Senior DevSecOps Engineer at Moniepoint Inc.

About The Role

• We are looking for a talented and proactive DevSecOps Engineer to join our growing security team. In this role, you will play a key part in integrating security into our software development lifecycle (SDLC), helping to build secure, scalable, and efficient systems from development to production. You will work cross-functionally with engineering, operations, and security teams to implement security best practices, automation, and tooling to enhance the overall security posture of our applications and infrastructure.

Responsibilities

Security Integration & Automation

• Integrate security tools and controls (SAST, WIZ, SCA, DAST, IaC, and mobile security scanners) into CI/CD pipelines.
• Automate security gate enforcement and continuous compliance checks across the SDLC.
• Build and maintain automated systems for monitoring and alerting on security threats, vulnerabilities, and misconfigurations.
• Create, develop, and implement solutions to address infrastructure and security requirements
• Identify the needs for build automation, designing, and implementing CICD solutions
• Consult on DevSecOps requirements from diverse application/line of business partners
• Create plug-and-play/reusable solutions and patterns for CICD pipelines

Tooling and Infrastructure

• Configure and maintain application security tooling, including SAST (e.g. SonarQube), SCA (e.g., Snyk, Black Duck), DAST (e.g., OWASP ZAP, Burp), and IaC scanners (e.g., Checkov).
• Manage security protections at the edge using WAFs (e.g Cloudflare), and ensure effective detection and response configurations are in place.

Scripting and Custom Security Engineering

• Write scripts and automation tools to streamline vulnerability triage, report generation, and security tasks.
• Develop custom tooling to integrate with development and operations workflows to enhance visibility and remediation speed.

Security Architecture & Risk Management

• Collaborate with engineering and infrastructure teams to embed security in design and architecture decisions.
• Participate in design reviews and threat modeling exercises to identify and mitigate risks early in the development lifecycle.

Monitoring, Detection, Incident Response and Vulnerability management

• Implement and manage detective controls to monitor infrastructure and application-level threats.
• Work closely with incident response teams to triage and respond to security alerts and events effectively.
• Work closely with the vulnerability management team to establish dashboards and monitoring around vulnerabilities.

Training & Awareness

• Educate engineering teams on secure development practices and ensure they are empowered with the tools and knowledge to write secure code.
• Promote DevSecOps culture and continuous improvement of security maturity across teams.

Qualifications

• Bachelor’s degree in Computer Science, Information Security, Engineering, or a related field.
• 5+ years of experience in DevSecOps, Application Security, or a similar security-focused role.
• Experience implementing security in CI/CD pipelines (e.g., GitLab, GitHub Actions, Jenkins).
• Strong knowledge of security standards and controls for SDLC and cloud-native environments.
• Proficiency in scripting languages (e.g., Python, Bash, Go, JavaScript).
• Hands-on experience with infrastructure-as-code (Terraform, CloudFormation) and related security testing.
• Familiarity with container security and orchestration platforms (e.g., Docker, Kubernetes).
• Experience using and managing Cloudflare or similar WAF/CDN platforms
• OSCP, CEH, GCPN, GPEN, AWS Security Specialty, or other relevant DevSecOps certifications are a plus

Skills

• Strong problem-solving skills with an automation-first mindset.
• Excellent collaboration and communication skills to work effectively across teams.
• Ability to prioritize and manage multiple security initiatives simultaneously.
• Detail-oriented, with a proactive approach to identifying and addressing security issues.