SecOps Officer at Baobabplus

Job Summary

• The SecOps Officer is responsible for the technical integration of security into the Bank’s operational workflows.
• This role ensures that AWS cloud infrastructure, identity management systems, and edge security layers are automated and hardened in strict alignment with ISO 27001, PCI DSS, and global data privacy regulations (NDPR & GDPR).
• The mission is to maintain a "Secure-by-Design" environment that protects customer financial data while ensuring 24/7 availability and seamless regulatory compliance.

Responsibilities
Cloud Security Infrastructure & Automation:

• ​AWS Organization Management: Maintain the multi-account AWS environment using AWS Control Tower to enforce service control policies (SCPs) and organizational guardrails.
• ​Identity & Access: Manage the full lifecycle of AWS IAM and AWS SSO (IAM Identity Center), ensuring strict adherence to the Principle of Least Privilege (PoLP) as required by ISO 27001 (Annex A.9).
• ​Secrets Governance: Automate the storage, rotation, and retrieval of API keys and credentials using AWS Secrets Manager, ensuring that encryption keys (KMS) are managed according to PCI DSS Requirement 3.
• Have a good understanding of Cloud networking (VPCs, Security Groups, NACLs, S2S VPN).

Security Observability & Edge Protection:

• ​Monitoring & Analytics: Architect and manage Datadog security dashboards, ensuring all logs (CloudTrail, VPC Flow, and App logs) are ingested to meet the one-year retention requirements of PCI DSS Requirement 10.
• Knowledge of Cloud native monitoring and security solutions in AWS (AWS Config/AWS Guard Duty/AWS Detective).
• ​Perimeter Defense: Configure and optimize Cloudflare (WAF, Rate Limiting, and DDoS protection) to mitigate OWASP Top 10 risks and safeguard the Bank's digital banking channels.
• Understanding of Zero trust architectures (Cloudflare Zero trust)
• ​Threat Detection: Triage and remediate high-priority alerts from AWS GuardDuty and AWS Security Hub.

Data Privacy & Compliance Enforcement:

• ​Data Protection Compliance: Implement technical controls (encryption at rest/transit, data masking, and tokenization) to ensure the Bank’s cloud processing complies with the Nigeria Data Protection Regulation (NDPR) and EU GDPR.
• ​Cloud Compliance: Monitor and enforce data residency policies using AWS Config to ensure sensitive customer data remains within authorized geographic regions as mandated by the CBN and NDPR.
• ​Vulnerability Management: Perform continuous security assessments of cloud workloads and coordinate with the DevOps team for rapid patching to meet the strict timelines for "Critical" security updates.
• ​Audit Support: Provide technical evidence, log extracts, and configuration reports for NDPR Data Protection Audits, PCI DSS QSA assessments, and ISO 27001 surveillance audits.
• Understand how a CICD pipeline operates.

Requirements

• ​Education: B.Sc. / HND in Computer Science, Information Security, or a related discipline.
• ​Core Experience: Minimum of 4 years in IT or InfoSec Operations, with at least 2 years focused on SecOps, Cloud Security, Networking or Compliance Engineering on AWS.
• ​Regulatory Knowledge: Deep understanding of NDPR, GDPR, ISO 27001, and PCI DSSframeworks.

​Tool Proficiency:

• Cloud: AWS (IAM, SSO, Control Tower, Secrets Manager, GuardDuty).
• ​Observability: Datadog (Log Management, Cloud SIEM).
• ​Edge: AWS WAF, Cloudflare (WAF/DNS), Firewalls.
• ​Automation: Proficiency in Python, Bash, or Terraform.
• ​Certifications: AWS Certified Security – Specialty; and/or CIPP (Certified Information Privacy Professional), or Lead Implementer for ISO 27001/PCI DSS.