Moniepoint is a financial technology company digitising Africa’s real economy by building a financial ecosystem for businesses, providing them with all the payment, banking, credit and business management tools they need to succeed.
Role Overview
- The API & SQL Database Auditor is responsible for assessing the design, security, reliability, and compliance of application programming interfaces (APIs) and relational database systems.
- This role evaluates how data is accessed, processed, stored, and protected across applications, ensuring adherence to security standards, regulatory requirements, and internal controls.
Key Responsibilities Audit & Compliance
- Audit of Application Program Interfaces Security Controls.
- Audit REST, GraphQL, and internal APIs for governance, and compliance with organizational standards.
- Audit of Database Security Controls (e.g., MySQL, PostgreSQL, SQL Server, Oracle) for data integrity, availability, and confidentiality.
- Assess compliance with regulatory and industry frameworks (e.g., SOC 2, ISO 27001, PCI DSS, HIPAA, GDPR).
- Evaluate API versioning, lifecycle management, and deprecation controls.
Security & Risk Assessment
- Identify risks related to authentication, authorization, rate limiting, and input validation.
- Review protection mechanisms against common threats (e.g., injection attacks, broken object-level authorization).
- Evaluate encryption practices (in transit and at rest).
- Assess secrets management for database credentials and API keys.
- Review database patching, vulnerability management, and hardening practices.
Data Governance & Integrity
- Assess data classification, retention, and deletion policies.
- Review database schema design, constraints, indexing, and referential integrity controls.
- Evaluate logging, monitoring, and audit trails for data access and changes.
- Verify segregation of duties for database administration and application access.
Process & Controls Review
- Review backup, replication, and disaster recovery processes.
- Assess performance monitoring, capacity planning, and availability controls.
- Evaluate change management processes for schema and API changes.
- Review third-party API integrations and data-sharing agreements.
Reporting & Advisory
- Document audit findings with risk ratings and evidence.
- Provide clear, actionable remediation recommendations.
- Present findings to engineering, security, and data governance stakeholders.
- Track remediation progress and validate corrective actions.
- Participates in the other regular audits in the IT Audit Plan as assigned by the Head, IT Audit.
Skills & Competencies
- SQL (analysis, permissions, schema review)
- API documentation and testing tools (Postman, Swagger/OpenAPI)
- Database security controls (roles, grants, auditing)
- Logging and monitoring solutions
- Encryption and key management concepts
- Strong analytical and investigative skills
- Ability to translate technical risks into business impact
- Clear written documentation and reporting
- Professional skepticism and attention to detail
- Ability to collaborate with engineering and security teams
Qualifications
- Minimum of a Bachelor’s degree in Computer Science, Information Systems, Cybersecurity, or related field (or equivalent experience).
- Certifications in one or more of the following will be an added advantage - CISA, ACA, CISSP, CISM, CRISC, MICROSOFT certifications, ORACLE, etc.
- Experience: Minimum of 5 years experience in application security, database administration, software engineering, or IT audit.
- Strong understanding of RESTful APIs and SQL-based databases.
- Experience reviewing authentication and authorization mechanisms (OAuth 2.0, JWT, API keys).
- Working knowledge of SQL querying and database security concepts.
Method of Application
Signup to view application details.
Signup Now
.jpg)
