Process large volumes of crypto, build crypto products with our API & get your token listed on Africa's leading exchange
Infrastructure Security Engineer
Location
Nigeria
Posted
65 days ago
Salary
0
Seniority
Senior
Job Description
Infrastructure Security Engineer
Quidax
• Security Solutions Configuration, Review & Optimization • Within 30 days, the Infrastructure Security Engineer should be able to carry out configuration of various security solutions including network firewalls, Endpoint Detection & Response Solutions, Web Application Firewalls, Cloud Native Application Protection Platforms, Security Incident and Event Management, Security Orchestration Automation and Response Solutions, Identity Provider Solutions and Threat Management Solutions among others • Within 90 days, the Infrastructure Security Engineer should be able to carry out reviews & optimizations on various security solutions in compliance with the established policies • Within 180 days, the Infrastructure Security Engineer should review current security baselines & ensure alignment of all security and technology solutions with the security baselines across all environments (cloud, endpoints, network) • Audits & Compliance Reviews • Within 90 days, the Infrastructure Security Engineer should have adequate understanding of our existing infrastructure security systems and technical controls (how they work, effectiveness & gaps if any) to be able to provide insights during audits & compliance reviews • Within 180 days, the Infrastructure Security Engineer should be able to assume roles within our Information Systems Management framework • Within 180 days, the Infrastructure Security Engineer should be able to work with Governance Risk & Compliance to close audit findings quickly and effectively • Access Control Management & Optimization • Within 30 days, the Infrastructure Security Engineer should have an understanding of our Access Control Policies, Processes & Technologies • Within 30 days, the Infrastructure Security Engineer should be able to take ownership of Access provisioning, decommissioning & access management optimization • Within 90 days, the Infrastructure Security Engineer should have conducted a review of the current access management system, identified gaps and propose recommendations • Vulnerability Management • Within 60 days, establish a consistent vulnerability management process across infrastructure and endpoints • Within 90 days, ensure all critical & high vulnerabilities have clearly defined remediation SLAs • Within 180 days, reduce monthly recurring unremediated vulnerabilities by 40% • Provide clear, actionable vulnerability remediation guidance to Engineering and DevOps teams. • Security Monitoring, Detection & Response • Within 30 days, review and be conversant with existing SIEM architecture • Within 90 days, identify and document all areas of improvement in our security event monitoring • Within 180 days, start implementing all areas of improvement to log aggregation, security event analysis and alerting • Within 90 days, identify new playbooks for automated incident response in the SOAR and document the recommendations • Within 12 months, implement the playbooks for automated incident response recommendations in the SOAR • Continuously improve detection coverage and incident response automation and orchestration across cloud, endpoints, and network layers • Secure Cloud & Network • Within 30 days, review and understand services & configurations across multi-cloud platforms • Within 60 days, be able to administer security policies & security services across multi-cloud platforms • Within 60 days, partner with relevant Engineering teams to ensure security is embedded in infrastructure design and configuration from day one • Security Operations & Automation • Within 30 days, review existing automations, test them out and identify areas of for optimization/improvement • Within 180 days, automate at least 30% of repetitive security operations tasks • Continuously evaluate and implement new tools that improve detection, prevention, or efficiency • Continuously improve security policies and enforcement mechanisms • Cross-Functional Security Enablement • Work closely with Engineering, DevOps, and Product teams to embed security into workflows • Provide hands-on guidance during system design, deployments, and incident response • Promote strong security practices across the company — not just enforce them
Job Requirements
- You’ve secured cloud-native environments in a real-world, high-scale setup
- You can go from “there’s a problem” to “here’s the fix” to “it’s deployed” without hand-holding
- Strong hands-on experience with SIEM, EDR, firewalls, WAFs, vulnerability management tools, Networking concepts (routing, NAT, segmentation, access control), Cloud security (IAM, logging, monitoring, secure configs)
- You can break down complex systems into their simple parts and understand how they are built, how they break and what it takes to fix them.
