Senior Analyst, Pan African Payments & Settlement Systems (DevSecOps)
Quick Summary
1.Cloud Infrastructure Security Engineering · Design, build, and maintain secure-by-default AWS cloud infrastructure supporting mission-critical payment systems.
The Senior Analyst, DevSecOps is responsible for designing, securing, and operating a highly resilient cloud infrastructure environment by embedding security controls throughout the software development lifecycle and implementing cloud-native security defense capabilities. The role ensures secure application development, infrastructure resilience, proactive threat detection, incident response readiness, and protection of mission-critical payment infrastructure and digital assets.
The position is responsible for ensuring secure builds are deployed safely, cloud environments remain continuously hardened, vulnerabilities are proactively remediated, and security incidents are detected and contained at the earliest possible stage of compromise.
Key Responsibilities:
· Design, build, and maintain secure-by-default AWS cloud infrastructure supporting mission-critical payment systems.
· Implement baseline security hardening across AWS cloud services including IAM, KMS, EC2, ECS, EKS, VPCs, storage services, databases, and load balancers.
· Maintain cloud infrastructure security hardening posture at minimum 95% compliance across all security domains.
· Ensure infrastructure resilience, high availability, and secure cloud architecture principles are consistently implemented.
· Implement Zero Trust security architecture across the PAPSS cloud environment.
· Integrate automated security controls into CI/CD pipelines to ensure secure development and deployment practices.
· Implement and manage security testing tools including Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Software Composition Analysis (SCA), container image scanning, dependency scanning, and secrets detection tools.
· Ensure 100% of application source code is continuously scanned using approved DevSecOps security testing mechanisms.
· Redesign and continuously improve PAPSS GitHub repositories and CI/CD workflows to ensure maximum security and resilience.
· Secure build environments by enforcing artifact integrity, software provenance controls, deployment promotion controls, and preventing pipeline abuse or credential leakage.
· Ensure zero source code exposure and prevent malicious or vulnerable deployments into production environments.
- Design and enforce least privilege access controls for users, services, and workloads across cloud environments.
- Implement role-based access controls, short-lived credentials management, and secure lifecycle management of secrets and cryptographic keys using appropriate technologies.
- Ensure zero exposure of sensitive secrets, credentials, private keys, and privileged access mechanisms.
- Secure containerized workloads and virtual machine environments by implementing workload isolation, secure metadata handling, network segmentation, service isolation, and runtime security controls.
- Prevent privilege escalation risks and eliminate standing privileged access within production environments.
· Own cloud security monitoring and alerting capabilities across all AWS accounts and cloud workloads.
· Design, implement, and continuously tune cloud security detection use cases covering privilege escalation, credential misuse, secrets exposure, CI/CD abuse, data exfiltration, and abnormal system behavior.
· Maintain near-zero critical and high-risk vulnerabilities in production environments.
· Ensure 100% remediation of critical vulnerabilities within defined service level agreements, prioritizing vulnerabilities under active exploitation or high probability of exploitation within a maximum of three days.
· Lead investigation, containment, and response activities for cloud security incidents and cyber threats.
· Maintain security monitoring and incident response capabilities capable of detecting and responding during or before the earliest stage of compromise (“Initial Access”).
· Support cyber resilience initiatives, ransomware response planning, and recovery readiness for critical systems.
Responsibilities
~1 min read1. Understand and adhere to the Bank's AML, Regulatory and Conduct Compliance policies and procedures, notably.
a. Staff Handbook (has code of conduct provisions)
b. Anti-Money Laundering (AML), Counter Financing of Terrorism and Counter Proliferation Financing
c. Conflicts of Interest and Policies on Staff Involvement in External Engagements/Activities
d. Anti-Bribery & Corruption
e. Insider Trading Guidelines
2. Report any suspicious or non-compliant activities or matters relating to the Bank’s staff or the customers to the Compliance Department.
3. Complete the Annual Compliance Training/Assessment.
Requirements
~1 min readBachelor’s Degree in Computer Engineering, Computer Science, Information Technology, Cyber Security, or related discipline.
Relevant postgraduate/professional qualification is an added advantage.
· Minimum 5+ years of experience in Cloud Engineering, DevSecOps, or Cloud Security Engineering roles.
· Proven hands-on experience securing AWS cloud environments in enterprise production settings.
· Experience operating within highly regulated environments such as banking, fintech, financial services, or payment systems.
· Demonstrated experience in cloud security monitoring, threat detection, vulnerability management, and incident response within cloud-native environments.
· Experience with zero‑trust architecture.
- Private Health Insurance
- Training & Development
- Performance Bonus
Location & Eligibility
Listing Details
- Posted
- June 25, 2026
- First seen
- July 13, 2026
- Last seen
- July 13, 2026
Posting Health
- Days active
- 0
- Repost count
- 0
- Trust Level
- 21%
- Scored at
- July 13, 2026
Signal breakdown
Please let Afreximbank know you found this job on Jobera.
4 other jobs at Afreximbank
View all →Explore open roles at Afreximbank.
Similar Payments jobs
View all →Browse Similar Jobs
Stay ahead of the market
Get the latest job openings, salary trends, and hiring insights delivered to your inbox every week.
No spam. Unsubscribe at any time.