MTN Nigeria is part of the MTN Group, Africa\'s leading cellular telecommunications company. On May 16, 2001, MTN became the first GSM network to make a call following the globally lauded Nigerian GSM auction conducted by the Nigerian Communications Commission earlier in the year. Thereafter the company launched full commercial operations beginning wi...
Read more about this company
Reports To: Senior Manager - Information Security
Division: Information Technology
Mission:
The Senior Specialist, DevSecOps is responsible for the delivery of the design, implementation , and continuous improvement of secure DevOps processes within MTN Nigeria by integrating security controls, automation, and monitoring into CI/CD pipelines, ensuring rapid delivery of high-quality and secure applications. They will drive a security-first engineering culture by proactively identifying risks, automating security controls, and enabling development teams to deliver scalable, compliant, and resilient systems at speed.
Description:
The role operates within a highly complex internal technology and delivery ecosystem, requiring deep technical expertise and strong coordination across multiple domains:
- Application & Platform Complexity
-
- Securing diverse enterprise applications, digital platforms, with varying architectures (monolithic, microservices, APIs)
- Managing security across legacy systems and modern cloud-native applications
- Ensuring consistent security standards across multiple development teams and product lines
- CI/CD & DevOps Integration
-
- Embedding security into end-to-end CI/CD pipelines without disrupting delivery timelines
- Managing integration of multiple security tools (SAST, DAST, SCA, secrets scanning) within automated workflows
- Handling pipeline failures, false positives, and tuning tools for optimal performance
- Cloud & Infrastructure Complexity
-
- Securing multi-cloud and hybrid environments with differing configurations and controls
- Implementing secure Infrastructure as Code (IaC) while maintaining scalability and consistency
- Managing containerized environments (e.g., Kubernetes) with evolving security requirements
- Data Protection & Access Control
-
- Enforcing data security, encryption, and access governance across internal systems
- Managing identity and access controls (IAM) for developers, systems, and applications
- Ensuring proper handling of sensitive customer and business data across environments
- Tooling & Automation Challenges
-
- Selecting, integrating, and maintaining DevSecOps toolchains across the organization
- Ensuring interoperability between tools (CI/CD, security scanners, ticketing systems, SIEM)
- Continuously optimizing automation to reduce manual intervention
- Compliance & Internal Governance
-
- Aligning internal processes with security policies, standards, and audit requirements
- Supporting internal audits, risk assessments, and control validations
- Maintaining documentation and evidence for compliance without slowing delivery
Education:
- Bachelor’s degree
- Master’s in information science is preferred
- Certification:Security Certifications (Minimum of 1)
- Certified Information Systems Security Professional (CISSP)
- Certified Information Security Manager (CISM)
- Certified Ethical Hacker (CEH)
- Cloud & DevSecOps related professional Certifications
- AWS Certified Security – Specialty
- Microsoft Azure Security Engineer Associate
- Google Professional Cloud Security Engineer
- Certified Kubernetes Security Specialist (CKS)
Experience:
6–13 years experience in IT, Cybersecurity, or DevOps roles
- Minimum of 5+ years specifically in DevSecOps
- Experience in large-scale, high-availability environments (telecom, fintech, or enterprise IT)
- Proven track record of implementing secure CI/CD pipelines and automation
- Proficiency in:
- Secure software development lifecycle
- Cloud security architecture (AWS, Azure, GCP)
- Containerization and orchestration security (Docker, Kubernetes)
- API security and microservices architecture
- Identity and Access Management (IAM)
- Vulnerability management and security testing tools (SAST, DAST, SCA)
- Experience working in a large organization