DevSecOps Engineer at Flutterwave

Location: Lekki, Lagos

Department: Engineering - Information Security

About the Role

• We are looking for a driven, passionate, and committed individual to join the team as we grow and expand across Africa and beyond.
• The DevSecOps Engineer will be responsible for the security of the developer environment.
• He/she will be primarily responsible for the security of the DevOps lifecycle.

What Your Day to Day Activities Will Be 

• Own security within the development process
• Lead remediation activities to secure the developer environment. 
• Partner with stakeholders within the development environment on security solutions to sustain risk mitigations after the remediation phase is completed.
• Own the strategic direction of the broader program to securing Flutterwave's developer environment and build pipelines.
• Conduct regular meetings with risk owners to inform and alert them of any risk arising planning, preparing, and hosting technical support forums.

Work Experience and Educational Background
The ideal work experience and educational background required for this role are as follows: 

• B.Sc in Computer Science, Information Security, or a related field
• 5+ years of experience in information security, especially in a vulnerability analysis role on a Computer Incident Response Team (CIRT), Computer Emergency Response Team (CERT), Computer Security Incident Response Center (CSIRC), or a Security Operations Center (SOC) 
• 5+ years of experience using at least one scripting language (e.g.: Perl, Python, PowerShell).

Required competency and skillset to be a waver:
The skills and competencies necessary to be highly effective in the role include: 

• Secure by design mindset
• Strong decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate one
• An ability to effectively influence others to modify their opinions, plans, or behaviors
• An understanding of business needs and commitment to delivering high-quality, prompt, and efficient service to the business
• An understanding of organizational mission, values, and goals and consistent application of this knowledge
• Technical expertise in system security vulnerabilities and remediation techniques, network and web-related protocols (e.g., TCP/IP, UDP, IPSEC, HTTP, etc.)
• Strong understanding of SAST and DAST.
• Technical expertise in security engineering, system and network security, authentication and security protocols, cryptography, and application security.