Senior Analyst, Pan African Payments & Settlement Systems (DevSecOps)

The Senior Analyst, DevSecOps is responsible for designing, securing, and operating a highly resilient cloud infrastructure environment by embedding security controls throughout the software development lifecycle and implementing cloud-native security defense capabilities. The role ensures secure application development, infrastructure resilience, proactive threat detection, incident response readiness, and protection of mission-critical payment infrastructure and digital assets.

The position is responsible for ensuring secure builds are deployed safely, cloud environments remain continuously hardened, vulnerabilities are proactively remediated, and security incidents are detected and contained at the earliest possible stage of compromise.

Key Responsibilities

1.Cloud Infrastructure Security Engineering

· Design, build, and maintain secure-by-default AWS cloud infrastructure supporting mission-critical payment systems.

· Implement baseline security hardening across AWS cloud services including IAM, KMS, EC2, ECS, EKS, VPCs, storage services, databases, and load balancers.

· Maintain cloud infrastructure security hardening posture at minimum 95% compliance across all security domains.

· Ensure infrastructure resilience, high availability, and secure cloud architecture principles are consistently implemented.

· Implement Zero Trust security architecture across the PAPSS cloud environment.

• DevSecOps Pipeline Security & Secure Software Delivery

· Integrate automated security controls into CI/CD pipelines to ensure secure development and deployment practices.

· Implement and manage security testing tools including Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Software Composition Analysis (SCA), container image scanning, dependency scanning, and secrets detection tools.

· Ensure 100% of application source code is continuously scanned using approved DevSecOps security testing mechanisms.

· Redesign and continuously improve PAPSS GitHub repositories and CI/CD workflows to ensure maximum security and resilience.

· Secure build environments by enforcing artifact integrity, software provenance controls, deployment promotion controls, and preventing pipeline abuse or credential leakage.

· Ensure zero source code exposure and prevent malicious or vulnerable deployments into production environments.

• Identity, Access Management & Workload Security
• Design and enforce least privilege access controls for users, services, and workloads across cloud environments.
• Implement role-based access controls, short-lived credentials management, and secure lifecycle management of secrets and cryptographic keys using appropriate technologies.
• Ensure zero exposure of sensitive secrets, credentials, private keys, and privileged access mechanisms.
• Secure containerized workloads and virtual machine environments by implementing workload isolation, secure metadata handling, network segmentation, service isolation, and runtime security controls.
• Prevent privilege escalation risks and eliminate standing privileged access within production environments.
• Security Monitoring, Vulnerability Management & Incident Response

· Own cloud security monitoring and alerting capabilities across all AWS accounts and cloud workloads.

· Design, implement, and continuously tune cloud security detection use cases covering privilege escalation, credential misuse, secrets exposure, CI/CD abuse, data exfiltration, and abnormal system behavior.

· Maintain near-zero critical and high-risk vulnerabilities in production environments.

· Ensure 100% remediation of critical vulnerabilities within defined service level agreements, prioritizing vulnerabilities under active exploitation or high probability of exploitation within a maximum of three days.

· Lead investigation, containment, and response activities for cloud security incidents and cyber threats.

· Maintain security monitoring and incident response capabilities capable of detecting and responding during or before the earliest stage of compromise (“Initial Access”).

· Support cyber resilience initiatives, ransomware response planning, and recovery readiness for critical systems.

• Compliance Responsibilities
• Understand and adhere to the Bank's AML, Regulatory and Conduct Compliance policies and procedures, notably.

a. Staff Handbook (has code of conduct provisions)

b. Anti-Money Laundering (AML), Counter Financing of Terrorism and Counter Proliferation Financing

c. Conflicts of Interest and Policies on Staff Involvement in External Engagements/Activities

d. Anti-Bribery & Corruption

e. Insider Trading Guidelines

• Report any suspicious or non-compliant activities or matters relating to the Bank’s staff or the customers to the Compliance Department.
• Complete the Annual Compliance Training/Assessment.

Academic Qualifications

Bachelor’s Degree in Computer Engineering, Computer Science, Information Technology, Cyber Security, or related discipline.

Relevant postgraduate/professional qualification is an added advantage.

Professional Experience

· Minimum 5+ years of experience in Cloud Engineering, DevSecOps, or Cloud Security Engineering roles.

· Proven hands-on experience securing AWS cloud environments in enterprise production settings.

· Experience operating within highly regulated environments such as banking, fintech, financial services, or payment systems.

· Demonstrated experience in cloud security monitoring, threat detection, vulnerability management, and incident response within cloud-native environments.

· Experience with zero‑trust architecture.

• Private Health Insurance
• Training & Development
• Performance Bonus