API & Database Auditor

Moniepoint Inc. is Africa’s all-in-one financial ecosystem, helping 10 million businesses and individuals access seamless payments, banking, credit, and business management tools since 2019.
As Nigeria’s largest merchant acquirer, it powers most of the country’s Point of Sale (POS) transactions. Through its subsidiaries, Moniepoint Inc. processes $22 billion monthly for its customers while operating profitably.

The API & SQL Database Auditor is responsible for assessing the design, security, reliability, and compliance of application programming interfaces (APIs) and relational database systems. This role evaluates how data is accessed, processed, stored, and protected across applications, ensuring adherence to security standards, regulatory requirements, and internal controls.

• Audit of Application Program Interfaces Security Controls.
• Audit REST, GraphQL, and internal APIs for governance, and compliance with organizational standards.
• Audit of Database Security Controls (e.g., MySQL, PostgreSQL, SQL Server, Oracle) for data integrity, availability, and confidentiality.
• Assess compliance with regulatory and industry frameworks (e.g., SOC 2, ISO 27001, PCI DSS, HIPAA, GDPR).
• Evaluate API versioning, lifecycle management, and deprecation controls.

• Identify risks related to authentication, authorization, rate limiting, and input validation.
• Review protection mechanisms against common threats (e.g., injection attacks, broken object-level authorization).
• Evaluate encryption practices (in transit and at rest).
• Assess secrets management for database credentials and API keys.
• Review database patching, vulnerability management, and hardening practices.

• Assess data classification, retention, and deletion policies.
• Review database schema design, constraints, indexing, and referential integrity controls.
• Evaluate logging, monitoring, and audit trails for data access and changes.
• Verify segregation of duties for database administration and application access.

• Review backup, replication, and disaster recovery processes.
• Assess performance monitoring, capacity planning, and availability controls.
• Evaluate change management processes for schema and API changes.
• Review third-party API integrations and data-sharing agreements.

• Document audit findings with risk ratings and evidence.
• Provide clear, actionable remediation recommendations.
• Present findings to engineering, security, and data governance stakeholders.
• Track remediation progress and validate corrective actions.
• Participates in the other regular audits in the IT Audit Plan as assigned by the Head, IT Audit.

• SQL (analysis, permissions, schema review)
• API documentation and testing tools (Postman, Swagger/OpenAPI)
• Database security controls (roles, grants, auditing)
• Logging and monitoring solutions
• Encryption and key management concepts
• Strong analytical and investigative skills
• Ability to translate technical risks into business impact
• Clear written documentation and reporting
• Professional skepticism and attention to detail
• Ability to collaborate with engineering and security teams

• Minimum of a Bachelor’s degree in Computer Science, Information Systems, Cybersecurity, or related field (or equivalent experience).
• Certifications in one or more of the following will be an added advantage - CISA, ACA, CISSP, CISM, CRISC, MICROSOFT certifications, ORACLE, etc.
• Experience: Minimum of 5 years experience in application security, database administration, software engineering, or IT audit.
• Strong understanding of RESTful APIs and SQL-based databases.
• Experience reviewing authentication and authorization mechanisms (OAuth 2.0, JWT, API keys).
• Working knowledge of SQL querying and database security concepts.

• Culture -We put our people first and prioritize the well-being of every team member. We’ve built a company where all opinions carry weight and where all voices are heard. We value and respect each other and always look out for one another. Above all, we are human.
• Learning - We have a learning and development-focused environment with an emphasis on knowledge sharing, training, and regular internal technical talks.
• Compensation - You’ll receive an attractive salary, pension, health insurance, annual bonus, plus other benefits.
  

• A preliminary phone call with the recruiter
• Panel interview with a Manager
• Behavioral and technical interview with an Executive team member