- You’re proactive and detail-oriented
- You can collaborate with engineers and influence decisions without being the “security police”
- You enjoy Cybersecurity and have a passion for learning about new Technologies.
- You are committed to continuous development and search out the latest vulnerabilities, attack vectors and security solutions.
- Nice-to-Haves:
- Experience with implementing security solutions & driving secure processes in fintech, blockchain, or financial systems
- Experience writing scripts & automating workflows with technologies like Python, Ansible & Terraform.
- Experience with implementing DevSecOps processes and technologies including access control, key management, policy gates e.t.c.
- Understanding of blockchain security concepts
- Understanding of AI, it’s risks, AI security and AI security solutions
- Certifications like CCSP, CEH, CCNP, PCNSE, Security+, AWS
Benefits
- Fair Pay + Ownership
- Competitive salary based on your skills and experience; annual merit-based reviews to keep your growth visible and rewarded
- Growth That’s Real
- Annual performance reviews + clear promotion cycles; recognition for great work, from shoutouts to milestone rewards
- Personal development fund (courses, books, conferences); study leave so you can keep learning
- Work That Works For You
- Fully remote forever + flexible working hours
- Time Off That Respects Life
- Unlimited paid time off + Nigerian national holidays
- Parental, sick, compassionate, and life event leave; we show up for you
- Connection That Feels Real
- Quarterly remote team hangouts + annual offsite; interest-based communities (SIGs)
- Regular engagement surveys; your voice matters
- Health & life coverage in select locations
Related Guides
Related Categories
Related Job Pages
More Security Engineer Jobs
• Planificar y ejecutar pruebas de penetración en aplicaciones web, móviles (iOS/Android), API, infraestructura en la nube y redes internas, siguiendo PTES, OWASP WSTG, OWASP MASTG, OWASP API Security Top 10, OWASP ASVS y NIST. • Mantener listas de verificación versionadas, reproducibles y auditables por tipo de objetivo, cubriendo IAM, autorización basada en roles, idempotencia, limitación de tasa, manejo de errores y exposición de información. • Realizar revisiones de código de seguridad de aplicaciones en bases de código backend: validación de entrada, errores de autorización (BOLA/IDOR), errores lógicos financieros (precisión decimal, redondeo, conversiones), concurrencia, idempotencia, firmas de webhook y manejo de secretos. • Operar y ajustar la cadena de herramientas de AppSec integrada en el SDLC: SAST, DAST, SCA, escaneo de secretos y escaneo de IaC. • Diseñar y mantener un programa de modelado de amenazas (STRIDE / PASTA / LINDDUN) para características críticas del producto. • Auditar implementaciones de OAuth 2.0 / OIDC / JWT para confusión de algoritmo, ataques de repetición, rotación de tokens de actualización, PKCE y validación de reclamos (iss/aud/exp). • Realizar pruebas de seguridad de API profundas: BOLA/BFLA, asignación masiva, limitación de tasa, idempotencia, condiciones de carrera y webhooks firmados. • Asegurar integraciones de socios: CSP, frame-ancestors, postMessage, CORS, SameSite y sandboxing. • Buscar vulnerabilidades de lógica empresarial con impacto económico directo: doble gasto, repetición de transacción, condiciones de carrera, montos negativos, desbordamiento/subdesbordamiento, bypass de límite, manipulación de redondeos y reutilización de claves idempotentes. • Construir flujos de trabajo asistidos por IA para recon, triage, generación de PoC, revisión de código y fuzzing dirigido. • Aplicar OWASP Top 10 para LLM y MITRE ATLAS al evaluar características del producto con IA generativa. • Escribir informes ejecutivos y técnicos con gravedad CVSS v4, impacto comercial, PoCs reproducibles y remediaciones accionables. • Rastrear hallazgos hasta su cierre con SLA por gravedad. • Generar evidencia auditables para ISO 27001, BCRA y procesos de diligencia debida de socios. • Presentar hallazgos a los equipos de ingeniería, CTO, CISO y el comité de riesgos. • Incrustarse con escuadras como socio de seguridad: revisiones de diseño, revisiones en pareja y mentoría sobre codificación segura. • Diseñar ejercicios de equipo morado con SecOps, realizar CTF internos y bashes de errores, y mantener un programa de recompensas por errores.
