Senior DevSecOps Engineer

Who we are

Moniepoint Inc. is Africa’s all-in-one financial ecosystem, helping 10 million businesses and individuals access seamless payments, banking, credit, and business management tools since 2019.

As Nigeria’s largest merchant acquirer, it powers most of the country’s Point of Sale (POS) transactions. Through its subsidiaries, Moniepoint Inc. processes $22 billion monthly for its customers while operating profitably.

Curious about what makes Moniepoint an incredible place to work? Check out posts on how we cultivate a culture of innovation, teamwork, and growth.

About the role

We are looking for a talented and proactive DevSecOps Engineer to join our growing security team. In this role, you will play a key part in integrating security into our software development lifecycle (SDLC), helping to build secure, scalable, and efficient systems from development to production. You will work cross-functionally with engineering, operations, and security teams to implement security best practices, automation, and tooling to enhance the overall security posture of our applications and infrastructure.

Responsibilities

Security Integration & Automation

• Integrate security tools and controls (SAST, WIZ, SCA, DAST, IaC, and mobile security scanners) into CI/CD pipelines.
• Automate security gate enforcement and continuous compliance checks across the SDLC.
• Build and maintain automated systems for monitoring and alerting on security threats, vulnerabilities, and misconfigurations.
• Create, develop, and implement solutions to address infrastructure and security requirements
• Identify the needs for build automation, designing, and implementing CICD solutions
• Consult on DevSecOps requirements from diverse application/line of business partners
• Create plug-and-play/reusable solutions and patterns for CICD pipelines

Tooling and Infrastructure

• Configure and maintain application security tooling, including SAST (e.g. SonarQube), SCA (e.g., Snyk, Black Duck), DAST (e.g., OWASP ZAP, Burp), and IaC scanners (e.g., Checkov).
• Manage security protections at the edge using WAFs (e.g Cloudflare), and ensure effective detection and response configurations are in place.

Scripting and Custom Security Engineering

• Write scripts and automation tools to streamline vulnerability triage, report generation, and security tasks.
• Develop custom tooling to integrate with development and operations workflows to enhance visibility and remediation speed.

Security Architecture & Risk Management

• Collaborate with engineering and infrastructure teams to embed security in design and architecture decisions.
• Participate in design reviews and threat modeling exercises to identify and mitigate risks early in the development lifecycle.

Monitoring, Detection, Incident Response and Vulnerability management

• Implement and manage detective controls to monitor infrastructure and application-level threats.
• Work closely with incident response teams to triage and respond to security alerts and events effectively.
• Work closely with the vulnerability management team to establish dashboards and monitoring around vulnerabilities.

Training & Awareness

• Educate engineering teams on secure development practices and ensure they are empowered with the tools and knowledge to write secure code.
• Promote DevSecOps culture and continuous improvement of security maturity across teams.

Qualifications

• Bachelor’s degree in Computer Science, Information Security, Engineering, or a related field.
• 5+ years of experience in DevSecOps, Application Security, or a similar security-focused role.
• Experience implementing security in CI/CD pipelines (e.g., GitLab, GitHub Actions, Jenkins).
• Strong knowledge of security standards and controls for SDLC and cloud-native environments.
• Proficiency in scripting languages (e.g., Python, Bash, Go, JavaScript).
• Hands-on experience with infrastructure-as-code (Terraform, CloudFormation) and related security testing.
• Familiarity with container security and orchestration platforms (e.g., Docker, Kubernetes).
• Experience using and managing Cloudflare or similar WAF/CDN platforms
• OSCP, CEH, GCPN, GPEN, AWS Security Specialty, or other relevant DevSecOps certifications are a plus

Skills

• Strong problem-solving skills with an automation-first mindset.
• Excellent collaboration and communication skills to work effectively across teams.
• Ability to prioritize and manage multiple security initiatives simultaneously.
• Detail-oriented, with a proactive approach to identifying and addressing security issues.

What we can offer you

• Culture -We put our people first and prioritize the well-being of every team member. We’ve built a company where all opinions carry weight and where all voices are heard. We value and respect each other and always look out for one another. Above all, we are human.
• Learning - We have a learning and development-focused environment with an emphasis on knowledge sharing, training, and regular internal technical talks.
• Compensation - You’ll receive an attractive salary, pension, health insurance,, Employee Stock Options, annual bonus, plus other benefits.
  

What to expect in the hiring process

• A preliminary phone call with the recruiter
• A technical interview with a Lead in our Engineering Team
• A behavioural and technical interview with a member of the Executive team.