
We have a strong culture of constant learning and we invest
in developing our people. You’ll have weekly check-ins with your manager,
access to mentorship and training programs, and regular feedback on your
performance. We hold career reviews every six months, and set aside time to
discuss your aspirations and career goals. You’ll have the opportunity to shape
a growing organization and build a rewarding long-term career.
Qualifications
Across all roles, these are the general qualifications
we look for. For this role specifically, you will have:
- 2–4
years of hands-on experience in Information Security or Cybersecurity.
- Familiarity
with vulnerability scanning, penetration testing tools, and threat
detection platforms (e.g., Rapid7 InsightVM, OpenVAS (Greenbone), Burp
Suite, splunk, Logrhythm,).
- Proven
expertise in conducting vulnerability assessments and penetration testing
to identify and remediate security weaknesses.
- Understanding
of cybersecurity principles across application, endpoint, cloud, and
network security domains.
- Knowledge
of frameworks such as NIST CSF, CIS Controls, or ISO 27001.
- Experience
monitoring and analyzing security alerts; ability to respond to and
document incidents.
- Familiarity
with IAM concepts, including access reviews and role-based access control.
- Basic
scripting or automation skills (e.g., Python, Bash)
- Strong
communication and collaboration skills, especially when working with
technical and non-technical teams.