• Operar y ajustar F5 WAAP (WAF XC) incluyendo defensa contra bots, mitigación de DDoS L7 y políticas declarativas • Gestionar CrowdStrike Falcon XDR, escribir IOAs personalizados e integrarlo con flujos de SOAR • Administrar la suite de Microsoft Defender y Defender for Cloud • Diseñar y hacer cumplir políticas de Microsoft Intune + Acceso Condicional sobre Entra ID • Construir casos de uso, reglas analíticas y libros de jugadas en CrowdStrike (SIEM/SOAR) • Liderar investigaciones técnicas de incidentes mayores (P1/P2) y realizar ejercicios de cacería de amenazas y equipo púrpura • Fortalecer entornos de Azure, implementar controles de seguridad para el uso corporativo de LLM/GenAI
Security Advisor II, Falcon Complete (Remote)
CrowdStrikeCrowdStrike is an award-winning, global provider of cloud-delivered security technology, threat intelligence, and next-generation endpoint protection. Founded i
As a global leader in cybersecurity, CrowdStrike protects the people, processes and technologies that drive modern organizations. Since 2011, our mission hasn’t changed — we’re here to stop breaches, and we’ve redefined modern security with the world’s most advanced AI-native platform. Our customers span all industries, and they count on CrowdStrike to keep their businesses running, their communities safe and their lives moving forward. We’re also a mission-driven company. We cultivate a culture that gives every CrowdStriker both the flexibility and autonomy to own their careers. We’re always looking to add talented CrowdStrikers to the team who have limitless passion, a relentless focus on innovation and a fanatical commitment to our customers, our community and each other. Ready to join a mission that matters? The future of cybersecurity starts with you. About the Role: The Falcon Complete Security Advisor works within a team of advisors focused on overall health and security posture of all Falcon Complete customers. The ideal candidate will demonstrate a combination of technical, security, and customer management skills aimed at guiding customers towards a successful and secure experience with Falcon Complete. Under the direction of leadership, this role will execute daily tasks to ensure Falcon Complete can achieve its mission to stop breaches. What You'll Do: - Assess customer’s Falcon environment and ensure alignment with Falcon Complete standards. - Provide Falcon Complete customers with recommendations that align to improved security. - Create and recommend remediation for components of CrowdStrike products that may lead to improved security posture. - Contact customers directly upon identification of misalignment with Falcon Complete standards. - Document, update, and resolve all customer related issues in accordance with established procedures and SLAs. - Develop and provide customers with service reports and stats as requested. - Partner with internal teams to ensure customer satisfaction. - Liaise with support team to help troubleshoot and coordinate efforts to resolve technical issues. What You'll Need: - 3+ years in Cybersecurity focused role. - Customer empathy and ability to guide customers towards desired outcome. - Excellent customer-facing communication skills including verbal and written. - Partner with CrowdStrike teams to troubleshoot and resolve customer issues. - Adept in Windows, Linux, and MAC operating systems. - Experience or demonstrated knowledge of threat detection and incident response. - Bachelor's degree in Technology and/or Cybersecurity or relevant experience. - Cybersecurity certifications from reputable organizations such as SANS, ISC2 or equivalent. - US Citizenship or Green Card Holder Bonus Points: - Incident Management and CSIRT operation - Change Management - Malicious Code: Detection and Response - Audit, Logging, and Monitoring Controls (SIEM, UEBA, MDR/XDR). - Intrusion Detection and Response - Experience working with complex, sophisticated clients - Strong analytical capabilities and a desire to learn new things - Able to work across multiple teams to resolve customer issues and requests - Demonstrated experience as a security advisor or consultant - Knowledge of the following frameworks: ISO 27001/2, NIST Cyber Security Framework, CIS Critical Security, PCI DSS, Cloud Controls Matrix and MITRE Att&ck a plus. #LI-RC2 #LI-Remote This role may require