DeveloperSecOps Engineer

Summary

Join Moniepoint Inc., Africa’s leading financial ecosystem, as a DevSecOps Engineer and play a key role in integrating security into our software development lifecycle (SDLC). You will collaborate with engineering, operations, and security teams to implement security best practices, automation, and tooling. This role involves integrating security tools into CI/CD pipelines, automating security gate enforcement, building monitoring systems, and creating solutions for infrastructure and security requirements. You will also configure and maintain application security tooling, write scripts for automation, collaborate on security architecture, and participate in threat modeling. Furthermore, you will implement detective controls, respond to security alerts, and educate engineering teams on secure development practices. This position offers a chance to contribute to a company that prioritizes innovation, teamwork, and growth.

Requirements

• Bachelor’s degree in Computer Science, Information Security, Engineering, or a related field
• 5+ years of experience in DevSecOps, Application Security, or a similar security-focused role
• Experience implementing security in CI/CD pipelines (e.g., GitLab, GitHub Actions, Jenkins)
• Strong knowledge of security standards and controls for SDLC and cloud-native environments
• Proficiency in scripting languages (e.g., Python, Bash, Go, JavaScript)
• Hands-on experience with infrastructure-as-code (Terraform, CloudFormation) and related security testing
• Familiarity with container security and orchestration platforms (e.g., Docker, Kubernetes)
• Experience using and managing Cloudflare or similar WAF/CDN platforms
• Strong problem-solving skills with an automation-first mindset
• Excellent collaboration and communication skills to work effectively across teams
• Ability to prioritize and manage multiple security initiatives simultaneously
• Detail-oriented, with a proactive approach to identifying and addressing security issues

Responsibilities

• Integrate security tools and controls (SAST, WIZ, SCA, DAST, IaC, and mobile security scanners) into CI/CD pipelines
• Automate security gate enforcement and continuous compliance checks across the SDLC
• Build and maintain automated systems for monitoring and alerting on security threats, vulnerabilities, and misconfigurations
• Create, develop, and implement solutions to address infrastructure and security requirements
• Identify the needs for build automation, designing, and implementing CICD solutions
• Consult on DevSecOps requirements from diverse application/line of business partners
• Create plug-and-play/reusable solutions and patterns for CICD pipelines
• Configure and maintain application security tooling, including SAST (e.g. SonarQube), SCA (e.g., Snyk, Black Duck), DAST (e.g., OWASP ZAP, Burp), and IaC scanners (e.g., Checkov)
• Manage security protections at the edge using WAFs (e.g Cloudflare), and ensure effective detection and response configurations are in place
• Write scripts and automation tools to streamline vulnerability triage, report generation, and security tasks
• Develop custom tooling to integrate with development and operations workflows to enhance visibility and remediation speed
• Collaborate with engineering and infrastructure teams to embed security in design and architecture decisions
• Participate in design reviews and threat modeling exercises to identify and mitigate risks early in the development lifecycle
• Implement and manage detective controls to monitor infrastructure and application-level threats
• Work closely with incident response teams to triage and respond to security alerts and events effectively
• Work closely with the vulnerability management team to establish dashboards and monitoring around vulnerabilities
• Educate engineering teams on secure development practices and ensure they are empowered with the tools and knowledge to write secure code
• Promote DevSecOps culture and continuous improvement of security maturity across teams

Preferred Qualifications

OSCP, CEH, GCPN, GPEN, AWS Security Specialty, or other relevant DevSecOps certifications are a plus

Benefits

• Health insurance
• Pension
• Employee Stock Options
• Annual bonus