DevSecOps Engineer

Summary

Join Moniepoint Inc., Africa’s leading financial ecosystem, as a DevSecOps Engineer. You will play a vital role in integrating security into our software development lifecycle (SDLC), building secure and efficient systems. Collaborate with engineering, operations, and security teams to implement security best practices and automation. Responsibilities include integrating security tools into CI/CD pipelines, automating security checks, building monitoring systems, and developing custom tooling. You will also collaborate on security architecture, participate in threat modeling, and educate engineering teams on secure development practices. This senior associate role requires a Bachelor’s degree, 5+ years of experience, and strong DevSecOps skills. Moniepoint offers a supportive culture, learning opportunities, and competitive compensation including pension, health insurance, employee stock options, and an annual bonus.

Requirements

• Bachelor’s degree in Computer Science, Information Security, Engineering, or a related field
• 5+ years of experience in DevSecOps, Application Security, or a similar security-focused role
• Experience implementing security in CI/CD pipelines (e.g., GitLab, GitHub Actions, Jenkins)
• Strong knowledge of security standards and controls for SDLC and cloud-native environments
• Proficiency in scripting languages (e.g., Python, Bash, Go, JavaScript)
• Hands-on experience with infrastructure-as-code (Terraform, CloudFormation) and related security testing
• Familiarity with container security and orchestration platforms (e.g., Docker, Kubernetes)
• Experience using and managing Cloudflare or similar WAF/CDN platforms

Responsibilities

• Integrate security tools and controls (SAST, WIZ, SCA, DAST, IaC, and mobile security scanners) into CI/CD pipelines
• Automate security gate enforcement and continuous compliance checks across the SDLC
• Build and maintain automated systems for monitoring and alerting on security threats, vulnerabilities, and misconfigurations
• Create, develop, and implement solutions to address infrastructure and security requirements
• Identify the needs for build automation, designing, and implementing CICD solutions
• Consult on DevSecOps requirements from diverse application/line of business partners
• Create plug-and-play/reusable solutions and patterns for CICD pipelines
• Configure and maintain application security tooling, including SAST (e.g. SonarQube), SCA (e.g., Snyk, Black Duck), DAST (e.g., OWASP ZAP, Burp), and IaC scanners (e.g., Checkov)
• Manage security protections at the edge using WAFs (e.g Cloudflare), and ensure effective detection and response configurations are in place
• Write scripts and automation tools to streamline vulnerability triage, report generation, and security tasks
• Develop custom tooling to integrate with development and operations workflows to enhance visibility and remediation speed
• Collaborate with engineering and infrastructure teams to embed security in design and architecture decisions
• Participate in design reviews and threat modeling exercises to identify and mitigate risks early in the development lifecycle
• Implement and manage detective controls to monitor infrastructure and application-level threats
• Work closely with incident response teams to triage and respond to security alerts and events effectively
• Work closely with the vulnerability management team to establish dashboards and monitoring around vulnerabilities
• Educate engineering teams on secure development practices and ensure they are empowered with the tools and knowledge to write secure code
• Promote DevSecOps culture and continuous improvement of security maturity across teams

Preferred Qualifications

• OSCP, CEH, GCPN, GPEN, AWS Security Specialty, or other relevant DevSecOps certifications are a plus
• Strong problem-solving skills with an automation-first mindset
• Excellent collaboration and communication skills to work effectively across teams
• Ability to prioritize and manage multiple security initiatives simultaneously
• Detail-oriented, with a proactive approach to identifying and addressing security issues

Benefits

• Attractive salary
• Pension
• Health insurance
• Employee Stock Options
• Annual bonus
• Culture -We put our people first and prioritize the well-being of every team member. We’ve built a company where all opinions carry weight and where all voices are heard. We value and respect each other and always look out for one another. Above all, we are human
• Learning - We have a learning and development-focused environment with an emphasis on knowledge sharing, training, and regular internal technical talks