Latest Jobs at CapitalSage Technology Limited

Role Summary

• We are seeking a highly skilled DevSecOps Engineer with strong hands-on experience in secure DevOps practices and penetration testing. The ideal candidate will be responsible for embedding security across the CI/CD pipeline, cloud infrastructure, and application lifecycle while conducting regular vulnerability assessments and penetration testing across our digital assets.
• This role is critical in ensuring the confidentiality, integrity, and availability of our systems, particularly within a fintech and regulated environment.

Key Responsibilities

DevSecOps & Secure Engineering

• Integrate security controls into CI/CD pipelines.
• Implement and manage automated security testing (SAST, DAST, SCA, IaC scanning).
• Secure containerized workloads (Docker, Kubernetes).
• Harden cloud infrastructure (AWS, Azure, GCP, etc.).
• Implement Zero Trust security principles.
• Manage secrets, keys, and certificate lifecycle.
• Conduct code reviews with a focus on secure coding practices.
• Implement and maintain WAF, EDR, and cloud security tooling.

Penetration Testing & Vulnerability Management

• Conduct internal and external penetration testing (web, mobile, API, cloud).
• Perform red team simulations and adversarial testing.
• Execute vulnerability assessments using industry tools.
• Identify, exploit (where appropriate), and document security weaknesses.
• Provide remediation guidance to development and infrastructure teams.
• Conduct re-testing and validation of remediated vulnerabilities.
• Maintain a structured vulnerability management lifecycle.

Cloud & Infrastructure Security

• Secure multi-cloud environments.
• Implement infrastructure-as-code security controls.
• Monitor logs using SIEM tools and investigate security incidents.
• Ensure compliance alignment (PCI-DSS, ISO 27001, NDPA, etc.).

Governance & Reporting

• Develop security baselines and hardening standards.
• Prepare technical and executive-level security reports.
• Support regulatory and third-party audits.
• Develop and maintain security documentation and playbooks.

Required Qualifications

• Bachelor’s degree in Computer Science, Cybersecurity, or related field.
• 3 – 8 years of experience in DevOps, Security Engineering, or Penetration Testing.
• Strong understanding of secure SDLC.
• Strong knowledge of OWASP Top 10 and API security risks.
• Experience with Linux systems and scripting (Bash, Python).

Hands-on experience with:

• CI/CD tools (GitHub Actions, GitLab CI, Jenkins)
• Cloud platforms (AWS, Azure, or GCP)
• Containerization (Docker, Kubernetes)
• SAST/DAST tools
• Infrastructure as Code (Terraform, CloudFormation)

Preferred Certifications

• OSCP / OSWE
• CEH
• AWS Security Specialty
• CISSP (optional but advantageous)
• ISO 27001 Lead Implementer / Auditor (advantage)

Technical Skills

• Web and API penetration testing
• Network penetration testing
• Cloud security testing
• Secure coding principles
• Threat modeling
• Log analysis and incident response
• Automation scripting

Soft Skills

• Strong analytical and problem-solving ability
• Excellent report writing and documentation skills
• Ability to communicate technical risks to executive leadership
• Strong cross-functional collaboration skills
• Proactive and security-first mindset

Key Performance Indicators (KPIs)

• Reduction in critical/high vulnerabilities
• Secure pipeline integration coverage
• Time-to-remediation for identified vulnerabilities
• Compliance audit readiness
• Security automation maturity level

go to method of application »

Role Summary

We are seeking a Regulatory & Compliance Officer with solid technical security knowledge to bridge the gap between regulatory requirements and technology implementation.

This role ensures that regulatory obligations are not just documented, but technically enforced across infrastructure, applications, cloud environments, and digital banking platforms. The ideal candidate understands how compliance maps to firewalls, logs, encryption, access control, APIs, and cloud security configurations.

Core Responsibilities

Regulatory Compliance & Interpretation

• Interpret financial and data protection regulations and translate them into technical and operational controls.
• Ensure compliance with Central Bank guidelines and fintech regulations.
• Liaise with regulators and manage regulatory examinations.
• Prepare and submit regulatory returns and statutory reports.

Technical Compliance & Security Oversight

• Validate implementation of security controls across systems.
• Review firewall rules, access controls, IAM policies, and encryption standards.
• Ensure secure configuration baselines are maintained.
• Review vulnerability assessment and penetration testing reports.
• Track remediation of critical and high-risk findings.
• Validate logging, monitoring, and incident response readiness.

Data Protection & Privacy Governance

• Ensure compliance with National Data Protection Commission regulations (NDPA/NDPR).
• Oversee Data Protection Impact Assessments (DPIA).
• Validate encryption and data retention controls.
• Manage breach notification processes.

Financial & Security Standards Compliance

• Oversee compliance with:
• PCI-DSS
• NDPA
• Central Bank Of Nigeria
• AML/CFT
• KYC regulations
• ISO 27001 controls
• Map regulatory requirements to technical controls.
• Support security audits and QSA assessments.

Audit & Risk Management

• Maintain compliance risk register.
• Conduct control effectiveness reviews.
• Coordinate internal and external audits.
• Provide compliance dashboards to executive management.

Policy, Training & Awareness

• Develop compliance and information security policies.
• Conduct regulatory and security awareness sessions.
• Promote accountability across business and technical teams.

Required Qualifications

• Bachelor’s degree in Law, Cybersecurity, IT, Finance, or related field.
• 3+ years experience in fintech, banking, or regulated digital environments.
• Strong understanding of both regulatory frameworks and technical security controls.
• Experience working with DevOps, Security, or Infrastructure teams.

Technical Knowledge Required

Understanding of:

• Cloud security (AWS/Azure/GCP basics)
• IAM and access control models
• Encryption standards (TLS, AES)
• Logging & SIEM concepts
• Vulnerability management lifecycle
• API security principles
• Ability to read and interpret technical security reports.

Preferred Certifications

• CISM or CISSP
• CAMS
• ISO 27001 Lead Implementer / Auditor
• CDPO
• PCI Internal Security Assessor (ISA)

Core Competencies

• Regulatory interpretation with technical mapping ability
• Strong documentation and policy drafting skills
• Analytical and risk-based thinking
• Executive communication capability
• Cross-functional leadership

Key Performance Indicators (KPIs)

• Zero regulatory sanctions.
• Timely remediation of audit findings.
• Improved compliance maturity score.
• Reduced repeat compliance findings.
• Audit readiness at all times.