Infrastructure Security Engineer

Quidax is an African focused cryptocurrency exchange. We enable customers to buy/sell Bitcoin and other cryptocurrencies (Ethereum, USDT and Litecoin) with Naira.

Our vision, which is at the core of what we do every day at Quidax, is to build a world where sending money and value around the globe is as easy as sending a text message. We value positive energy, and clear communication and are committed to building an inclusive environment for people from every background.

About the Role

• If you’re the kind of person who is very meticulous, process oriented, logical and has a passion for cybersecurity technologies — you’ll fit right in.
• This role sits at the heart of our security infrastructure, protecting our cloud, networks, endpoints, databases, code repositories, data stores and critical systems. You’ll be designing, re-designing, fixing and continuously improving how we secure Quidax at scale.
• We’re looking for an Infrastructure Security Engineer who can build and maintain a strong security posture in a fast-moving, high-stakes financial environment, without slowing the business down.

What You’ll Be Owning
Security Solutions Configuration, Review & Optimization:

• Within 90 days, the Infrastructure Security Engineer should be able to carry out reviews & optimizations on various security solutions in compliance with the established policies.
• Within 180 days, the Infrastructure Security Engineer should review current security baselines & ensure alignment of all security and technology solutions with the security baselines across all environments (cloud, endpoints, network)
• Within 30 days, the Infrastructure Security Engineer should be able to carry out configuration of various security solutions including network firewalls, Endpoint Detection & Response Solutions, Web Application Firewalls, Cloud Native Application Protection Platforms, Security Incident and Event Management, Security Orchestration Automation and Response Solutions, Identity Provider Solutions and Threat Management Solutions among others.

Audits & Compliance Reviews:

• Within 90 days, the Infrastructure Security Engineer should have adequate understanding of our existing infrastructure security systems and technical controls (how they work, effectiveness & gaps if any) to be able to provide insights during audits & compliance reviews.
• Within 180 days, the Infrastructure Security Engineer should be able to work with Governance Risk & Compliance to close audit findings quickly and effectively.
• Within 180 days, the Infrastructure Security Engineer should be able to assume roles within our Information Systems Management framework.

Access Control Management & Optimization:

• Within 90 days, the Infrastructure Security Engineer should have conducted a review of the current access management system, identified gaps and propose recommendations.
• Within 30 days, the Infrastructure Security Engineer should be able to take ownership of Access provisioning, decommissioning & access management optimization.
• Within 30 days, the Infrastructure Security Engineer should have an understanding of our Access Control Policies, Processes & Technologies.

Vulnerability Management:

• Within 90 days, ensure all critical & high vulnerabilities have clearly defined remediation SLAs
• Provide clear, actionable vulnerability remediation guidance to Engineering and DevOps teams.
• Within 60 days, establish a consistent vulnerability management process across infrastructure and endpoints
• Within 180 days, reduce monthly recurring unremediated vulnerabilities by 40%

Security Monitoring, Detection & Response:

• Within 12 months, implement the playbooks for automated incident response recommendations in the SOAR
• Continuously improve detection coverage and incident response automation and orchestration across cloud, endpoints, and network layers.
• Within 180 days, start implementing all areas of improvement to log aggregation, security event analysis and alerting.
• Within 90 days, identify new playbooks for automated incident response in the SOAR and document the recommendations
• Within 30 days, review and be conversant with existing SIEM architecture.
• Within 90 days, identify and document all areas of improvement in our security event monitoring.

Secure Cloud & Network:

• Within 60 days, be able to administer security policies & security services across multi-cloud platforms.
• Within 30 days, review and understand services & configurations across multi-cloud platforms.
• Within 60 days, partner with relevant Engineering teams to ensure security is embedded in infrastructure design and configuration from day one.

Security Operations & Automation:

• Within 180 days, automate at least 30% of repetitive security operations tasks
• Within 30 days, review existing automations, test them out and identify areas of for optimization/improvement.
• Continuously evaluate and implement new tools that improve detection, prevention, or efficiency
• Continuously improve security policies and enforcement mechanisms

Cross-Functional Security Enablement:

• Provide hands-on guidance during system design, deployments, and incident response.
• Promote strong security practices across the company — not just enforce them
• Work closely with Engineering, DevOps, and Product teams to embed security into workflows

Biggest Challenges You’ll Tackle:
The biggest challenges you’ll have to tackle are:

• Securing a fast-growing crypto infrastructure without slowing down product delivery
• Figuring out how multiple vendor technologies have been stitched together while having to actively carry out security operation tasks in a new environment
• Balancing operational security tasks with long-term architecture improvements
• Reducing alert fatigue while improving real threat detection
• Integrating with the relevant Engineering teams to ensure security is embedded into our engineering processes.
• Driving security adoption across teams that just want to ship
• Keeping up with evolving threats in the cloud, blockchain and global security landscape.

What We’re Looking For
Must-haves:

• You can collaborate with engineers and influence decisions without being the “security police”
• Strong hands-on experience with SIEM, EDR, firewalls, WAFs, vulnerability management tools, Networking concepts (routing, NAT, segmentation, access control), Cloud security (IAM, logging, monitoring, secure configs)
• You’re proactive and detail-oriented
• You can break down complex systems into their simple parts and understand how they are built, how they break and what it takes to fix them.
• You are committed to continuous development and search out the latest vulnerabilities, attack vectors and security solutions.
• You’ve secured cloud-native environments in a real-world, high-scale setup
• You enjoy Cybersecurity and have a passion for learning about new Technologies.
• You can go from “there’s a problem” to “here’s the fix” to “it’s deployed” without hand-holding

Nice-to-Haves:

• Experience writing scripts & automating workflows with technologies like Python,Ansible & Terraform.
• Certifications like CCSP, CEH, CCNP, PCNSE, Security+, AWS.
• Experience with implementing DevSecOps processes and technologies including access control, key management, policy gates e.t.c.
• Understanding of AI, it’s risks,AI security and AI security solutions
• Experience with implementing security solutions & driving secure processes in fintech, blockchain, or financial systems
• Understanding of blockchain security concepts