Lead Security Engineer

Carry1st is Africa’s leading publisher of mobile games and digital content. Operating at the intersection of games, publishing, and fintech, we scale awesome content in frontier markets by solving hard problems.  Across our publishing and Pay1st business lines, we are partnered with top global game companies like Riot Games, Activision, and Stillfront.  We are backed by top investors like: a16z, Bitkraft, Google, Konvoy, Riot Games, Sony and Nas.   

As Lead Security Engineer you’ll be responsible for analyzing software designs and implementations from a security perspective, and identify and resolve security issues. You will include the appropriate security analysis, defenses and countermeasures at each phase of the software development lifecycle, to result in robust and reliable software. You will also be responsible for Cyber Security countermeasures, infrastructure security posture and will own incident responses and security policies across the business. 

You will...

• Develop security standards, procedures, strategy plans, and roadmaps based on sound enterprise architecture practices
• Write detailed problem reports, test plan documents and mitigation recommendations as needed
• Design and develop security testing scenarios, advise team members on secure coding practices,  and complete security reviews of new features, products, services, and vendors
• Perform on-going security testing and code reviews to improve software security
• Develop tools to aid penetration test automation and effectiveness and create threat models that result in more secure application design
• Provide timely reporting of security related systems and events to various levels of management on a regular basis

What makes you a great candidate?

• Minimum 5 years’ experience in the field of application security
• Excellent leadership, mentorship and coaching skills, with proven success as a Technical Team Leader 
• Proven experience with AWS security best practices, including IAM, S3, RDS and KMS.
• Strong understanding of Kubernetes security concepts and best practices.
• Knowledge of a variety of programming languages (Java/J2EE, Javascript) and strong capacity for debugging application and security issues
• Experience in applying cyber security best practices in highly scalable applications
• Self-motivation, problem solving, and ability to work in a distributed team environment

Our Stack

• Backend code written primarily in Java, and one application in PHP
• Hosting in AWS with use of KOPS, ECR, EC2, RDS, S3, ELB, ElastiCache, ElasticSearch, Route53 – managed with Terraform IaC
• DevOps/CI implemented using Jira, Jenkins, Kubernetes, Docker, Bitbucket, Prometheus, and Grafana
• Caching is implemented primarily via Redis 
• Queuing is implemented via RabbitMQ