Jobs Career Advice Post Job
X

Send this job to a friend

X

Did you notice an error or suspect this job is scam? Tell us.

  • Posted: Jul 6, 2026
    Deadline: Not specified
    • @gmail.com
    • @yahoo.com
    • @outlook.com
  • Heirs Holdings is an African proprietary investment company, with a track record of success and a firm belief in the opportunities that Africa offers. We are known for executing successful corporate turnarounds, and for our ability to identify growth opportunities, incubate new businesses and nurture them to maturity. As active investors, we aim to transform...
    Read more about this company

     

    Senior DevSecOps Engineer

    The Role

    • As a Senior DevSecOps Engineer, you are the builder and operator of the pipelines, tooling, and security controls that let every engineer on this platform ship fast and ship safely. You will design, implement, and own the CI/CD infrastructure, security gates, container build pipelines, and developer tooling that govern how code moves from a developer's workstation to production. On a platform handling the financial data of millions of Africans, the pipeline is a critical control surface — and you own it end to end.

    What You'll Do

    • CI/CD Pipeline Design & Ownership — Own the design, implementation, and ongoing operation of the platform's CI/CD infrastructure — ensuring every service, across every team, ships exclusively through automated, version-controlled pipelines. Build and maintain pipelines across the platform's approved CI/CD tooling — GitHub Actions, Azure DevOps Pipelines, GitLab CI, and Jenkins. No engineer has direct access to promote code to any environment manually. Every pipeline must be reproducible, auditable, and fast.
    • Pipeline Quality Gates — Embed security, quality, and performance validation into every stage of the development lifecycle — enforcing mandatory, automated gates on the path to production. Implement and operate SAST, DAST, SCA, and secrets detection for security; automated test coverage thresholds, integration tests, and end-to-end test suites for quality; and load testing and performance benchmark gates to ensure no release degrades platform performance. Integrate AI-powered code review and testing agents into CI/CD pipelines — automating test generation, surfacing code quality issues early, and augmenting human review before code reaches a reviewer. No service may be promoted to staging or production without passing every gate. Work closely with the Platform Manager (Security) to define gate policies, manage exceptions, and continuously raise the bar.
    • Container Build & Supply Chain Security — Own the platform's container build pipeline end to end — from base image governance to final image publication. Enforce the use of approved, minimal base images. Integrate container image scanning (Trivy) and dependency vulnerability scanning (Snyk) into every build. No container image reaches any environment without passing security scans. Maintain a software bill of materials (SBOM) for all platform services and ensure supply chain integrity is continuously monitored.
    • Infrastructure as Code Pipeline Integration — Integrate all infrastructure provisioning workflows — Terraform, Ansible, and Bash — into version-controlled, automated pipelines. Enforce IaC security scanning and policy checks before any infrastructure change is applied. No cloud or network configuration may be provisioned outside of a pipeline-controlled workflow. Work with Cloud and Network Engineers to ensure infrastructure pipelines meet the same security and auditability standards as application pipelines.
    • Environment Management & Dev Containers — Own the platform's environment strategy — ensuring dev, staging, and production are consistently defined, reproducible, and spun up on demand via IaC. Enforce the use of dev containers across all engineering teams — every developer works in a standardised, version-controlled development environment that mirrors production. No environment drift. No snowflake configurations.
    • Secrets Management Integration — Integrate Azure Key Vault and AWS Secrets Manager — or equivalent secrets management platforms — into all CI/CD pipelines and application deployment workflows. Enforce secret rotation schedules. Ensure no secret, credential, API key, or certificate is ever hardcoded in application code, configuration files, container images, or pipeline definitions. Any violation must trigger an automated alert and mandatory rotation.
    • Observability & DORA Metrics — Instrument all CI/CD pipelines with the metrics and tooling needed to track, baseline, and continuously improve the platform's engineering performance. Own the collection and reporting of DORA metrics — deployment frequency, lead time for changes, change failure rate, and mean time to recovery (MTTR). Surface these metrics to the Platform Manager in real time and use them to drive targeted pipeline improvements.
    • Developer Experience & Standards — Make the right way the easy way. Own the developer tooling, onboarding documentation, and pipeline standards that define how engineers contribute to this platform. Reduce friction on the path to production without compromising security or quality. Work alongside the DevSecOps Evangelist to educate and embed DevSecOps best practices across engineering teams — supporting enablement sessions, flagging anti-patterns early, and ensuring every contributor understands and actively applies the platform's standards.
    • Runtime Security — Implement and operate runtime security controls across the platform's containerised workloads — including Falco for runtime threat detection and container security policy enforcement. Ensure anomalous container behaviour triggers automated alerts routed to the SOC and Platform Manager (Security). Work with the security team to continuously tune detection rules and close runtime security gaps.
    • Incident & Rollback Support — Maintain robust, tested rollback and re-deployment capabilities across all services and environments. Act as a key technical resource during platform incidents — diagnosing pipeline and deployment-layer failures, executing rollbacks, and restoring stability. Ensure all pipeline runbooks are documented, version-controlled, and regularly tested so that recovery from any deployment failure is fast, reliable, and well-practised.

    What We're Looking For

    Must Have

    • 4+ years of hands-on DevSecOps or DevOps engineering experience, with proven ownership of CI/CD pipelines in a production, cloud-native environment.
    • Expert-level experience with one or more of the platform's approved CI/CD tools — GitHub Actions, Azure DevOps Pipelines, GitLab CI, or Jenkins — and the ability to design, debug, and optimise complex pipeline workflows.
    • Hands-on experience integrating security tooling into CI/CD pipelines — including SAST, DAST, SCA, and secrets detection. You understand what each gate is checking and why it matters.
    • Strong container security knowledge — Docker image builds, base image governance, image scanning with Trivy or equivalent, and supply chain security with Snyk or equivalent.
    • Solid Infrastructure as Code experience — Terraform, Ansible, and Bash — with a clear understanding that all infrastructure must be provisioned through automated, version-controlled pipelines, never manually.
    • Hands-on experience with container orchestration platforms — Kubernetes on managed services (AKS, EKS) or serverless container platforms (Azure Container Apps, AWS App Runner / ECS Fargate).
    • Working knowledge of secrets management platforms — Azure Key Vault, AWS Secrets Manager, or equivalent — and experience integrating them into CI/CD workflows.

    Nice to Have

    • Experience with runtime security tooling — specifically Falco for container threat detection.
    • Familiarity with DORA metrics tooling and experience using engineering performance data to drive pipeline improvement.
    • Experience with serverless compute platforms — Azure Functions and/or AWS Lambda — for event-driven pipeline triggers or lightweight automation.
    • AWS and/or Microsoft Azure certification — Developer, DevOps, or Solutions Architect tracks.
    • Experience working in a fintech, banking, or regulated environment — with working knowledge of PCI DSS pipeline security requirements or CBN guidelines.
    • Familiarity with software bill of materials (SBOM) tooling and supply chain security frameworks (e.g., SLSA, NIST SSDF).

    Check how your CV aligns with this job

    Method of Application

    Interested and qualified? Go to Heirs Holdings on heirs-technologies.breezy.hr to apply

    Build your CV for free. Download in different templates.

  • Send your application

    View All Vacancies at Heirs Holdings Back To Home
View Hot Nigerian Jobs Today »

Career Advice

View All Career Advice
 

Subscribe to Job Alert

 

Join our happy subscribers

 
 
 
Send your application through

GmailGmail YahoomailYahoomail