Principal Security Engineer
Wasoko Zanzibar Urban/West, Tanzania
About the job
Wasoko (“people of the market” in Swahili) is transforming communities across Africa by revolutionizing access to essential goods and services. We are East Africa’s biggest digitized retail distribution platform powered by our own in-house logistics network. Tens of thousands of informal retailers across seven countries (Kenya, Tanzania, Rwanda, Uganda, Ivory Coast, Senegal and Zambia) use Wasoko to order everyday essential goods and receive working capital financing.
The informal retailers of Africa today are the primary if not the only channel used by consumers to purchase essential goods worth over $600 billion per year. The fragmented infrastructure across large land mass, distributed but diverse population and rather a smaller basket size spend does not yet lend themselves to big basket retail or mass consumer eCommerce. Instead, the informal retail ecosystem is THE channel for building the plumbing for digital and consumer commerce across Africa.
This is Wasoko’s opportunity. Wasoko with its brand, scale and logistics network is best positioned to build the technology-leveraged rails to serve the 1+ billion African consumers through informal retailers. We are building a digital-first operating system for informal retailers, initially focusing on B2B distribution but quickly incorporating other tools and services to help communities across Africa get more for less.
Role: Principal Security Engineer / Head of IT and Security
Location: Zanzibar or Nairobi, Kenya or Bangalore, India
Wasoko is looking for a highly motivated individual with deep information security experience in distributed services, and cloud environments. You will be founding a security engineer that would work to protect sensitive company information, handle potential data breaches, and implement strong security and data governance controls. You will pioneer a company-wide cultural awareness and understanding of security best practices, collaborating to define processes and standards and helping other teams execute security-focused projects.
This role has the potential to lead our entire IT team over time as a qualified leader. We view IT as a function of a secure, monitored, automated self-operating system with a low-cost footprint. The aspiring engineer will set up Wasoko as one of the leading commerce businesses with a strong security posture within Africa.
What you will do in this role:
Audit GCP-hosted distributed services and customer data to identify vulnerabilities and gaps
Evaluate the security posture of our corporate IT systems, networks and data
Architect Wasoko cyber security guiding principles and best practices
Engineer and build automation, tools that scale to then continuously protect our systems
Set up governance standards, and best practices working with developers and SREs
Own and drive response to any security incidents at tier 1
Set up security standards and a roadmap for payment-related services
Become a voice of security, develop a mechanism to establish a culture of security across Wasoko
Partner with a product to instill customer first approach in everything security
Hands-on operating at excellence experience as a head security engineer for a high-traffic production system
Deep knowledge of cloud security architecture and toolset (GCP preferred)
Expert with developer security standards and ways to address them (OWASP top 10 e.g.)
Experience with compliance standards (e.g., PCI DSS)
CISSP or other security certification
Applied knowledge of security testing a plus SAST, DAST, and SCA
Expert in python, ruby to golang
Excellent communication, collaboration and influencing skills ` clarity of thought, articulation, data drives and
Nice to have:
Payment and mobile security experience in scaling e-commerce environment
Experience building security functions from the ground up in a startup that scale