Head of DevSecOps-Fintech at Career Shop

Head of DevSecOps-Fintech

• Job TypeFull Time
• QualificationBA/BSc/HND
• Experience7 years
• LocationNairobi
• Job FieldICT / Computer&nbsp

Our client, a payment services provider, seeks to recruit a Head of DevSecOps. He/she will lead and embed security across the software development and operations lifecycle, ensuring systems are built and maintained securely, in line with business needs and regulatory standards. This includes overseeing Vulnerability Assessment and Penetration Testing (VAPT) to proactively identify and address security risks across applications and infrastructure.

Department: Information Technology

Reporting to: Group CTO

Key Duties & Responsibilities

• Lead the deployment and optimization of Terraform, Kubernetes (including AKS), Flux, GitHub Actions, and GCP to manage secure, scalable cloud environments.
• Design and manage advanced Kubernetes networking solutions and virtual network architectures to ensure secure and efficient data flow between containers and virtual machines across multiple cloud environments.
• Oversee the configuration and management of virtual machines and virtual networks, ensuring they are optimized for high availability and compliance with security standards.
• Develop and enforce automated workflows with GitHub Actions to maintain security protocols and streamline development processes across virtual and cloud-based platforms.
• Monitor cloud resource costs and system observability to ensure efficient resource utilization and proactive management of operational issues.
• Facilitate the development and implementation of robust multi-cloud architectures, focusing on security and operational flexibility across various platforms including Azure and Google Cloud.
• Lead strategic discussions on cloud security, virtual network strategies, DevSecOps tool integration, and effective resource management.
• Mentor team members in best practices for managing virtual networks, virtual machines, and secure, efficient use of DevSecOps technologies.
• Implement security best practices throughout the SDLC, including code reviews, static and dynamic analysis, vulnerability scanning, and penetration testing.
• Design and implement automated security testing and monitoring tools to identify vulnerabilities and security weaknesses. 
• Develop and maintain security policies, standards, and procedures to ensure compliance with regulatory requirements and industry best practices.
• Monitor systems and networks for security breaches, investigate security incidents, and develop response strategies to mitigate risks.
• Provide security guidance and support to development and operations teams, including training and awareness programs.
• Stay up to date with the latest security threats, vulnerabilities, and trends, and recommend appropriate countermeasures and solutions.
• Participate in incident response activities and contribute to the development of incident response plans and playbooks.
• Collaborate with cross-functional teams to promote a culture of security awareness and continuous improvement.

Skills and Experience

• Bachelor's degree in computer science, Information Security, or related field; with at least 7 years of experience in DevOps and/or cyber security roles.
• Extensive leadership experience in managing DevSecOps operations, particularly with a strong focus on virtual networks, virtual machines, Terraform, Kubernetes, Flux, GitHub Actions, AKS, and GCP.
• Expert knowledge of networking concepts, particularly in virtual and cloud settings, including security configurations and multi-cloud architectures.
• Strong understanding of software development methodologies (Agile, Scrum, etc.) and DevOps principles.
• In-depth knowledge of security concepts, protocols, and technologies (encryption, authentication, access control, etc.).
• Hands-on experience with security tools and technologies, such as vulnerability scanners, intrusion detection/prevention systems, SIEM, etc.
• Proficiency in scripting and programming languages (Python, PowerShell, Bash, etc.) for automation and tool development.
• Hands on experience on Infrastructure automation tools like Terraform, Kubernetes, Ansible.
• Experience with cloud platforms (AWS, Azure, GCP) and containerization technologies (Docker, Kubernetes).
• Certifications such as CISSP, CISM, CEH, CompTIA Security+, or relevant vendor-specific certifications are a plus.
• Excellent communication and collaboration skills, with the ability to work effectively in a cross-functional team environment.
• Strategic and analytical thinking with outstanding leadership capabilities.
• Deep technical expertise in virtual networks, virtual machines, and complex cloud environments.
• Strong communication and team management skills.
• Expertise in cloud resource cost monitoring and system observability.

Method of Application

Applicants who meet the requirements stated above should send their applications and detailed CVs with a day - time telephone number to the email address: jobs@career-shop.com  with Head of DevSecOps  on the Subject line. Candidates MUST indicate their Current and Expected salaries.