Principal Security Engineer / Head of IT and Security

Location: Zanzibar or Nairobi or Bangalore

Wasoko is looking for a highly motivated individual with deep information security experience in distributed services, and cloud environments. You will be founding a security engineer that would work to protect sensitive company information, handle potential data breaches, and implement strong security and data governance controls. You will pioneer a company-wide cultural awareness and understanding of security best practices, collaborating to define processes and standards and helping other teams execute security-focused projects.

This role has the potential to lead our entire IT team over time as a qualified leader. We view IT as a function of a secure, monitored, automated self-operating system with a low-cost footprint. The aspiring engineer will set up Wasoko as one of the leading commerce businesses with a strong security posture within Africa.

What you will do in this role:

• Audit GCP-hosted distributed services and customer data to identify vulnerabilities and gaps
• Evaluate the security posture of our corporate IT systems, networks and data
• Architect Wasoko's cyber security guiding principles and best practices
• Engineer and build automation, tools that scale to then continuously protect our systems
• Set up governance standards, and best practices working with developers and SREs
• Own and drive response to any security incidents at tier-1
• Set up security standards and roadmap for payment-related services
• Become a voice of security, develop mechanisms to establish a culture of security across Wasoko
• Partner with the products to instil customer first approach in everything security

Requirements:

• Hands-on operating at excellence experience as a head security engineer for a high-traffic production system
• Deep knowledge of cloud security architecture and toolset (GCP preferred)
• Expert with developer security standards and ways to address them (OWASP top 10 e.g.)
• Experience with compliance standards (e.g. PCI DSS)
• CISSP or other security certification
• Applied knowledge of security testing a plus SAST, DAST, and SCA
• Expert in python, ruby to golang
• Excellent communication, collaboration and influencing skills ` clarity of thought, articulation, data drives and fact-based

Nice to have:

• Payment and mobile security experience in scaling e-commerce environment
• Experience building security functions from the ground up in a startup that scale