Infrastructure Security Engineer

About Quidax

Quidax is where crypto meets limitless possibilities. Were making digital asset access effortless for individuals businesses and fintechs in Africa. Our goal Providing real value for our customers while driving the future of Finance.

About the Role

Were looking for an Infrastructure Security Engineer who can build and maintain a strong security posture in a fast-moving high-stakes financial environment without slowing the business down.

This role sits at the heart of our security infrastructure protecting our cloud networks endpoints databases code repositories data stores and critical systems. Youll be designing re-designing fixing and continuously improving how we secure Quidax at scale.

If youre the kind of person who is very meticulous process oriented logical and has a passion for cybersecurity technologies youll fit right in.

What Youll Be Owning

Security Solutions Configuration Review & Optimization

• Within 30 days the Infrastructure Security Engineer should be able to carry out configuration of various security solutions including network firewalls Endpoint Detection & Response Solutions Web Application Firewalls Cloud Native Application Protection Platforms Security Incident and Event Management Security Orchestration Automation and Response Solutions Identity Provider Solutions and Threat Management Solutions among others.
• Within 90 days the Infrastructure Security Engineer should be able to carry out reviews & optimizations on various security solutions in compliance with the established policies.
• Within 180 days the Infrastructure Security Engineer should review current security baselines & ensure alignment of all security and technology solutions with the security baselines across all environments (cloud endpoints network)

Audits & Compliance Reviews

• Within 90 days the Infrastructure Security Engineer should have adequate understanding of our existing infrastructure security systems and technical controls (how they work effectiveness & gaps if any) to be able to provide insights during audits & compliance reviews.
• Within 180 days the Infrastructure Security Engineer should be able to assume roles within our Information Systems Management framework.
• Within 180 days the Infrastructure Security Engineer should be able to work with Governance Risk & Compliance to close audit findings quickly and effectively.

Access Control Management & Optimization

• Within 30 days the Infrastructure Security Engineer should have an understanding of our Access Control Policies Processes & Technologies.
• Within 30 days the Infrastructure Security Engineer should be able to take ownership of Access provisioning decommissioning & access management optimization.
• Within 90 days the Infrastructure Security Engineer should have conducted a review of the current access management system identified gaps and propose recommendations.

Vulnerability Management

• Within 60 days establish a consistent vulnerability management process across infrastructure and endpoints
• Within 90 days ensure all critical & high vulnerabilities have clearly defined remediation SLAs
• Within 180 days reduce monthly recurring unremediated vulnerabilities by 40%
• Provide clear actionable vulnerability remediation guidance to Engineering and DevOps teams.

Security Monitoring Detection & Response

• Within 30 days review and be conversant with existing SIEM architecture.
• Within 90 days identify and document all areas of improvement in our security event monitoring.
• Within 180 days start implementing all areas of improvement to log aggregation security event analysis and alerting.
• Within 90 days identify new playbooks for automated incident response in the SOAR and document the recommendations
• Within 12 months implement the playbooks for automated incident response recommendations in the SOAR
• Continuously improve detection coverage and incident response automation and orchestration across cloud endpoints and network layers.

Secure Cloud & Network

• Within 30 days review and understand services & configurations across multi-cloud platforms.
• Within 60 days be able to administer security policies & security services across multi-cloud platforms.
• Within 60 days partner with relevant Engineering teams to ensure security is embedded in infrastructure design and configuration from day one.

Security Operations & Automation

• Within 30 days review existing automations test them out and identify areas of for optimization/improvement.
• Within 180 days automate at least 30% of repetitive security operations tasks
• Continuously evaluate and implement new tools that improve detection prevention or efficiency
• Continuously improve security policies and enforcement mechanisms

Cross-Functional Security Enablement

• Work closely with Engineering DevOps and Product teams to embed security into workflows
• Provide hands-on guidance during system design deployments and incident response.
• Promote strong security practices across the company not just enforce them

Biggest Challenges Youll Tackle

The biggest challenges youll have to tackle are:

1. Figuring out how multiple vendor technologies have been stitched together while having to actively carry out security operation tasks in a new environment
2. Balancing operational security tasks with long-term architecture improvements
3. Integrating with the relevant Engineering teams to ensure security is embedded into our engineering processes.
4. Driving security adoption across teams that just want to ship
5. Securing a fast-growing crypto infrastructure without slowing down product delivery
6. Reducing alert fatigue while improving real threat detection
7. Keeping up with evolving threats in the cloud blockchain and global security landscape.

What Were Looking For

Must-haves:

• Youve secured cloud-native environments in a real-world high-scale setup
• You can go from theres a problem to heres the fix to its deployed without hand-holding
• Strong hands-on experience with SIEM EDR firewalls WAFs vulnerability management tools Networking concepts (routing NAT segmentation access control) Cloud security (IAM logging monitoring secure configs)
• You can break down complex systems into their simple parts and understand how they are built how they break and what it takes to fix them.
• Youre proactive and detail-oriented
• You can collaborate with engineers and influence decisions without being the security police
• You enjoy Cybersecurity and have a passion for learning about new Technologies.
• You are committed to continuous development and search out the latest vulnerabilities attack vectors and security solutions.

Nice-to-Haves:

• Experience with implementing security solutions & driving secure processes in fintech blockchain or financial systems
• Experience writing scripts & automating workflows with technologies like PythonAnsible & Terraform.
• Experience with implementing DevSecOps processes and technologies including access control key management policy gates e.t.c.
• Understanding of blockchain security concepts
• Understanding of AI its risksAI security and AI security solutions
• Certifications like CCSP CEH CCNP PCNSE Security AWS

Reporting Line

Youll report directly to the Chief Information Security Officer (CISO) and work closely with other units in the Information Security team including GRC Application Security IT.

Youll also be close buddies with the Engineering team especially the Engineering Platform & Devops teams as we partner with them to ensure secure Engineering processes and implementations are in place.

Why Quidax

At Quidax were building the future of finance in Africa through crypto. Youll have the freedom to innovate the space to lead and the backing to build something that truly scales. If youre ready to build an engineering org that delivers excellence at scale lets talk.

Whats In It For YouWhen you join Quidax youre not just taking a job youre jumping into a community thats bold remote-first and building for the future. Heres what you get:

Fair Pay Ownership

Competitive sala...