Infrastructure Security Engineer at Quidax

Quidax is an African focused cryptocurrency exchange. We enable customers to buy/sell Bitcoin and other cryptocurrencies (Ethereum, USDT and Litecoin) with Naira.

Our vision, which is at the core of what we do every day at Quidax, is to build a world where sending money and value around the globe is as easy as sending a text message. We value positive energy, and clear communication and are committed to building an inclusive environment for people from every background.

We are recruiting to fill the position below:

Job Title: Infrastructure Security Engineer

Location: Lagos

About the Role

• We’re looking for an Infrastructure Security Engineer who can build and maintain a strong security posture in a fast-moving, high-stakes financial environment, without slowing the business down.
• This role sits at the heart of our security infrastructure, protecting our cloud, networks, endpoints, databases, code repositories, data stores and critical systems. You’ll be designing, re-designing, fixing and continuously improving how we secure Quidax at scale.
• If you’re the kind of person who is very meticulous, process oriented, logical and has a passion for cybersecurity technologies — you’ll fit right in.

What You’ll Be Owning
Security Solutions Configuration, Review & Optimization:

• Within 30 days, the Infrastructure Security Engineer should be able to carry out configuration of various security solutions including network firewalls, Endpoint Detection & Response Solutions, Web Application Firewalls, Cloud Native Application Protection Platforms, Security Incident and Event Management, Security Orchestration Automation and Response Solutions, Identity Provider Solutions and Threat Management Solutions among others.
• Within 90 days, the Infrastructure Security Engineer should be able to carry out reviews & optimizations on various security solutions in compliance with the established policies.
• Within 180 days, the Infrastructure Security Engineer should review current security baselines & ensure alignment of all security and technology solutions with the security baselines across all environments (cloud, endpoints, network)

Audits & Compliance Reviews:

• Within 90 days, the Infrastructure Security Engineer should have adequate understanding of our existing infrastructure security systems and technical controls (how they work, effectiveness & gaps if any) to be able to provide insights during audits & compliance reviews.
• Within 180 days, the Infrastructure Security Engineer should be able to assume roles within our Information Systems Management framework.
• Within 180 days, the Infrastructure Security Engineer should be able to work with Governance Risk & Compliance to close audit findings quickly and effectively.

Access Control Management & Optimization:

• Within 30 days, the Infrastructure Security Engineer should have an understanding of our Access Control Policies, Processes & Technologies.
• Within 30 days, the Infrastructure Security Engineer should be able to take ownership of Access provisioning, decommissioning & access management optimization.
• Within 90 days, the Infrastructure Security Engineer should have conducted a review of the current access management system, identified gaps and propose recommendations.

Vulnerability Management:

• Within 60 days, establish a consistent vulnerability management process across infrastructure and endpoints
• Within 90 days, ensure all critical & high vulnerabilities have clearly defined remediation SLAs
• Within 180 days, reduce monthly recurring unremediated vulnerabilities by 40%
• Provide clear, actionable vulnerability remediation guidance to Engineering and DevOps teams.

Security Monitoring, Detection & Response:

• Within 30 days, review and be conversant with existing SIEM architecture.
• Within 90 days, identify and document all areas of improvement in our security event monitoring.
• Within 180 days, start implementing all areas of improvement to log aggregation, security event analysis and alerting.
• Within 90 days, identify new playbooks for automated incident response in the SOAR and document the recommendations
• Within 12 months, implement the playbooks for automated incident response recommendations in the SOAR
• Continuously improve detection coverage and incident response automation and orchestration across cloud, endpoints, and network layers.

Secure Cloud & Network:

• Within 30 days, review and understand services & configurations across multi-cloud platforms.
• Within 60 days, be able to administer security policies & security services across multi-cloud platforms.
• Within 60 days, partner with relevant Engineering teams to ensure security is embedded in infrastructure design and configuration from day one.

Security Operations & Automation:

• Within 30 days, review existing automations, test them out and identify areas of for optimization/improvement.
• Within 180 days, automate at least 30% of repetitive security operations tasks
• Continuously evaluate and implement new tools that improve detection, prevention, or efficiency
• Continuously improve security policies and enforcement mechanisms

Cross-Functional Security Enablement:

• Work closely with Engineering, DevOps, and Product teams to embed security into workflows
• Provide hands-on guidance during system design, deployments, and incident response.
• Promote strong security practices across the company — not just enforce them

Biggest Challenges You’ll Tackle:
The biggest challenges you’ll have to tackle are:

• Figuring out how multiple vendor technologies have been stitched together while having to actively carry out security operation tasks in a new environment
• Balancing operational security tasks with long-term architecture improvements
• Integrating with the relevant Engineering teams to ensure security is embedded into our engineering processes.
• Driving security adoption across teams that just want to ship
• Securing a fast-growing crypto infrastructure without slowing down product delivery
• Reducing alert fatigue while improving real threat detection
• Keeping up with evolving threats in the cloud, blockchain and global security landscape.

What We’re Looking For
Must-haves:

• You’ve secured cloud-native environments in a real-world, high-scale setup
• You can go from “there’s a problem” to “here’s the fix” to “it’s deployed” without hand-holding
• Strong hands-on experience with SIEM, EDR, firewalls, WAFs, vulnerability management tools, Networking concepts (routing, NAT, segmentation, access control), Cloud security (IAM, logging, monitoring, secure configs)
• You can break down complex systems into their simple parts and understand how they are built, how they break and what it takes to fix them.
• You’re proactive and detail-oriented
• You can collaborate with engineers and influence decisions without being the “security police”
• You enjoy Cybersecurity and have a passion for learning about new Technologies.
• You are committed to continuous development and search out the latest vulnerabilities, attack vectors and security solutions.

Nice-to-Haves:

• Experience with implementing security solutions & driving secure processes in fintech, blockchain, or financial systems
• Experience writing scripts & automating workflows with technologies like Python,Ansible & Terraform.
• Experience with implementing DevSecOps processes and technologies including access control, key management, policy gates e.t.c.
• Understanding of blockchain security concepts
• Understanding of AI, it’s risks,AI security and AI security solutions
• Certifications like CCSP, CEH, CCNP, PCNSE, Security+, AWS.

Application Closing Date
Not Specified.

How to Apply
Interested and qualified candidates should:
Click here to apply online