Information Security Specialist at One Acre Fund

The Information Security team at One Acre Fund safeguards systems and data across a diverse, distributed, and technology-driven environment. As an Information Security Specialist, you will help maintain and improve our security operations. This role is ideal for someone with hands-on cybersecurity experience who is eager to work across cloud infrastructure, applications, and devices — helping us proactively manage threats and improve our security posture.

The department is looking for an Information Security Specialist with 2–4 years of experience to support and strengthen security operations across our systems, applications, and infrastructure. You will report to the Head of Information Security.

Responsibilities

• Implement and maintain security tools and processes, including SIEM platforms, vulnerability scanners, and endpoint protection systems.
• Conduct regular vulnerability assessments, penetration testing (VAPT), and support remediation tracking across infrastructure and applications.
• Monitor security alerts from systems such as SIEM platforms, cloud services, and administrative consoles; triage potential incidents and coordinate appropriate incident response efforts.
• Support IAM processes, including user access reviews and recertifications.
• Collaborate with IT and engineering teams to secure systems, applications, and cloud environments through technical advice and configuration reviews.
• Roll out security awareness programs, including phishing simulations, training campaigns, and content development.
• Help roll out security awareness programs, including phishing simulations and training.
• Keep documentation, tool configurations, and asset inventories accurate and up-to-date.
• Contribute to improvements in automation, monitoring, and process optimization.

Career Growth and Development

We have a strong culture of constant learning and we invest in developing our people. You’ll have weekly check-ins with your manager, access to mentorship and training programs, and regular feedback on your performance. We hold career reviews every six months, and set aside time to discuss your aspirations and career goals. You’ll have the opportunity to shape a growing organization and build a rewarding long-term career.

Qualifications

Across all roles, these are the general qualifications we look for. For this role specifically, you will have:

• 2–4 years of hands-on experience in Information Security or Cybersecurity.
• Familiarity with vulnerability scanning, penetration testing tools, and threat detection platforms (e.g., Rapid7 InsightVM, OpenVAS (Greenbone), Burp Suite, splunk, Logrhythm,).
• Proven expertise in conducting vulnerability assessments and penetration testing to identify and remediate security weaknesses.
• Understanding of cybersecurity principles across application, endpoint, cloud, and network security domains.
• Knowledge of frameworks such as NIST CSF, CIS Controls, or ISO 27001.
• Experience monitoring and analyzing security alerts; ability to respond to and document incidents.
• Familiarity with IAM concepts, including access reviews and role-based access control.
• Basic scripting or automation skills (e.g., Python, Bash) 
• Strong communication and collaboration skills, especially when working with technical and non-technical teams.