Principal Security Engineer / Head of IT and Security

at Wasoko
Location Zanzibar, Tanzania, United Republic of
Date Posted February 3, 2023
Category Engineering
IT / Information Technology
Job Type Full-time
Currency TZS

Description

Principal Security Engineer / Head of IT and Security

Location: Zanzibar or Nairobi or Bangalore

Wasoko is looking for a highly motivated individual with deep information security experience in distributed services, and cloud environments. You will be founding a security engineer that would work to protect sensitive company information, handle potential data breaches, and implement strong security and data governance controls. You will pioneer a company-wide cultural awareness and understanding of security best practices, collaborating to define processes and standards and helping other teams execute security-focused projects.

This role has the potential to lead our entire IT team over time as a qualified leader. We view IT as a function of a secure, monitored, automated self-operating system with a low-cost footprint. The aspiring engineer will set up Wasoko as one of the leading commerce businesses with a strong security posture within Africa.

What you will do in this role:

  • Audit GCP-hosted distributed services and customer data to identify vulnerabilities and gaps
  • Evaluate the security posture of our corporate IT systems, networks and data
  • Architect Wasoko's cyber security guiding principles and best practices
  • Engineer and build automation, tools that scale to then continuously protect our systems
  • Set up governance standards, and best practices working with developers and SREs
  • Own and drive response to any security incidents at tier-1
  • Set up security standards and roadmap for payment-related services
  • Become a voice of security, develop mechanisms to establish a culture of security across Wasoko
  • Partner with the products to instil customer first approach in everything security

Requirements:

  • Hands-on operating at excellence experience as a head security engineer for a high-traffic production system
  • Deep knowledge of cloud security architecture and toolset (GCP preferred)
  • Expert with developer security standards and ways to address them (OWASP top 10 e.g.)
  • Experience with compliance standards (e.g. PCI DSS)
  • CISSP or other security certification
  • Applied knowledge of security testing a plus SAST, DAST, and SCA
  • Expert in python, ruby to golang
  • Excellent communication, collaboration and influencing skills ` clarity of thought, articulation, data drives and fact-based

Nice to have:

  • Payment and mobile security experience in scaling e-commerce environment
  • Experience building security functions from the ground up in a startup that scale