DevSecOps Engineer

Company Description

MESINKIRA is a comprehensive retailing platform designed for SMEs and micro-businesses. This app includes all essential retail functionalities such as stock management, point-of-sales, and secure multi-mode payment options including cash, cards, and online banking. It also offers simplified bookkeeping and extensive accounting functionalities through an online portal, along with basic analytics and reporting tools to help businesses plan and control their operations more effectively.

Job Description

We are looking for a DevSecOps Engineer to take full ownership of our advanced AWS infrastructure, built on AWS Landing Zone architecture. This is a mission-critical roleresponsible for ensuring security, compliance, and operational readiness from day one, while laying the foundation for long-term scalability.

Our platform is used by regulated financial institutions, so maintaining a secure and compliant cloud environment is non-negotiable. You will lead the hardening and governance of our multi-account AWS setup, working closely with leadership to ensure the environment remains robust, scalable, and aligned with frameworks like BNM RMiT, ISO 27001, and CIS benchmarks.

Responsibilities:

Operate and govern a multi-account AWS environment built on AWS Landing Zone / Control Tower.

Enforce security guardrails, SCPs, IAM boundaries, and centralized compliance monitoring.

Define and manage Infrastructure as Code (IaC) using CloudFormation, Terraform, or CDK.

Implement centralized logging, monitoring (CloudWatch, CloudTrail), threat detection (GuardDuty), and compliance services (Security Hub, AWS Config).

Ensure infrastructure is continuously compliant with banking regulations and internal security policies.

Lead technical aspects of security audits, compliance reviews, and bank onboarding exercises.

Oversee backup, DR, and high availability configurations in accordance with business continuity requirements.

Automate secure CI/CD pipelines and ensure shift-left security practices in the SDLC.

Manage encryption, key management (KMS), and secret governance across accounts.

Take full ownership of incident response processes, security events, and audit readiness.

Provide documentation and guidance to support future team scaling and handovers.

Requirements:

Minimum 5 years of experience in DevSecOps, Cloud Security, or Infrastructure Engineering roles.

Must have hands-on experience operating AWS Landing Zone / AWS Control Tower environments.

Deep expertise in AWS security and compliance tooling (IAM, Config, GuardDuty, Security Hub, Macie, CloudTrail, etc.).

Proficiency with Infrastructure as Code (CloudFormation, Terraform, or AWS CDK).

Experience driving or supporting regulatory audits, technical assessments, or compliance certifications.

Familiarity with regulated environments (e.g., BNM RMiT, ISO 27001, PCI-DSS).

Solid understanding of CI/CD pipelines, automated security testing, and secure software supply chain.

At least one AWS certification is required preferably:

AWS Certified Security Specialty, or

AWS Certified DevOps Engineer Professional, or

AWS Certified Solutions Architect Associate/Professional

Preferred Qualifications:

Experience in fintech, SaaS, or other regulated cloud-native environments.

Knowledge of container and serverless security (ECS, EKS, Lambda).

Exposure to FinOps principles and cost governance in AWS.

Why Join Us:

Transparent & flat organizational structure

Highly driven leadership & fast-moving environment

Work with cutting-edge technology

Exploration & experimentation of innovative ideas encouraged

High level of autonomy & self-accountability

Interested candidates are invited to submit their updated CV and cover letter to [Confidential Information], [HIDDEN TEXT]