• Application Deadline:
• Position: Senior DevSecOps Engineer



• Job Type Full Time , Remote



• Qualification BA/BSc/HND



• Experience 5 years



• Location Lagos




• Job Field ICT / Computer 
  
  

Job Summary

• We are looking for a talented and proactive DevSecOps Engineer to join our growing security team.


• In this role, you will play a key part in integrating security into our software development lifecycle (SDLC), helping to build secure, scalable, and efficient systems from development to production.


• You will work cross-functionally with engineering, operations, and security teams to implement security best practices, automation, and tooling to enhance the overall security posture of our applications and infrastructure.

Key Responsibilities

Security Integration & Automation:

• Integrate security tools and controls (SAST, WIZ, SCA, DAST, IaC, and mobile security scanners) into CI/CD pipelines.


• Automate security gate enforcement and continuous compliance checks across the SDLC.


• Build and maintain automated systems for monitoring and alerting on security threats, vulnerabilities, and misconfigurations.


• Create, develop, and implement solutions to address infrastructure and security requirements


• Identify the needs for build automation, designing, and implementing CICD solutions


• Consult on DevSecOps requirements from diverse application/line of business partners


• Create plug-and-play/reusable solutions and patterns for CICD pipelines.

Tooling and Infrastructure:

• Configure and maintain application security tooling, including SAST (e.g. SonarQube), SCA (e.g., Snyk, Black Duck), DAST (e.g., OWASP ZAP, Burp), and IaC scanners (e.g., Checkov).


• Manage security protections at the edge using WAFs (e.g Cloudflare), and ensure effective detection and response configurations are in place.

Scripting and Custom Security Engineering:

• Write scripts and automation tools to streamline vulnerability triage, report generation, and security tasks.


• Develop custom tooling to integrate with development and operations workflows to enhance visibility and remediation speed.

Security Architecture & Risk Management:

• Collaborate with engineering and infrastructure teams to embed security in design and architecture decisions.


• Participate in design reviews and threat modeling exercises to identify and mitigate risks early in the development lifecycle.

Monitoring, Detection, Incident Response and Vulnerability management:

• Implement and manage detective controls to monitor infrastructure and application-level threats.


• Work closely with incident response teams to triage and respond to security alerts and events effectively.


• Work closely with the vulnerability management team to establish dashboards and monitoring around vulnerabilities.

Training & Awareness:

• Educate engineering teams on secure development practices and ensure they are empowered with the tools and knowledge to write secure code.


• Promote DevSecOps culture and continuous improvement of security maturity across teams.

Qualifications

• Bachelor’s Degree in Computer Science, Information Security, Engineering, or a related field.


• 5+ years of experience in DevSecOps, Application Security, or a similar security-focused role.


• Experience implementing security in CI/CD pipelines (e.g., GitLab, GitHub Actions, Jenkins).


• Strong knowledge of security standards and controls for SDLC and cloud-native environments.


• Proficiency in scripting languages (e.g., Python, Bash, Go, JavaScript).


• Hands-on experience with infrastructure-as-code (Terraform, CloudFormation) and related security testing.


• Familiarity with container security and orchestration platforms (e.g., Docker, Kubernetes).


• Experience using and managing Cloudflare or similar WAF/CDN platforms


• OSCP, CEH, GCPN, GPEN, AWS Security Specialty, or other relevant DevSecOps certifications are a plus.

Skills:

• Strong problem-solving skills with an automation-first mindset.


• Excellent collaboration and communication skills to work effectively across teams.


• Ability to prioritize and manage multiple security initiatives simultaneously.


• Detail-oriented, with a proactive approach to identifying and addressing security issues