Principal Security Engineer / Head of IT and Security

Location: Zanzibar or Nairobi or Bangalore

Wasoko is looking for a highly motivated individual with deep information security experience in distributed services, cloud environments. You will be founding a security engineer that would work to protect sensitive company information, handle potential data breaches, and implement strong security and data governance controls. You will pioneer a company-wide cultural awareness and understanding of security best practices, collaborating to define processes and standards and helping other teams execute security-focused projects.

This role has potential to lead our entire IT team over time for a qualified leader. We view IT as a function of a secure, monitored, automated self operating system with a low cost footprint. The aspiring engineer will set up Wasoko as one of the leading commerce businesses with strong security posture within Africa.

What you will do in this role:

• Audit GCP hosted distributed services and customer data to identify vulnerabilities and gaps
• Evaluate security posture of our corporate IT systems, networks and data
• Architect Wasoko cyber security guiding principles and best practices
• Engineer and build automation, tools that scales to then continuously protect our systems
• Set up governance standards, best practices working with developers and SREs
• Own and drive response to any security incidents at tier-1
• Set up security standards and roadmap for payment related services
• Become a voice of security, develop mechanism to establish culture of security across Wasoko
• Partner with product to instill customer first approach in everything security

Requirements:

• Hands on operating at excellence experience as head security engineer for high traffic production system
• Deep knowledge of cloud security architecture and tool set (GCP preferred)
• Expert with developer security standards and ways to address them (OWASP top 10 e.g.)
• Experience with compliance standards (e.g. PCI DSS)
• CISSP or other security certification
• Applied knowledge of security testing a plus SAST, DAST, and SCA
• Expert at python, ruby to golang
• Excellent communication, collaboration and influencing skills ` clarity of thought, articulate, data drives and fact based

Nice to have:

Payment and mobile security experience in scaling ecommerce environment

Experience building security function from ground up in a startup that scale