Principal Security Engineer / Head of IT and Security
Location | Zanzibar, Tanzania, United Republic of |
Date Posted | February 3, 2023 |
Category | Engineering IT / Information Technology |
Job Type | Full-time |
Currency | TZS |
Description
Principal Security Engineer / Head of IT and Security
Location: Zanzibar or Nairobi or Bangalore
Wasoko is looking for a highly motivated individual with deep information security experience in distributed services, and cloud environments. You will be founding a security engineer that would work to protect sensitive company information, handle potential data breaches, and implement strong security and data governance controls. You will pioneer a company-wide cultural awareness and understanding of security best practices, collaborating to define processes and standards and helping other teams execute security-focused projects.
This role has the potential to lead our entire IT team over time as a qualified leader. We view IT as a function of a secure, monitored, automated self-operating system with a low-cost footprint. The aspiring engineer will set up Wasoko as one of the leading commerce businesses with a strong security posture within Africa.
What you will do in this role:
- Audit GCP-hosted distributed services and customer data to identify vulnerabilities and gaps
- Evaluate the security posture of our corporate IT systems, networks and data
- Architect Wasoko's cyber security guiding principles and best practices
- Engineer and build automation, tools that scale to then continuously protect our systems
- Set up governance standards, and best practices working with developers and SREs
- Own and drive response to any security incidents at tier-1
- Set up security standards and roadmap for payment-related services
- Become a voice of security, develop mechanisms to establish a culture of security across Wasoko
- Partner with the products to instil customer first approach in everything security
Requirements:
- Hands-on operating at excellence experience as a head security engineer for a high-traffic production system
- Deep knowledge of cloud security architecture and toolset (GCP preferred)
- Expert with developer security standards and ways to address them (OWASP top 10 e.g.)
- Experience with compliance standards (e.g. PCI DSS)
- CISSP or other security certification
- Applied knowledge of security testing a plus SAST, DAST, and SCA
- Expert in python, ruby to golang
- Excellent communication, collaboration and influencing skills ` clarity of thought, articulation, data drives and fact-based
Nice to have:
- Payment and mobile security experience in scaling e-commerce environment
- Experience building security functions from the ground up in a startup that scale