the candidate to periodically undergo and pass alcohol and/or drug test(s) during the course of employment.Benefits of Working at CrowdStrike: - Market leader in compensation and equity awards - Comprehensive physical and mental wellness programs - Competitive vacation and holidays for recharge - Paid parental and adoption leaves - Professional development opportunities for all employees regardless of level or role - Employee Networks, geographic neighborhood groups, and volunteer opportunities to build connections - Vibrant office culture with world class amenities - Great Place to Work Certified™ across the globe CrowdStrike is proud to be an equal opportunity employer. We are committed to fostering a culture of belonging where everyone is valued for who they are and empowered to succeed. We support veterans and individuals with disabilities through our affirmative action program. CrowdStrike is committed to providing equal employment opportunity for all employees and applicants for employment. The Company does not discriminate in employment opportunities or practices on the basis of race, color, creed, ethnicity, religion, sex (including pregnancy or pregnancy-related medical conditions), sexual orientation, gender identity, marital or family status, veteran status, age, national origin, ancestry, physical disability (including HIV and AIDS), mental disability, medical condition, genetic information, membership or activity in a local human rights commission, status with regard to public assistance, or any other characteristic protected by law. We base all employment decisions--including recruitment, selection, training, compensation, benefits, discipline, promotions, transfers, lay-offs, return from lay-off, terminations and social/recreational programs--on valid job requirements. If you need assistance accessing or reviewing the information on this website or need help submitting an application for employment or requesting an accommodation, please contact us at recruiting@crowdstrike.com for further assistance. Find out more about your rights as an applicant. CrowdStrike participates in the E-Verify program. Notice of E-Verify Participation Right to Work CrowdStrike, Inc. is committed to fair and equitable compensation practices. Placement within the pay range is dependent on a variety of factors including, but not limited to, relevant work experience, skills, certifications, job level, supervisory status, and location. The base salary range for this position for all U.S. candidates is $100,000 - $155,000 per year, with eligibility for bonuses, equity grants and a comprehensive benefits package that includes health insurance, 401k and paid time off.For detailed information about the U.S. benefits package, please click here. Expected Close Date of Job Posting is:07-11-2026
Intermediate Information Security Officer
R&C Request GmbHR&C Request GmbH Matching people since the last decade. Now with a new vision for 2025.
Role Description Du begleitest ein wachsendes Fintech dabei, bankenfähig zu werden und regulatorische Standards zu setzen. - DORA-Umsetzung: Du implementierst die DORA-Anforderungen (Digital Operational Resilience Act) und steuerst deren Einhaltung im Unternehmen. - Architektur-Governance: Du prüfst unsere IT-Infrastruktur auf Konformität und stellst eine effiziente, angemessene Umsetzung von Sicherheitsmaßnahmen sicher. - Fachliche Vertretung: Du vertrittst unsere Sicherheitskonzepte fundiert gegenüber Kunden, Partnerbanken und Aufsichtsbehörden. - Risikomanagement: Du berätst die Geschäftsführung bei strategischen IT-Risiken und agierst als kompetenter Ansprechpartner für alle Sicherheitsfragen. Qualifications - Studium oder Ausbildung im IT-Bereich (z. B. Systemarchitektur) mit Fokus auf Informationssicherheit oder IT-Compliance. - Erste fundierte Erfahrung mit Frameworks wie ISO 27001 oder DORA; Fähigkeit, regulatorische Texte in technische Prozesse zu übersetzen. - Du arbeitest eigenverantwortlich, denkst lösungsorientiert und trittst auch in Verhandlungen mit externen Stakeholdern sicher auf. - Verhandlungssicheres Deutsch und Englisch. Benefits - Einstiegsgehalt bis zu 50-60.000 € Brutto - Geplante Gehaltssteigerung nach 6 Monaten Bewährungsphase - Beteiligung über virtuelle Anteile (VSOP) - Hohe Flexibilität und volle Remote-Option - Nice to have: Krypto Erfahrung



