We are looking for an experienced Cybersecurity Specialist for our client, a social enterprise in the health sector operating across multiple African countries. Following a recent coordinated cyberattack, the immediate priority is to remediate residual vulnerabilities in a health application and establish a stronger, long-term security posture. This is a phased engagement - starting with urgent remediation, progressing through a full vulnerability assessment and penetration testing programme, and culminating in an ongoing biannual security retainer.

Key Responsibilities

• Review and implement outstanding security recommendations on a compromised health application, confirm the attack vector is fully closed, and verify no backdoors or persistence mechanisms remain
• Conduct a comprehensive vulnerability assessment across all in-scope assets including the public-facing website, health application, product application, supporting APIs, backend services, and data stores
• Identify vulnerabilities across authentication and session management, injection risks, insecure data storage and transmission, access control and privilege escalation, security misconfigurations, and outdated components
• Execute internal and external penetration tests to validate exploitability of identified weaknesses and model the real-world threat landscape
• Deliver clear, structured reports including a remediation confirmation report, vulnerability assessment report, penetration test report, and a prioritized remediation roadmap
• Propose and support the establishment of an ongoing biannual security review and advisory retainer

Required Skills and Experience

• Proven hands-on experience conducting vulnerability assessments and penetration testing (both internal and external) across web and/or mobile applications
• Strong knowledge of common vulnerability domains: injection attacks, authentication weaknesses, access control flaws, insecure data handling, and security misconfigurations
• Experience assessing APIs, backend services, and supporting infrastructure
• Ability to implement security fixes directly and provide clear remediation guidance to engineering teams
• Experience in healthcare, NGO, or social enterprise environments - particularly involving sensitive health data - is a strong advantage
• Strong written communication skills: able to produce reports that are accessible to non-technical leadership while retaining sufficient technical depth for engineering partners